[Community-sigs] Win.Adware.Elex (AV and AM varians) signature
Willian Cruz
willianalbertocruz at outlook.com.br
Fri Oct 24 03:32:48 EDT 2014
Hello guys,
As promised, here are the sigs that I told in my previous email. I decided to send two variants of the same virus just for convenience :)
== AV VARIANT ==
Win.Adware.Elex-AV;Target:1;(0&1&2&3&4);AC8306000000000000000000068B0600BC720500;9C8306000000000000000000508B0600AC720500;048406000000000000000000D68B060014730500;CC8306000000000000000000428C0600DC720500;4900650050006C007500670069006E002000730065007200760069006300650073
SHA256: 1e1625b8b83ef6b2f4759bc32b5b7164e62dd4a5f32e968f36efb518c58e9bcb
== AM VARIANT ==
Win.Adware.Elex-AM;Target:1;(0&1&2);4814060000000000000000007E1906005C120500;3C14060000000000000000007219060050120500;570069006E0064006F00770073004D0061006E00670065007200500072006F0074006500630074
SHA256: 45f6db29f5923a5837cff0d780a7b28784484bca6352d1db00b143c8487eb2d3
Note: this variant played a trick on me obfuscating it's code, but I got it and I was able to build a reliable signature.
Until the next submission ;)
Willian
More information about the Community-sigs
mailing list