[Community-sigs] Win.Ransomware
Christopher Marczewski
cmarczewski at sourcefire.com
Wed Aug 3 17:49:51 EDT 2016
Askar,
Thank you for your submission. Your signature has been queued for FP
testing.
From: Askar Dyussekeyev <dyussekeyev at yandex.kz>
> Date: Thu, Jul 28, 2016 at 11:43 AM
> Subject: [Community-sigs] Win.Ransomware
> To: ClamAV Community Signatures Submission List <
> community-sigs at lists.clamav.net>
>
>
>
> Win.Ransomware:1:7412:C785????????00004000C745??????????FFB5????????C785????????00000000C785????????00000000C785????????0000000068960000008D8D????????51FF15????????B906000000BE????????8DBD????????F3A56A00FF15????????817D??E803000073166A006A00FF15????????6A006A00FF15????????EB346A00FF15????????FF35????????C785????????7CB100008F85????????8B95????????8995????????6A006A00FF15
>
> signature looks for specific block of code
>
> detections:
> 004690dca55c266a465290ed40670710
> 08b85da9c5f83a5e06bd658bd4995a20
> 0ca6957ef091cd457805448a533f219c
> 198a03632d8ca81eb3d5f547fa9d3da0
> 2b8ce4c10e665bf0c3537447263a90f0
> 34589806603a14bce0e9e22b80d85160
> 373bf494811cb72660b0e097471aa360
> 3cb673469d160dcb3ca402ece963c272
> 3f424f1b88c8bb697f86f92ccd509a70
> 42b87a017be9bf4db6145bcfb42e2c20
> 4d000854607faaac194b4ced84c141a0
> 4f3e1b2e58223b3b6aba8e94725bf0f0
> 4fe28f69452cccc471afd7cb1ca852a0
> 5b4b798b1d288fcaef7d76b3feb81590
> 5b852bce11a96e4b7eaf220fc0feaa21
> 5c3a86631d655e93931c40d3c96533f0
> 6201f054885a2c82c94b0cf402a8aa70
> 64746c7183e7bba42e93238f357c2e70
> 72ab9dbba9545e4630c4103389b17950
> 7a11669f0245c4143e065f02f59cded1
> 7ceb4bc5ef2ce0d583a32d2e7650067c
> 80f73fdd4c821ca8b6daccaa140e41c0
> 81e36c9fb10614f850d746a1263b3a40
> 83ae0b8e12ce0ae62285059164beaad0
> 978a49603f87deeb14825233dbb32e60
> 9884bd947582e98a1952947108305b80
> a3edb239a423a2871cb97974226ebee0
> a4f572bdcd43b49b00be6d837953b450
> a89d6403ab2a0c42ab7c257432abd5cf
> a90f840b5ddeff5e8afb2cfc0e76a110
> ac2a4cd53e6ad83f5f7415bc9d292460
> b0061bc4c25e01ddc21d6702726fa0f0
> bbd5d916811a9ed5c1193eb4c0d1a0d0
> c261289aacc64474d9a826356ba19dc8
> c50c689228dbacd41124eeb2ff4f7710
> d5a4551acd523b10b1600ae2c20c1a00
> f04c4a2790c3e7258907d0d69b0ec0e0
> f54d27fdf1fce8e0f9a11ecaef0445d0
> f60e13dcffac9d521c3944808311a680
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
>
>
--
Christopher Marczewski
Research Engineer
Talos Group
cmarczewski at sourcefire.com
Phone: 443.430.7118
More information about the Community-sigs
mailing list