[Community-sigs] Win.Trojan.Zbot
Christopher McBee (chmcbee)
chmcbee at cisco.com
Tue Aug 2 13:32:43 EDT 2016
Askar,
thanks very much for your submission. Your signature has been added to FP testing.
Thanks,
Christopher
> On Aug 1, 2016, at 12:43 PM, Askar Dyussekeyev <dyussekeyev at yandex.kz> wrote:
>
> Win.Trojan.Zbot:1:1536:8B35580043008B0D0800430033F189352C0043008B1D440043008B05440043002BD88905580043008B35440043008B1D6845430033F3891D5C0043008B35080043008B0D2C00430023CE8935580043008B3D6000430081EF00000076893D600043008B156000430081C2204008108915580043008B35940043008B056845430023F089057C0043008B1D600043008B356845430033F3891D08004300E94A040000
>
> signature looks for specific block at the obfuscated code.
>
> detections (120):
> 043d63e67b4ef4a7174a1103f82b1aba
> 045b537a4b75acc943ea54f31059ac33
> 06f3e0df4581c1b39808395159dc7cdb
> 0c49c83de2bf6a5e64c14e881b2fa6dd
> 0e1ad52e98ff129a0044c11ce0424e42
> 116314be15b39d22c7b1b6975ccb050e
> ................................
> eef86a6273e4d7f4d1d2d116bf0b1f35
> f1325cfd3d98f6b65ca8abcbe3e7a4a1
> f64ab7f576786786055993410d0179fe
> f95db96314b3a6794b414609e4679159
> fc61bb3ab362e2247cceee78f178f285
> ff392b0a919c18e11798d7eb64470345
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
More information about the Community-sigs
mailing list