[Community-sigs] new sig Win.Trojan.Mrblack

[andreisaygo at live.ie]

Signature:
Win.Trojan.Mrblack;Target:1;(0|1|2|3|4)>3,3;5c3f3f5c25735c737663686f73742e6578655c3f3f5c;25735c256325632563256325632e657865;564552534f4e45583a25737c25647c25647c2573;004d722e426c61636b00;456c696d696e61746520736d616c6c204a6170616e657365

MD5 4b61d7f5c6d70ee8d222e7e900048c2c
SHA1 97ac7552f753634a2fd72ca2fb6cc79e97ebf65c
SHA256 cc7632c33af303e8fba75dc5acc000d66532323f5783726d8b3322d3fa0279d5


Sig0:
\??\%s\%c%c%c%c%c.exe

Sig1:
\??\%s\svchost.exe

Sig2:
VERSONEX:%s|%d|%d|%s

Sig3:
Mr.Black

Sig4:
Eliminate small Japanese

Regards,
Andrei Saygo