[Community-sigs] Injected PHP mailer
Carl Swart
blackie at webonline.biz
Wed May 13 17:47:10 EDT 2015
Hi,
Here is my sig:
{CFS}PHP.mailer-1.162:0:*:3c3f706870{-41}66756e6374696f6e20656e7669616e646f28297b{-160}24656d61696c733d245f706f73745b22656d61696c73225d3b{-191}2466756c6c75726c3d2222202e20246b3838202e2022{-917}24656e76696172203d206d61696c282464657374696e6f2c2024617373756e746f5b246d73675d2c20246d736772616e642c202468656164657273293b{-346}3c3f206563686f20656e7669616e646f28293b203f3e
When I change my type from 0 to 7, detect stops. I do not know why. I used the "nocomment.html" file to generate the signature after running clamscan --leavetemps
MD5: d299d3a24b19bd37e753065152e2489e
SHA1: 4943d71dff8531df803f61211a1aaecde5927b4e
SHA256: 75f86ba55081698db60572387e59ba218237944612f1c732a63ebd4d216c92e2
https://www.virustotal.com/en/file/75f86ba55081698db60572387e59ba218237944612f1c732a63ebd4d216c92e2/analysis/1431550744/
--
Regards,
-Carl
More information about the Community-sigs
mailing list