[Community-sigs] Win.Trojan.Crypt
J. Tozo
juniorbsd at gmail.com
Sun Sep 20 21:53:24 EDT 2015
Nice work, thank you Arnaud!
Can you share the malicious file sample?
First post i see in this list,
so, is this the right place to send signatures/samples?
Best Regards
Tozo
On Sat, Sep 19, 2015 at 5:29 AM, Emmanuel Tacheau <etacheau at sourcefire.com>
wrote:
> Thank you! This will be reviewed and FP checked today, and will likely be
> published on Monday.
>
>
> On Fri, Sep 18, 2015 at 1:25 PM, Arnaud Jacques / SecuriteInfo.com <
> webmaster at securiteinfo.com> wrote:
>
> > Hello sigmakers,
> >
> > Win.Trojan.Crypt:1:EP+0:558bec6aff68????400068??
> >
> >
> 37400064a100000000506489250000000083c4985356578965e8c745fc000000006a02ff15??
> > 40400083c404c705????4000ffffffffc705????4000ffffffffff15??4040008b0d????
> >
> >
> 40008908ff15??4040008b15????40008910a1??4040008b08890d????4000e886010000a1????
> > 400085c0750e68??374000ff15??
> > 40400083c404e83a010000680c6040006808604000e81d01000083c4088b15????
> > 40008955948d4594508b0d????4000518d559c528d4590508d4da051
> >
> > Number of samples detected by the signature : 87
> >
> > MD5 of detected samples :
> > 498e80bc3d2330edda0188e59fd9ee4d
> > ea8eebc5c0438324947c09cbff6768f7
> > 6f71b79c4d5776e984c3bb281cab89a0
> > e7bc4bf91c110a3413a21f3a6382d8ff
> > 6f883bf02e5075a7d56794e1180d1965
> > 43f278c6b1c6a634de84a1b1a2254df9
> > 3c05f6643ae3c1edec1807a395c737b9
> > 1036b5e2e3fedfed6b2974d9134aadbc
> > d2319aa85905775bd3f187cb42143852
> > 588d1dcb12c444f1df15907526b2041e
> > 03cbb0ba3258f06014507508fe1cb06c
> > 336e9c97a855d2ec3f282de2e327af97
> > b1adc8a2ecebbec9b97fbeef20637a9e
> > 9f0dd87599f8fdd05d355c2a60ecd33d
> > d76ab24d3d9f771fb41ddfbe113c3117
> > e32c78100427bfeb7ad1b0357900dd71
> > 497d6713daef59dce32fe118477de8f0
> > 03857ceebb397ba9eafdbf68f475b3de
> > 7f745fdfb7aada54f673c5816b40550f
> > 137408f7f5e315b9e1c1258c4b619bba
> > f5f5521f22737ba32954e9a73795091d
> > 8a1a54af4c8619a490aea3a2810d5caf
> > 9051305522ce2e587aa4499747c1379c
> > 8ba64ba1eda40ffea37690a3e7dcab92
> > feeac4bad7010b2bcf37e7713ec38e74
> > 5fdb8ba78636e7faa764104013f8d544
> > 849e72b293add8ce2665d5b71b7abf58
> > 3a001c8f53eb68f3f8ba3d2ade8f5656
> > 5702d049fc52715ba4168132f349f44a
> > 434b0b61890fb0ca08a1b223168b0eac
> > 364d0fd817dec2d16389c0a4f985bed2
> > 316beede71291a746e869d9837ef7734
> > 2f79c2bbb7042a4a0e5cb094c11aea2b
> > f0f04cac106147c68589096e7ab962cc
> > e9a557aaae55201f5cdb8e41b610b798
> > 473cf75adb41f33d8b1a83761f951bdf
> > 5d206daff65d8bc48c1dc0aa0041fcfe
> > 2a20dcfa66f4e70f132d53d49122f3d5
> > c3c71cbb60326bfd88acc637ec98af97
> > 2645a228f737f8f02fba22afbe481dfb
> > 097c81174ac283dbddc2634c4bc9c2f6
> > 0c6a5ff63b62f69a67588d89736eb6ed
> > cb8b2dd1fe0b13a41e5e4d1a6bd17f77
> > 5bd36d888695fb3efda63d318c0df2f6
> > 343f92b47782740eae76b8273b58d092
> > d0ee8202fa5d2683840a164566257aeb
> > a793e9c261d5c54f6d08e3947138e6cd
> > 2886f9444a81ae05eeb7104788554ffa
> > a5b9428e5106c81eac2445f04bc7bb96
> > a452eea999e876c67a0f2fdd8d2b373b
> > 4e51730d013e759f3e9e1b664f2c22df
> > b9f2a5217b8b9c2414a4f7e5431213fc
> > 3afbdb6ac216d7c7efe6c4ec2654e1b9
> > 5f3a6e4c318f22ceff7c600f9bbb137f
> > ee9934045d1f49c01c292e7c72e963fd
> > a3fae711fa6b02dc37bf7cbec1d95529
> > 5c1700650fca66f405b5e601da1ec6a3
> > 15da20f0a79c44a28c44edc2608db49a
> > b8bc817a97999fc514ef0bf2cae18ef3
> > 05934bf88ac3b74183c98520be82486d
> > 686657d258de69330c2c8f01f0d76447
> > 75e2009ffd4435e5834f378eb1081625
> > 3d08cff76b541f24d030f2bfda630474
> > f798967514384549a00ba3809ae9f2f8
> > 693135d3e9353a816084326503d57426
> > f5ae44a1bb90d329222724a6ebbd4284
> > 2c2ee5f9d6654c508600272d610283f6
> > 5e1eb317c02f6adeffc72087067a0151
> > a930243cd55d275c470b384bd47544c9
> > d7a7b486e8707161a953ab99cce27f01
> > 47fccf2df89d2669093c37773f117cd1
> > 6ca1f3024484254f35753028d194f222
> > 2eda7e3e64eafc66976268367de830f5
> > 7847aa14ddaa90212a6688f1d0480642
> > bea124354adf974740f950d51b90c5b6
> > 148fd5552329e04422255ef3807893e8
> > ef14d54f89e9db099445bb3d35b3ba0f
> > 5e6d44352d5ca061a81223e2f1f879c2
> > 80cbff06a5caf4d1a67ab0afd45b9cdd
> > 68685cadbd621601e4fa639c51c9931a
> > a79851d6b164c0fba0879910f9eaa712
> > efcff62e4cc67c5b25d633b1453a0b1b
> > 3dc5a1f1b63a9325348ab7fc4d74afae
> > 9c777860ac64a634b030c2fc7651fee4
> > fd197ec729312d0641e7e2e45166d237
> > 10c38fcf4c5d615fd2d4b4016042bed7
> > a455be856532f488584c266c85161932
> >
> > --
> > Best regards,
> >
> > Arnaud Jacques
> > SecuriteInfo.com
> >
> > Facebook :
> https://www.facebook.com/pages/SecuriteInfocom/132872523492286
> > Twitter : https://twitter.com/SecuriteInfoCom
> > _______________________________________________
> > Community-sigs mailing list
> > Community-sigs at lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
> >
> > http://www.clamav.net/contact.html#ml
> >
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
>
--
Grato,
Tozo
More information about the Community-sigs
mailing list