[Community-sigs] new sig Win.Trojan.Mrblack
Angel Villegas
anvilleg at sourcefire.com
Tue Apr 7 12:04:10 EDT 2015
Andrei Saygo,
Thanks for the signatuire. Linux.Rojan.Xorddos has passed FP testing
and will be published soon.
Thanks,
Angel M. Villegas
On Tue, Apr 7, 2015 at 10:43 AM, <andreisaygo at live.ie> wrote:
> Signature:
> Win.Trojan.Mrblack;Target:1;(0|1|2|3|4)>3,3;5c3f3f5c25735c737663686f73742e6578655c3f3f5c;25735c256325632563256325632e657865;564552534f4e45583a25737c25647c25647c2573;004d722e426c61636b00;456c696d696e61746520736d616c6c204a6170616e657365
>
> MD5 4b61d7f5c6d70ee8d222e7e900048c2c
> SHA1 97ac7552f753634a2fd72ca2fb6cc79e97ebf65c
> SHA256 cc7632c33af303e8fba75dc5acc000d66532323f5783726d8b3322d3fa0279d5
>
>
> Sig0:
> \??\%s\%c%c%c%c%c.exe
>
> Sig1:
> \??\%s\svchost.exe
>
> Sig2:
> VERSONEX:%s|%d|%d|%s
>
> Sig3:
> Mr.Black
>
> Sig4:
> Eliminate small Japanese
>
> Regards,
> Andrei Saygo
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
More information about the Community-sigs
mailing list