[Community-sigs] new sig: Win.Downloader.Upatre

[andreisaygo at live.ie]

Sig:
Win.Downloader.Upatre;Target:1;0|1;60B8??00000033DBB80000000003C46683C3??68??00000059C1C1??668BF0663BF10F87??000000;68447573658A5C0CFF8BD603D1885C10FF83E90185C975ED

Sig0:
60                             pushad
B864000000             mov          eax,000000064
33DB                         xor          ebx,ebx
B800000000             mov          eax,0
03C4                         add          eax,esp
6683C301                 add          bx,1
68FF000000             push         0000000FF
59                             pop          ecx
C1C108                    rol          ecx,8
668BF0                     mov          si,ax
663BF1                     cmp          si,cx
0F8715000000         ja          .00040103D


//check Duser.dll
6844757365             push    'esuD'
8A5C0CFF               mov     bl, [esp+ecx-1]
8BD6                        mov     edx, esi
03D1                        add     edx, ecx
885C10FF                mov     [eax+edx-1], bl
83E901                     sub     ecx, 1
85C9                         test    ecx, ecx
75ED                         jnz     short loc_401261


MD5: bc3d9392e0a96fd2c0b480b6ae43f3af
SHA1: d11396bda23845e4db91b1735fde3b4ea1492bc0
SHA256: d7fcd215f8d3e74be7f9d76c72c67dc2027e0f23c6de1a2ab07b508c6b9a536f

MD5: f130b4c9581f47752a681a26a075dd76
SHA1: 009260394b204bcd3f91fbe625ee3f56c18ac6ef
SHA256: ef0717bce91c868c367b3bbac22a28fe4ec72a230ec96ae646cb76a850ec6358

Regards,
Andrei Saygo