[Community-sigs] Win.Trojan.Downloader
Matthew Molyett
mmolyett at sourcefire.com
Tue Aug 9 11:59:22 EDT 2016
Thank you for the submission Askar. The signature has been submitted for FP
testing.
On Thu, Aug 4, 2016 at 2:24 PM, Askar Dyussekeyev <dyussekeyev at yandex.kz>
wrote:
> Win.Trojan.Downloader:1:481400:538BD88B43143DCD00000074073DCE
> 0000007534837B4000752E8B938C0000003B5374730F8B0B8BC3C7411443
> 0000008B10FF128BC38B90A4010000FF5204C74314D2000000EB44817B14
> CF0000007509C74314D2000000EB32817B14D200000074298B03C7401414
> 0000008B53148950188BC38B10FF12EB128BC38B90B4010000FF1285C075
> 0433C05BC38B93B4010000837A140074E28BC38B5018FF52188BC3E8D1B2
> 0000B8010000005BC3
>
> signature looks for specific block of code
>
> detections (80):
> 034c8f8e6e2cea3d37c473be12ed7a19
> 09a06a10ba79c47c3bbc55f782f6c81a
> 0c904ef8f4244e67cd1d5b60523b0d4d
> 0df1fa7e2029f232dcd9a3708703fcc5
> 0eeea7da41d89995c59f8d3410f9d91f
> 1159e4802254902faca1460cbf30a31f
> 1184c7f492dce754d4350d861591fec5
> 127bfcf213af1b201bce7d325e98c7ec
> 16202d988bb543f6be61062297e85640
> 174e323b33fd0edc7dff64fee6a54dac
> 19f82caf60a9233d9dad486894ef182d
> 1ced648ff3c6120beff285744eb4d206
> 1ef012e3ad41db5592927c816fd5f3dd
> 22641aedf69e01c93049e140f2d5e068
> 24123953c969928e81af7bdc5473d8a8
> 243a1643d6cb8037bbcb060ad4db50ba
> 26bccc8959ec891fe5c00a4643c7d209
> 2a7b6b45bd1edabb1a9f826e8123ceed
> 2bbb7164a524560a997f5a9935852de4
> 2e311c38b385d0bec961d34782aaf9e7
> 2e4c22dc89f6a7aedf205f1c4a9f435e
> 3386d5529ff15abfd02b6e78c8994483
> 36a76fb80459a2db533ef604bf197a50
> 37a434e1971691815af2bec8ec716629
> 39eb7bcbbd9d93135e86788baa6d92af
> 3c69583632112a3d0a14164ed3379bbb
> 4bd96a650f28c762dc9f5dbe532b1b3a
> 51143d7b26129b5b8c0729e6dabf9518
> 54dea5f54cea4e4e880562e6d1f416e2
> 5ae854729ad0225fec69af34b94ec2fa
> 60050a0c68ac4b581d1127f598e49d01
> 62992fd87527c5707cbc639abb636809
> 661fc777c7db9c1e2c3b2d9379743476
> 66b78920e2034f246bdd78c57628889c
> 6b109ed7d6c28396270341e973d47b04
> 6c64c7b1128cb1f5811c5357d5bb9872
> 6cfb0d5dff3300d5be70b2de0fc12a51
> 752615e3750e668743baee1f560f9fa4
> 79136a2d882063cddde57c65c4a368d4
> 7922768e109a9777c68244e4f4b3a79b
> 793f287c0aca113e642e483c8cf1c6ae
> 7b5c718f96967b086562b6e5a292ad8e
> 7d977bc81d551ae4eadaec872785b5bd
> 81e7e375a99c60adb8f1ef1950fee328
> 8490af7a6398bbd39de5dbdf179c574d
> 86c53735054d5af121ec167e25e6ec56
> 8a3201b726dfbff04feb2e3821df8091
> 8aee7dddbbd6c227384a460859d4d638
> 8d86339bc1b396623a73e4f89344282c
> 8ed45ba3cc9833a59b78c093a2717fab
> 9803e1a661faf42aec977c824cb34cc9
> a2e185acf0c158c63cdbd9cc7fc13a4a
> a38684d702542bee9675a39d53b3b9f3
> a3e698db4727621287cba9fe24953c6c
> a5625631908eafa92a4406a6db60a251
> a732c03ed5384c79eaa61cb6b044f9fd
> a74d725fb55da16b08427a7f1d718dad
> aa78c0204e9c60294d174924c021bee0
> aac1766aaf353adfa6669f1c879ae04d
> b19cf2c8977653e25e27baf3ebbfe22c
> b413105988d59acfa9ea1cb50d7178de
> b894db2aec3d0b3e4e04e3a6947c2d59
> be7de1868cafd3019b80b5e7cb46b97e
> bfc08dd544f8ff45d5ccbf806d2fd6ee
> c126566ef0cdcec96a2bf100d0761db5
> c22d219ed27367bffe82e027c58bf1ba
> c57b9ef1269af63d8e17586f71860e21
> c70b71c596cf0956749f1c80de77f3d7
> ca4a0ffd27123d043d4a54345dc55fe4
> cef663a051a1d76148b7bfd4c6247dd5
> d08aa5320ccdfa5bdf3a791c2a7742d3
> d4b8e7d8324de3bf3896860e89ec85c5
> d7dd216144e1db00634e357549ad2fc7
> d975af7ba22054344cb9ca2b4b2fafb1
> e50b9c4f026d92b5bfde94729ddb4aa3
> e92ff2e3507c4f2eeb653f699c465885
> ebfd46ccdecff1f26a41d6b7f63a410c
> f48c06c15c6938b2a4e055aa0ad49a96
> fbd2afdc68b15f6322d43b64ec225b9c
> ffb06f5c397b366a85badd35cbfed2a2
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
>
--
Matthew Molyett
Cisco Talos Researcher
More information about the Community-sigs
mailing list