[Community-sigs] Win.Adware.NetCrawl signature
Willian Cruz
willianalbertocruz at outlook.com.br
Thu Oct 30 12:27:31 EDT 2014
Yes, 0 and 1 are similar but somehow 0 sometimes doesn't match to the code and 1 matches, so I put both just in case.
> Date: Thu, 30 Oct 2014 10:58:01 -0400
> From: dgoddard at sourcefire.com
> To: community-sigs at lists.clamav.net
> Subject: Re: [Community-sigs] Win.Adware.NetCrawl signature
>
> This signature failed false positive check.
>
> Alerts on INetCrawler+ and in an thawte.com clean file.
>
> On Thu, Oct 30, 2014 at 9:41 AM, Douglas Goddard <dgoddard at sourcefire.com>
> wrote:
>
> > I just want to confirm, does this logic match your intentions:
> >
> > (0|1|2|3|4|5)&6
> >
> > Thanks,
> > Douglas
> >
> > On Wed, Oct 29, 2014 at 2:53 AM, Willian Cruz <
> > willianalbertocruz at outlook.com.br> wrote:
> >
> >> Good morning guys,
> >>
> >>
> >> Win.Adware.NetCrawl;Target:0;((0|1)|2|3|4|5)&6;6E6574637261776C2E696E666F;6E006500740063007200610077006C002E0069006E0066006F;6170696E6574637261776C696E666F2D612E616B616D616968642E6E6574;766572697369676E2E636F6D;7468617774652E636F6D;73796D616E7465632E636F6D;4E6574437261776C
> >>
> >> SHA256 of files used:
> >>
> >> 2e4dc90f41d5c99fb4cd840ac07f3c5fe458f142a72c7ddb39ec2a30412f6e0f
> >> https://malwr.com/analysis/NWY1NmQ4ZGVjMWM0NGI2Yzk1YzBlMzc3OWZkOWI2ZDU/
> >> 0cbf36e26ead9a3ef7347f169959a565e5058aa4375a03e30c51eee0999d8543
> >> <https://malwr.com/analysis/NWY1NmQ4ZGVjMWM0NGI2Yzk1YzBlMzc3OWZkOWI2ZDU/0cbf36e26ead9a3ef7347f169959a565e5058aa4375a03e30c51eee0999d8543>
> >> https://malwr.com/analysis/YThiM2Q2MTdlNTcwNDk1ODk5ZWZmZDBjNGRhM2Y4MjI/
> >> e9d10bbfc32b5c7168725555b6e9d1029c4e07a23651836445a784a5ae0e4608
> >> <https://malwr.com/analysis/YThiM2Q2MTdlNTcwNDk1ODk5ZWZmZDBjNGRhM2Y4MjI/e9d10bbfc32b5c7168725555b6e9d1029c4e07a23651836445a784a5ae0e4608>
> >> https://malwr.com/analysis/NDA4NjllNDhlOTc0NGI1OGI5N2E1ZDZhNTg1ODMxMTA/
> >> 1cdf52f5fd0473ad249199d7ea8031d3a58ecf7b790ab86de7af2c62d4566182
> >> <https://malwr.com/analysis/NDA4NjllNDhlOTc0NGI1OGI5N2E1ZDZhNTg1ODMxMTA/1cdf52f5fd0473ad249199d7ea8031d3a58ecf7b790ab86de7af2c62d4566182>
> >> https://malwr.com/analysis/NTdiNzZjMWRlY2U3NGIxYThhNTgwYjYzYzBhMzJkZGQ/
> >> 8f88e33b292fbf9ea7ec35f506bade936026ef910bbf304d4a1815cd78c7f624
> >> <https://malwr.com/analysis/NTdiNzZjMWRlY2U3NGIxYThhNTgwYjYzYzBhMzJkZGQ/8f88e33b292fbf9ea7ec35f506bade936026ef910bbf304d4a1815cd78c7f624>
> >> https://malwr.com/analysis/ZTZjZGNiOTZiOGY3NDU1NGFkODk4NWViMTc2NTdlNWY/
> >>
> >> Cheers,
> >>
> >> Willian
> >>
> >>
> >> _______________________________________________
> >> Community-sigs mailing list
> >> Community-sigs at lists.clamav.net
> >> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
> >>
> >> http://www.clamav.net/contact.html#ml
> >>
> >
> >
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
More information about the Community-sigs
mailing list