[Community-sigs] Delayu Trojan

Nick namiles at gmail.com
Mon Aug 10 14:54:44 EDT 2015


Signature for an old VB Trojan ClamAV doesn't detect:

Trojan.Win32.Delayu;Target:1;0&1;44656C61797500??523738205245436D61696E7300????6F6C6572694B6F70657274656600;56423521F01F

The signature detects that VB5 is being used and looks for strings
specific to the malware present in the main form the program loads on
startup.

Sample MD5: 8fc56b18515dffc7b79b8b71a7d8c69d



More information about the Community-sigs mailing list