[Community-sigs] Win.Adware.NetCrawl signature
Douglas Goddard
dgoddard at sourcefire.com
Thu Oct 30 10:58:01 EDT 2014
This signature failed false positive check.
Alerts on INetCrawler+ and in an thawte.com clean file.
On Thu, Oct 30, 2014 at 9:41 AM, Douglas Goddard <dgoddard at sourcefire.com>
wrote:
> I just want to confirm, does this logic match your intentions:
>
> (0|1|2|3|4|5)&6
>
> Thanks,
> Douglas
>
> On Wed, Oct 29, 2014 at 2:53 AM, Willian Cruz <
> willianalbertocruz at outlook.com.br> wrote:
>
>> Good morning guys,
>>
>>
>> Win.Adware.NetCrawl;Target:0;((0|1)|2|3|4|5)&6;6E6574637261776C2E696E666F;6E006500740063007200610077006C002E0069006E0066006F;6170696E6574637261776C696E666F2D612E616B616D616968642E6E6574;766572697369676E2E636F6D;7468617774652E636F6D;73796D616E7465632E636F6D;4E6574437261776C
>>
>> SHA256 of files used:
>>
>> 2e4dc90f41d5c99fb4cd840ac07f3c5fe458f142a72c7ddb39ec2a30412f6e0f
>> https://malwr.com/analysis/NWY1NmQ4ZGVjMWM0NGI2Yzk1YzBlMzc3OWZkOWI2ZDU/
>> 0cbf36e26ead9a3ef7347f169959a565e5058aa4375a03e30c51eee0999d8543
>> <https://malwr.com/analysis/NWY1NmQ4ZGVjMWM0NGI2Yzk1YzBlMzc3OWZkOWI2ZDU/0cbf36e26ead9a3ef7347f169959a565e5058aa4375a03e30c51eee0999d8543>
>> https://malwr.com/analysis/YThiM2Q2MTdlNTcwNDk1ODk5ZWZmZDBjNGRhM2Y4MjI/
>> e9d10bbfc32b5c7168725555b6e9d1029c4e07a23651836445a784a5ae0e4608
>> <https://malwr.com/analysis/YThiM2Q2MTdlNTcwNDk1ODk5ZWZmZDBjNGRhM2Y4MjI/e9d10bbfc32b5c7168725555b6e9d1029c4e07a23651836445a784a5ae0e4608>
>> https://malwr.com/analysis/NDA4NjllNDhlOTc0NGI1OGI5N2E1ZDZhNTg1ODMxMTA/
>> 1cdf52f5fd0473ad249199d7ea8031d3a58ecf7b790ab86de7af2c62d4566182
>> <https://malwr.com/analysis/NDA4NjllNDhlOTc0NGI1OGI5N2E1ZDZhNTg1ODMxMTA/1cdf52f5fd0473ad249199d7ea8031d3a58ecf7b790ab86de7af2c62d4566182>
>> https://malwr.com/analysis/NTdiNzZjMWRlY2U3NGIxYThhNTgwYjYzYzBhMzJkZGQ/
>> 8f88e33b292fbf9ea7ec35f506bade936026ef910bbf304d4a1815cd78c7f624
>> <https://malwr.com/analysis/NTdiNzZjMWRlY2U3NGIxYThhNTgwYjYzYzBhMzJkZGQ/8f88e33b292fbf9ea7ec35f506bade936026ef910bbf304d4a1815cd78c7f624>
>> https://malwr.com/analysis/ZTZjZGNiOTZiOGY3NDU1NGFkODk4NWViMTc2NTdlNWY/
>>
>> Cheers,
>>
>> Willian
>>
>>
>> _______________________________________________
>> Community-sigs mailing list
>> Community-sigs at lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>>
>> http://www.clamav.net/contact.html#ml
>>
>
>
More information about the Community-sigs
mailing list