[Community-sigs] Win.Adware.OutBrowse-D [FIXED]
Willian Cruz
willianalbertocruz at outlook.com.br
Fri Oct 24 05:54:33 EDT 2014
Hi guys,
After some more testing, I discovered that the previous Outbox sig won't work properly. I fixed it so it can now detect this thread more reliability. Both samples I used was obfuscating it's code against analysis. So I made it more accurate. The new sig is:
Win.Adware.OutBrowse-D;Target:1;(0&1&2&3&4);55524C446F776E6C6F6164546F46696C6557;4765744164617074657273496E666F;4765744D6F64756C65496E666F726D6174696F6E;41746C53616665416C6C6F63614D616E61676572;67657444796E616D696350726F6475637446726F6D436F6F6B6965
SHA256: 4e7496e13d437989e135090713ee10c740c290d2cd869dc5a8130efe4ef2cd98
cb4e8fc6d9b9f09a6f30188a4724aa5d92f891dca0cfec5f28192b88a31b5e2e
Sorry for the inconvenience :c
Will.
More information about the Community-sigs
mailing list