[Community-sigs] Win.Adware.Somoto (2 more)
Angel Villegas
anvilleg at sourcefire.com
Tue May 26 11:08:07 EDT 2015
Arnuad,
Thanks for your submission. I've queued it for FP testing and will publish
it when it passes.
Thanks,
Angel M. Villegas
On Sat, May 23, 2015 at 2:23 AM, Arnaud Jacques / SecuriteInfo.com <
webmaster at securiteinfo.com> wrote:
> Hello sigmakers,
>
>
> Win.Adware.Somoto:0:*:5c496e7374616c6c00fd9a80005b52414e444f4d5f535452494e475d2e72617200556e5241522e65786500fd9a805c6e73457865632e646c6c00556e5261722e6578652065202d6870{4}2f{2}2f{2}2d{2}3a{2}3a{2}205b52414e444f4d5f535452494e475d2e7261720045786563546f537461636b00556e5261722e65786500fda0800022fd9a805c696e7374616c6c(30|
>
> 31|32|33|34|35|36|37|38|39)(30|31|32|33|34|35|36|37|38|39)(30|31|32|33|34|35|
> 36|37|38|39)(30|31|32|33|34|35|36|37|38|39)(30|31|32|33|34|35|36|37|38|
>
> 39)2e6578652220fda08000637370726f64756374005555494400574d494320fd81802047657420fd8280202f464f524d41543a7465787476616c75656c6973742e78736c002f4f454d0020000d000a00090031303234002f7575696420fd80800062696f730053657269616c4e756d626572
>
>
> Win.Adware.Somoto:0:*:5c496e7374616c6c00fd9a8000{3}(30|31|32|33|34|35|36|37|
>
> 38|39)(30|31|32|33|34|35|36|37|38|39)(30|31|32|33|34|35|36|37|38|39)(30|31|32|
>
> 33|34|35|36|37|38|39)2e65786500fd9a805c6e73457865632e646c6c00{3}(30|31|32|33|
>
> 34|35|36|37|38|39)(30|31|32|33|34|35|36|37|38|39)(30|31|32|33|34|35|36|37|38|
> 39)(30|31|32|33|34|35|36|37|38|
>
> 39)2e657865202d79202d7022{32}220045786563546f537461636b00fda0800022fd9a805c696e7374616c6c(30|
>
> 31|32|33|34|35|36|37|38|39)(30|31|32|33|34|35|36|37|38|39)(30|31|32|33|34|35|
> 36|37|38|39)(30|31|32|33|34|35|36|37|38|39)(30|31|32|33|34|35|36|37|38|
>
> 39)2e6578652220fda08000637370726f64756374005555494400574d494320fd81802047657420fd8280202f464f524d41543a7465787476616c75656c6973742e78736c002f4f454d0020000d000a00090031303234002f7575696420fd80800062696f730053657269616c4e756d626572
>
> File type *is* 0, not 1. Please do not change or detection will be lost.
>
> Number of samples detected by the signature : 1024
>
> MD5 of detected samples (just a few) :
> d9c29c84e554fe45193e984648375df2
> d0251145f2b2c0bade59b7143606f981
> b162d9b2a5a29c46e7fd88b4b3a63a2f
> 5b34afa07753588e4d73cb65cf23dc20
> 512c3b15ad96570c18a2e0550f37d858
> b5104194e593394ca846699ca306fc8c
> d477faac76bb7b28300e954839ebcba8
> 09b82acfa02c20f432cfc1d7a3ad07f4
> 9834ef2ce8c2ede2fcfb997a7782e6d4
> 50034b6ddf57cede7377f924cab80f68
> a3e7f5d7471079c857dff7ed4e97f337
> e94886270df2e599e396b69fdd7d0b12
> d8ae53c04e895b4aa6e150ded9a2cf81
> 765aa95fced453514bd979ce07395c4e
> 5f6327c7b752474b5bb325aae98306f6
> 23da85b7f43a8b1bb841e177d5cb2e52
> 2cfe32a4f3027d05288ac5942574011a
> 3eeee47559d9f3a646e2746146c958b0
> f1cded9750d4b1b4e920c26ffd219ee6
> 6258ff79d12d8a1f54d33db28974d2d1
> cb0906ffa389499c6173157476287628
> a35908d79f790b75d7d4ab8c77056f4a
> 2b7cefa250c9c18cd241d6bdef2c99e2
> 1c115d705bd667aaaebcb44e3360faec
> 02f8343e38ca041db5b599913609fd63
> e87f6993b8241498960b6ab2bfb29fb8
> 9897a6cb3509489ac62e995e0fb6ea89
> 4e109bb028eeb95dcd4d5405c5ae803d
> 858de3501bbb214c4593b7e977f04dee
> a4551329ad23b9260138fe09cbad4b01
> 2c81adf9051762663807ac4dbaaad7b6
> 4b160d3b801978506240ce1aca5b5fba
> d488f24999850d50ec9587a08fa3f204
> b0e17dbc6fc411b1628f1457f2f95a1a
> dee95368fbdb3c2a6a6aeb6f52ea9df8
> 41982117f90a99154468c8ff8a9efc9c
> 424e92ca1b025dd3f08d738b2123165e
> e892d930dab7ba36d7c5fed75e2fbcc9
> 5701a45b9b00aa19ce36c8d75a4c67d0
> 2c8c493993a03977e7be058fc1702b98
> 700f02968adc2776b0b712bf372fd9b6
> 569fc834f1d055470d2ac9b815d124e2
> a66372cb4fa501008b8ddb32dc28fb02
> 5743a19038577bf9c011efe18c14d88c
> cde26fd21c3ca6b0bae93a371154661e
> cc05c96e55d08ea2b6e0a9e66c7e2902
> 4e38bb794a35db65089fba5d4d919cf3
> e59cda9f40cdf8142bc5272b3f320f89
> 1afffac777db60f75e3d0874b70bee03
> 5b795d820b7e2607200b6a7bd7eab251
> 7d7629062991203b64aa10ed7706209a
> a58ae3385c8944835d92cf432f1354fe
> ea326dbeea2e52fc03d844d0683d98a3
> c07dbf982e6c632abb68bfd6c786273f
> 82fb493c584bae085b90d5aa12486595
> 622130081ee6b77c794b57eeb7a78774
> 4f9f4be9223b9549047bb46e48aa6701
> 7a80639992552e4d48dfb79d133b83d7
> f0bbebaa8caed3a1911623c5fe18572e
> 58645d979a0dbd115ecd5890449d3abf
> 094d224853d2f8efefc2432fe549444d
> 058a32da23e7ebfbf4d323606dcb0cde
> 2fe34578572edd9e3dcbb566dcfb5de1
> 222224548f2c3b42297783b15717c653
> 98f9a16941ea3ecaf5e0ca39e702a55a
> 5e91b9c4804bc437b230d2c4a3f02395
> 3d9f6b5d210a995a0688fc99745359e5
> 6667a3164e78195e4a07d3a8264d9129
> 2da593a093c5306c0d49ea1dd8e304c8
> 52bdc1863f2cf5cd9681a6f78a81a0f7
> 5f14d34f73b044fbbf197dfe83a7e806
> 5512d8967464d09215e867e02bd5256e
> bcbfb589b64b362c6c06b79e810e127b
> edf29ca03706d1b10a56497a79de7e79
> a1c8716b501da7f8c4e889ec4818856e
> cbca5cc7f7c2501643e09d5fcca4f319
> eb4147637e035ec56d4cc7c47ef88ff1
> 99b614c630845e171ea112d1526216e3
> eb870284846d92eae937881ca3bfbb3f
> f03b630a92b0b1bd0e6347a91ec66d17
> f3af5281efa2bf9f342300d5cd21ba23
> 850bafcdfecacd72a30aec57598bdb8d
> af8f1a31f9fe516f4ea4749123ee26c1
> 1bfb6d67e897d613907fc45c63adba1c
> b68294ac68af84cdf970d8758bb22081
> 7177c2b7b34bfe76fd92450ae48cd1d3
> c11b73d87b093374909fe11a3cddcdbc
> fe33182416b9c35cea53db182f5f3d15
> 475ef2771dee8a718e0b1cceceee50dc
> 913953eef6ef52c4f92479740e2fc6ad
> 857013b4c04e77eceb77a5d3d063024c
> b985479e952777cae2f8c6ee83584bb5
> 861cb916c0b20e9cbf391e5d60101930
> 25f2e5a3bb5d7c3b46fd7af5799b4b1d
> edfe6dd4a7289aa3f74c7e72a672e2f6
> 7c71057d2e06eaf175f5e3e2b4fe54fe
> f60826c27d93ed9418b45d3f5b53bc0c
> 171d22233f5b4597be75bc91b0a2eaa5
> 44c69076b6e53055ce78b61b08ab2983
> e796acd0497aa335fdabc2eb126ac678
> d951b1e9b4262b025725bd4ba4200938
> 26c44c0b0d9a94359dce9e1bf71aae24
> afdf309ec57d57ce81195a83d2ed1c85
> 08d5666b73a195fdc7c1d71d5016f5c7
> 285a4ff7d9708ba8d54d1750ca60e768
> dddd0899f33d8da9bf558568783a8a25
> 0a68b36e6aba7c890da12c6b485321a2
> 9f97e5f466f84895dc1c764a3a75ed47
> b3f60b8f22c7629a800a807a0006ff3f
>
> --
> Best regards,
>
> Arnaud Jacques
> SecuriteInfo.com
>
> Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
> Twitter : https://twitter.com/SecuriteInfoCom
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
>
More information about the Community-sigs
mailing list