[Community-sigs] new sig Win.Downloader.Dalexis
andreisaygo at live.ie
andreisaygo at live.ie
Tue Jan 27 10:32:09 EST 2015
Sig:
Win.Downloader.Dalexis;Target:1;(0|1|2)>2,2;FF15????400083F8000F85????0000823D????4000010F82????000090909090;89E68B????2040005?68????4000FF2690909090;6C6F6B697461722E706462
Hashes:
MD5: 37a30abf6c798807ab896e7771ae130f
SHA1: 5b25135c60c03be5449b3c7b1c8bfc6bcd74756e
SHA256: f6c16ac3e0c062c3520f35016d4ece7db80ff724291f49a9b16cec3feb0e7c89
Sig0:
.text:00401198 FF 15 ?? ?? 40 00 call ds:lstrcmpiA
.text:0040119E 83 F8 00 cmp eax, 0
.text:004011A1 0F 85 ?? ?? 00 00 jnz loc_4012F0
.text:004011A7 82 3D ?? ?? 40 00 01 cmp byte ptr dword_403215, 1
.text:004011AE 0F 82 ?? ?? 00 00 jb loc_401E9D
.text:004011B4 90 nop
.text:004011B5 90 nop
.text:004011B6 90 nop
.text:004011B7 90 nop
Sig1:
.text:004017F8 89 E6 mov esi, esp
.text:004017FA 8B ?? ?? 20 40 00 mov edx, ds:GetModuleHandleA
.text:00401800 5? push edx
.text:00401801 68 ?? ?? 40 00 push offset loc_401773
.text:00401806 FF 26 jmp dword ptr [esi]
.text:00401808 90 90 90 90
Sig2:
lokitar.pdb
Regards,
Andrei Saygo
More information about the Community-sigs
mailing list