[Community-sigs] Win.Worm.Derbis
Xabier Ugarte-Pedrero
xpedrero at sourcefire.com
Tue Aug 2 10:08:42 EDT 2016
Hello Askar,
Thank you very much for your submissions! Your signatures
Win.Worm.Derbis and Win.Adware.ForceStartPage have been submitted for
FP test.
Regards,
-- Xabier
On Sun, Jul 31, 2016 at 6:38 AM, Askar Dyussekeyev
<dyussekeyev at yandex.kz> wrote:
> Win.Worm.Derbis:1:1358:5356576A0133F6565668????????68????????33C05666A3????????FF15????????33C066A3????????0FB788????????668988????????83C002663BCE75EA6A40BB00100000535356FF15????????A3????????B8????????8D78FE668B4F0283C702663BCE75F4BE????????A5A5A5A533F65668800000006A03566A01680000008050FF15????????A3????????83F8FF741A5668????????53FF35????????50FF15????????FF15????????5F5E5BC21000
>
> signature looks for specific block of code at export function
>
> detections (234):
> 00d38b2d61d860a85c318653bfe3d9b1
> 01a14653c110312dc193ea75b89ea3d4
> 02939a725544fb4d1326c2c7072340af
> 02db0ae0d2cafa05db3d1a25d330b562
> 04eb1168ccc74db0f8137d1cba28d992
> 0561d0f32dc29f62e5fa3129fb780c6f
> 0576d30b694a0cf478d6c379b14d7dff
> 06b61ceada4c982cc8e2615a9ff2a73b
> ................................
> fec14c0acd383be15203e39092dfac0a
> fef9e72bfc8e3f2298f4074ba3d78ca4
> ffa7b3585c142a7fcd6660c489246b9d
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
More information about the Community-sigs
mailing list