[Community-sigs] Win.Trojan.Agent
Christopher Marczewski
cmarczewski at sourcefire.com
Mon Aug 15 09:47:10 EDT 2016
Askar,
Your submission has been published. Thanks again for the contribution.
On Thu, Aug 11, 2016 at 1:55 PM, Christopher Marczewski <
cmarczewski at sourcefire.com> wrote:
> Askar,
>
> Thank you for your submission. Your signature has been queued for FP
> testing.
>
> On Wed, Aug 10, 2016 at 1:51 PM, Askar Dyussekeyev <dyussekeyev at yandex.kz>
> wrote:
>
>> Win.Trojan.Agent:1:5449:470FBE0709C0740583F82275F3803F007406
>> 897DF447EB2D897DF4EB28803F00742189FBEB01470FBE0709C0740583F8
>> 2075F3803F007406897DF447EB07897DF4EB0231F68B45F88B55FC391075
>> 06837D0800750E09F67403FF45FC31DB803F00758B837D080075058B45FC
>> EB1F09DB74138B45088B55F429DA89108B45F8FF0089D8EB088B45088320
>> 0089F85F5E5BC9C20400
>>
>> signature looks for specific block of code
>>
>> detections (68):
>> 089b61f6b06ae23b0c73450856e4dcd1
>> 093bb6db492643dce894c229010b65a3
>> 0c7fc6fc7d4045006da5d2c4a1d7843e
>> 1079b2e34aa5a983bbccd600fded66e9
>> 10a807778512cd6fdf915be1b5e52162
>> 11b0bd140ee891d29a227157e628b5a1
>> 13b308241b099bad464bfff0b67c7871
>> 143bf8db6c24bb34331a07fc659650ab
>> 147b7b1ba14eefffb0789409f515e20e
>> 19e8a1ad489d95182a2fe97d1f797237
>> 253afd917555f77e4a9590ec1fb2f4a5
>> 28522f8afb7aad8cd5846129ee91e4b1
>> 2ea91ae77e75543ae6eef8a3966998f2
>> 2efaa665952b7d6301897e8c3f18b796
>> 3ae0a656ce4d48d004f2d972727303e0
>> 417a63a62a62141190a3ecb79881b650
>> 44493a917cc58b73a83334e3aec21a7b
>> 4777c545679b5c04c98ca1584ea99556
>> 47d5888e83808a5a5665150d6afd81a5
>> 4862514e7272f608afab9e7967d2554d
>> 4cf8761eb4151430edd3253480a5cc6c
>> 4d010e7edb8bd736e0afc8e4ff36d070
>> 4ea97c3fd0f18093f318f219ebef424a
>> 54060fe923f5e00b092270176d10facc
>> 5753f63d06b097b11359972e9076e3b4
>> 5afd48ff19e21d416ccb23467da7739b
>> 5b0afca46118050a7dac9ccf8dbd4a95
>> 5e4a85333ffb426707c4c60458f65295
>> 624e4b1a255bbd768df6768b1db19e1f
>> 6694482b7b27ead883c7b631cfef99d7
>> 671c4dedd0f914cc26b71f81295fb835
>> 71131a80406152c52c0a01e710d420f0
>> 7177c3f7cedab3af6c301cc23b3871f6
>> 75b356d361972a67292aa95e47a4ea95
>> 7aa183a5c39753e82314def2237a0018
>> 8718a9c4fc0a1ed3ec288d060b56b16f
>> 914e4b4b4fa7b8f374c4eb746e0077ce
>> 98bb95ceb93c7ee9f92529defb8da44a
>> 9b76177193a995913e3ca50399b1f985
>> 9d4cdc4fc6d8ebf711a3710fc8e3a1dc
>> a5441defe381f2575158cef788223d57
>> a8f1cee1c7b6ebb3b7e25249ff76e0f5
>> a9361c0078994a8e381cb8352320376b
>> ab6b4da97f1e00325b9ce23683a7f711
>> aeb2534fc447764da7d61f06788d23b3
>> af094564305055c7173be3fc9b5271c2
>> af2e92c333362b5b1caf12589b40972a
>> b0961a165dff150551eefd4241e73165
>> b16a7cd372ae7a902a5672f15f9b4ae7
>> b517b6f2cd60332fcd8790ae9970a542
>> b6c7c45c5576091930f95f88bd2db0ab
>> b9abaffafa4e4bbffe15c8259821037c
>> bb3f24ff12f7819907235588d4142269
>> bb6b85c79818b8ebe4f6ac067d9dc4bd
>> be97444ce8d1510c45e995d161c60ed9
>> be9d114222b0378daf63173f292ba39b
>> cf04a5dc1e853c29d0d8e05a86159b23
>> d6ffa95928d5bc01d524fadd8467ab3f
>> dbfa86a767d53d3fc780d632462457b0
>> de5e21fa27349b57512810c9f619c17c
>> e028e747c5c058da5ebcf67bc139c21d
>> e875e6574dd0203733417311596e30b8
>> ebc2e39499080d1bcfe0025c590bcc83
>> efc164d2bfe35d55d95e5bffdc2712a4
>> f872e82151bf91c92ff1b99a1e70f2bf
>> f8aa249a1468d1c1a24c7161d72eda33
>> f8f54e94162ffc457f39269036ce01cd
>> fb65cf483418810fb661793140484420
>> _______________________________________________
>> Community-sigs mailing list
>> Community-sigs at lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>>
>> http://www.clamav.net/contact.html#ml
>>
>
>
>
> --
> Christopher Marczewski
> Research Engineer
> Talos Group
> cmarczewski at sourcefire.com
> Phone: 443.430.7118
>
--
Christopher Marczewski
Research Engineer
Talos Group
cmarczewski at sourcefire.com
Phone: 443.430.7118
More information about the Community-sigs
mailing list