[Community-sigs] Win.Trojan.Clicker
Matthew Molyett
mmolyett at sourcefire.com
Tue Aug 9 14:55:09 EDT 2016
Thank you for the submission Askar. The signature has been submitted for FP
testing.
On Fri, Aug 5, 2016 at 11:48 AM, Askar Dyussekeyev <dyussekeyev at yandex.kz>
wrote:
> Win.Trojan.Clicker:1:121512:535683C4F88BF0E8????????
> DD1C249B8B46108B98840400004B83FB007C2769C3430100008B56108D94
> 82880400008BC6E8????????68E8030000E8????????4B83FBFF75D9E8????????
> DC2424D80D????????D80D????????E8????????595A5E5BC3??????????
> ??????5356578BD8BF????????8B430C0FB6B0????????
> 85F67E318B43088B04873DBA02000073138B1485????????B9020000008BC3E8????????
> FF4308837B083F7E0533C08943084E75CFFF430C5F5E5BC3
>
> signature looks for specific block of code
>
> detections (68):
> 0721dafe0b0f689ffa7e96ec12edaec2
> 0fef28858098675697c353c30d5b79f3
> 11a403fb42aa1bf6a190fd60373b644e
> 13c713311d17c8d2fb6d82482e4229dc
> 14fd73005dd1e1b7bff0b560597ce36e
> 1986ee09059544af5e9b08bd27f58fc7
> 21aa210ab5904deaa87bdfb74eada95d
> 27da502f2339b15cc007fd86c2aeccc5
> 281c79060baaea012dd45c5b4a242dd4
> 28c90b41f7d782025c92828f7e4a0a28
> 2a1468fd4c604dd8898de34ce78c70e3
> 2becf75830b2644e40b199fa369209ed
> 31aed4b771066689160fc786bf50f203
> 36782d9b73554902cea7291b4fd0a13d
> 3909489878a66bbfeaaec453afa609bc
> 39dfe3b8ce11c8aecf7adf31bea7679a
> 3bd0f84428cef65e4d59ebc8152a3200
> 3c3c19f58c7064b75a3afcb447bdaa73
> 3d28618a77757f196a0624f10b4dce1d
> 3e478ebefb8929cd1fbfe5704c57ba7d
> 437621c9564cf3b19840588005406b77
> 43f16798c50319626fa6f8226b9de8fc
> 451b0da9aa0bc77e700c000a0cb900b9
> 45a855113b41a0aaeec45bb53f471428
> 46791c32aa38ab41710204c1a272cc27
> 4772087eb1c27ee0e79c9381efdd6855
> 4879675acbbfeb27601196900be1ef09
> 4c8ac92b48d5ff2842ae555711d3ce31
> 4fbc977b8608257b617cfdbc579880ab
> 568bdfd8a428f7d8f0acee57c6ba917d
> 59e1d43ceee2465d6c4676dd8ddf4727
> 5af8b1d6e73aff78814764bb7b9c7b9e
> 5ea59b267c2de09761cd5cdb89ac2c9a
> 639634f4b472bb75b241e053c494e1fa
> 6434dd6645b81f570f033a2b63aea633
> 6934bea836bc40909d5c6a9345d62df0
> 6f72269f74cacab675a12a3bf0a9690d
> 87e26deae7ed1789d2ded178a5c0f76a
> 887384859272320ce21be05793eb0756
> 88a5ebb4b9895ef7ccf0c6ba65aaf1f1
> 8cd6996bd4eab246957a93ea073ec1dd
> 8dc2a8f04c465ac6ce53e8b4f120e2e8
> 9921d1863f52c8528cc49ff63c42eb38
> 99fdf6e7e47ce8416e2296f1c7e50f95
> 9cf8548865207df153f48cd5ddbbea9a
> 9f71629da5edf98276ebb1b86f55f4d0
> 9fef45ba26734b9593e409129ad044be
> a40258f8357c721edea3d3cd16361ede
> a54a6cb0b1a5d6ff4cdf4db3748115dd
> a89eed726202f8bda76c28a84f99408e
> ab27b67af0ca149ddfd83d778f9a377d
> b5248db39b39f604f020fa37ce5461e4
> b9ce23cfd45147b7b8e7688801388747
> bee2cda0e5fd7ca5784a7ec76d1f6714
> c2e94d6069d82b6a80b8c5ce17b117cc
> c3372a497ad21f6b63059598ebca7538
> c4a521563469c495d63346ffb61a0e7a
> c85e78ed0733c1f7c64eaa1ed4b2e99d
> cb826f279eff81770b2de499c57bbf10
> cfc0ed005015d40fc4b179245b0664af
> d91301e524be99982e6e1356d22d05b4
> daa2fce647295abcb5df3e9175ccfeef
> de3a70fd9f504d0e523b4d79570558a0
> e06fdab5dc9f3c47a5a863962168821e
> e166c156a197dd170576b9926f587d39
> f22bf99527d0a7331b2666895f37cbbc
> f3e75e9202992572783978871f49e6f9
> fb5d4808cdfe84ac10d941f6ab92ae40
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
>
--
Matthew Molyett
Cisco Talos Researcher
More information about the Community-sigs
mailing list