[Community-sigs] Win32.Worm.VB
Christopher Marczewski
cmarczewski at sourcefire.com
Mon Aug 22 13:53:32 EDT 2016
Askar,
Thank you for your submission. Your signature has been queued for FP
testing.
On Sun, Aug 21, 2016 at 2:31 AM, Askar Dyussekeyev <dyussekeyev at yandex.kz>
wrote:
> Win32.Worm.VB:1:2856:3DEC5B00007408483D4F0600007FF1
> 68040100008D85????????50FF15????????8D8D????????518D95??????
> ??52FF15????????B8690A00003D6A0A00007408403DEE
> 8400007CF168????????8D85????????50FF15????????C685????????
> 00B87F5F0000903D7E5F00007408483D173700007FF1B8DFC600003DDEC6
> 00007408483DA06E00007FF1B8055A00003D045A00007408483D8B1300007DF1
>
> signature looks for specific block of code:
>
> detections (58):
> 018b111898d1ed9839250d8a7adf551c
> 01ce99726cfa687a8546116f02d21361
> 070248764aa550ed9e0a609187c4c18d
> 13ee12f02e0ecb1dc4d269beb574bc2e
> 160f345c8501c46b9e43cbbf1e9947b7
> 1b6fc0aa350dd3d2732ee42e257483da
> 235bd71d868528fae5095ed4d6cda51a
> 2573aee104d8f142cc306da6e567ee5a
> 28a598082457a24e7e39882518415123
> 32dea67291ade12b24267919f2d63d52
> 333fe4345ff8774e9cfb6f0c62ddc3f7
> 33857dbdbac46fef0fe128e35829b474
> 36d10590cdbd61a72ab781788f59038d
> 3701501744953d02ce571cf91d55c406
> 411d9a9fb76a588a3f4b7617ddd3988a
> 45e76c5758c63cc7f38bc00c2243d2ff
> 49393b70053dafd685d547687aab173d
> 4b1c5495d17c10e3bf3519f88defd920
> 4b3a97ae9ff53c5f8916fcde5322d73f
> 57ada5c8bea0ba7f3ac4ec68aa156005
> 57f0efe28211b995d6f0dcb314171b5d
> 58442e3a8484c9188cab8bb4265ed171
> 5aaa559323797cf1c7ee565b5168b14e
> 64fbc2b2e30812943f018578be501923
> 6519ac65aeeb2ad325961cb950d9b40d
> 6b632bd28078d1cc390ac41042e2de28
> 6f167db41a6065277a7a45eb921bd86a
> 7558da85535717f12d7a6eeb3b5ee929
> 77e04ffdd9c1a2bdc1de353b85f72ceb
> 7a6a77e6a0243c88b3c7444c4a9ca0ef
> 81145f438390de864105b82c41aea01a
> 81203585f49aedddfe30a2fef5413bb9
> 8877d847cbd3a1954fe6a296f5d8c39c
> 8b4a9fcea12fb7dc31f0d9213bbc18d5
> 994be5903228c01dbe468af32ef92cbb
> 9d16fae94725139fb0db3b5d9a9dd3e6
> 9d6f492f7cd8698a6d6c72483d0e8ef8
> b4dcbcf6e721d18fe2f9c4b3c5d52493
> b4e274a8e85c69f1cfb379aed3a32d1f
> b6816357a47187060fe77768e98f9e4c
> bad11541fd08294b5d5a9f3aad8d21c3
> bd1c020eb77fd1fe095d34c74d676d57
> c40cf6d2bb17dbc52258442f7a8ad123
> c48d38688d9b5bdc666b1f9aa2de4fc4
> c6a44d76bd1e5392ea6234bbb616122a
> c7c34797181a217351f479a279065021
> c99f25e69b50a9ab3bf4b1d7f03108eb
> d20a6af6d78dfdb709a2f5f1c59b6f7a
> d6cc2b75f5163f0d3b6b6d2579370d17
> d717d729ea18a24cb4bc87757ab2b2c1
> da3432e33593e876d8205a627393ff1d
> dc19b2b62a018af7ea8eb57ab007be53
> dfec96245ae36788cfbf33f67e5418df
> e5803905671f9d2659b2f59276dd0adf
> e817935426ba20017ed6c367e19f95aa
> f0fce9ed6c20760db9879612d59360dd
> f1a876114bee52e2a749eb5fe8c007b3
> f948c1dabf65b34f186f81acbc876438
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
>
--
Christopher Marczewski
Research Engineer
Talos Group
cmarczewski at sourcefire.com
Phone: 443.430.7118
More information about the Community-sigs
mailing list