[Community-sigs] Win.Trojan.Clicker
Matthew Molyett
mmolyett at sourcefire.com
Wed Aug 10 13:18:25 EDT 2016
The Signature has been reviewed and accepted. It will be published soon.
Signature ID: 4721872
Signature Rev: 0
Signature Name: Win.Trojan.Clicker-5431
On Tue, Aug 9, 2016 at 2:55 PM, Matthew Molyett <mmolyett at sourcefire.com>
wrote:
> Thank you for the submission Askar. The signature has been submitted for
> FP testing.
>
> On Fri, Aug 5, 2016 at 11:48 AM, Askar Dyussekeyev <dyussekeyev at yandex.kz>
> wrote:
>
>> Win.Trojan.Clicker:1:121512:535683C4F88BF0E8????????DD1C249B
>> 8B46108B98840400004B83FB007C2769C3430100008B56108D9482880400
>> 008BC6E8????????68E8030000E8????????4B83FBFF75D9E8????????DC
>> 2424D80D????????D80D????????E8????????595A5E5BC3????????????
>> ????5356578BD8BF????????8B430C0FB6B0????????85F67E318B43088B
>> 04873DBA02000073138B1485????????B9020000008BC3E8????????FF43
>> 08837B083F7E0533C08943084E75CFFF430C5F5E5BC3
>>
>> signature looks for specific block of code
>>
>> detections (68):
>> 0721dafe0b0f689ffa7e96ec12edaec2
>> 0fef28858098675697c353c30d5b79f3
>> 11a403fb42aa1bf6a190fd60373b644e
>> 13c713311d17c8d2fb6d82482e4229dc
>> 14fd73005dd1e1b7bff0b560597ce36e
>> 1986ee09059544af5e9b08bd27f58fc7
>> 21aa210ab5904deaa87bdfb74eada95d
>> 27da502f2339b15cc007fd86c2aeccc5
>> 281c79060baaea012dd45c5b4a242dd4
>> 28c90b41f7d782025c92828f7e4a0a28
>> 2a1468fd4c604dd8898de34ce78c70e3
>> 2becf75830b2644e40b199fa369209ed
>> 31aed4b771066689160fc786bf50f203
>> 36782d9b73554902cea7291b4fd0a13d
>> 3909489878a66bbfeaaec453afa609bc
>> 39dfe3b8ce11c8aecf7adf31bea7679a
>> 3bd0f84428cef65e4d59ebc8152a3200
>> 3c3c19f58c7064b75a3afcb447bdaa73
>> 3d28618a77757f196a0624f10b4dce1d
>> 3e478ebefb8929cd1fbfe5704c57ba7d
>> 437621c9564cf3b19840588005406b77
>> 43f16798c50319626fa6f8226b9de8fc
>> 451b0da9aa0bc77e700c000a0cb900b9
>> 45a855113b41a0aaeec45bb53f471428
>> 46791c32aa38ab41710204c1a272cc27
>> 4772087eb1c27ee0e79c9381efdd6855
>> 4879675acbbfeb27601196900be1ef09
>> 4c8ac92b48d5ff2842ae555711d3ce31
>> 4fbc977b8608257b617cfdbc579880ab
>> 568bdfd8a428f7d8f0acee57c6ba917d
>> 59e1d43ceee2465d6c4676dd8ddf4727
>> 5af8b1d6e73aff78814764bb7b9c7b9e
>> 5ea59b267c2de09761cd5cdb89ac2c9a
>> 639634f4b472bb75b241e053c494e1fa
>> 6434dd6645b81f570f033a2b63aea633
>> 6934bea836bc40909d5c6a9345d62df0
>> 6f72269f74cacab675a12a3bf0a9690d
>> 87e26deae7ed1789d2ded178a5c0f76a
>> 887384859272320ce21be05793eb0756
>> 88a5ebb4b9895ef7ccf0c6ba65aaf1f1
>> 8cd6996bd4eab246957a93ea073ec1dd
>> 8dc2a8f04c465ac6ce53e8b4f120e2e8
>> 9921d1863f52c8528cc49ff63c42eb38
>> 99fdf6e7e47ce8416e2296f1c7e50f95
>> 9cf8548865207df153f48cd5ddbbea9a
>> 9f71629da5edf98276ebb1b86f55f4d0
>> 9fef45ba26734b9593e409129ad044be
>> a40258f8357c721edea3d3cd16361ede
>> a54a6cb0b1a5d6ff4cdf4db3748115dd
>> a89eed726202f8bda76c28a84f99408e
>> ab27b67af0ca149ddfd83d778f9a377d
>> b5248db39b39f604f020fa37ce5461e4
>> b9ce23cfd45147b7b8e7688801388747
>> bee2cda0e5fd7ca5784a7ec76d1f6714
>> c2e94d6069d82b6a80b8c5ce17b117cc
>> c3372a497ad21f6b63059598ebca7538
>> c4a521563469c495d63346ffb61a0e7a
>> c85e78ed0733c1f7c64eaa1ed4b2e99d
>> cb826f279eff81770b2de499c57bbf10
>> cfc0ed005015d40fc4b179245b0664af
>> d91301e524be99982e6e1356d22d05b4
>> daa2fce647295abcb5df3e9175ccfeef
>> de3a70fd9f504d0e523b4d79570558a0
>> e06fdab5dc9f3c47a5a863962168821e
>> e166c156a197dd170576b9926f587d39
>> f22bf99527d0a7331b2666895f37cbbc
>> f3e75e9202992572783978871f49e6f9
>> fb5d4808cdfe84ac10d941f6ab92ae40
>> _______________________________________________
>> Community-sigs mailing list
>> Community-sigs at lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>>
>> http://www.clamav.net/contact.html#ml
>>
>
>
>
> --
>
> Matthew Molyett
> Cisco Talos Researcher
>
--
Matthew Molyett
Cisco Talos Researcher
More information about the Community-sigs
mailing list