[Community-sigs] Win.Trojan.Downloader
Christopher Marczewski
cmarczewski at sourcefire.com
Tue Aug 30 09:35:30 EDT 2016
Askar,
Thank you for your submission. Your signature has been queued for FP
testing.
On Mon, Aug 29, 2016 at 2:02 PM, Askar Dyussekeyev <dyussekeyev at yandex.kz>
wrote:
> Win.Trojan.Downloader:1:17316:3C580F85????????
> 807C2EFF30750145458A442EFF8BD080C2D080EA0A721280C2F980EA0672
> 1780C2E680EA06721CEB7A8BF881E7FF00000083EF30EB188BF881E7FF00
> 000083EF37EB0B8BF881E7FF00000083EF57837C240C007509837C240800
> 7247EB027C43817C240CFFFFFF0F7509837C2408FF7604EB307F2E8BC799
> 52508B4424108B5424140FA4C204C1E0040304241354240483C408894424
> 088954240C4533DBE9????????807C2410000F84????????
> 8B4424088B54240CF7D883D200F7DA894424088954240CE9????????
> 8A442EFF8BD080C2D080EA0A73628BF881E7FF00000083EF30837C240C00
> 7509837C2408007249EB027C45817C240CCCCCCC0C750C817C2408CCCCCCCC7604EB2F7F2D
>
> signature looks for specific block of code.
>
> detections (57):
> 058965930fc55ad6f28c87d0d5a7ce5d
> 0d92afbb43f089e8fc300119ffee4a46
> 110b8ec149c5f4bf59d3302837e566e1
> 12880fe90f4fdaf108ad10fb9f417c83
> 169d007a4672a548c8797ed4a666a44a
> 16d82ee8e944dcd1bf1f9294891def73
> 1c52fbd2730cf6f81331ad03f03f18ca
> 30c88afa8b3807b7d37fd572576a508a
> 330c299841d805cfcface4e24c24c5a4
> 34900ed64eed0bf17e3e9f5d2a1b6f71
> 3bc057ca934fa97759ff1d96330ee7f2
> 41b2a9f97181f7aa2e1689c4f306f7d1
> 41b8dabc2003ee08a794cc7bce2033ef
> 52150d7f223f0d97c747d00de34aa3bc
> 530132c1f4be17e92bd5c250cfd6a8da
> 571146a4479ff976a744dbb3d739e4b0
> 58e5340abe7da9b173e218143ac6f4dd
> 59572799670b926c747abef52d1931f4
> 59e5bd4ccdedc35e544305d347bcb9c8
> 601f44a991c540933d1f5c5a55f9b422
> 6792f7e09ce9ce64a19cbae7fe22c79f
> 69a7afa8566d93d88db0bd1d7dcd7373
> 6e182bad3fd22b8e2d5f55651fa4292d
> 776d8844930cb0d6e10527b6362fb073
> 7bb3c090a9f503eca01e4e4d6d3b4fd3
> 7c4c535a6d20b254116bcafacca558d0
> 7d1d129830f7ae4b9336943c08601d84
> 7dccd8267302e8124d85416864392822
> 8056b8c76918f717795d6d8725ce2950
> 8f31c5e1e15610ab025ff217844e8a19
> 9369e3064381adece8f7c4df8bfbb409
> 964db56fbf0b3b06df602f72780b5810
> 9a854ba9c2157507cf1920ecba2e7c42
> 9b30bef46eee550146d91ef2e3363fe9
> 9befff62d192be08e99b54b27486cd80
> a196845782d80a5308a06a8f99d9c173
> a4f8a0f4538424c524b2852fe21c7226
> aa8935036489c5b49ba17e6f18deedd2
> ac83323b38a13fc53e757cb0961bb706
> b686a9bce7fc7a0b1b168dd6222b38df
> beba18127ee0e3bf5b3a33bf40cc39be
> bf04e210123e304243021e380053ba97
> c527a4dafc139a8e43fc72154e44cf27
> c9284a3a844886c1a9934c43f6883b7e
> cc5c048684b06266b21d69a07a6c47cf
> d74122590debcb8e8f8e08eccb1c6f62
> d84c064642958eaa0c8639d6a5001d0d
> dd2f5ece48dc7afe7567cf41bf2d980c
> e4935a5bf484272e124c743a2845ea7a
> e9cc3e4709231f07e5e1bd1650d3c63c
> eb379c6c168831a4e5f72712be835adf
> eb3ac8b08f016c38d8c69d1c0766479f
> ef02954e4a04f17acf4613fdcc71defe
> f4c385072c3d0a02eec5dace60e6f637
> f81c94834e3adf517ae971cefc3831cf
> f96c52b623b564163053afaa8f917da0
> fcaee1148bd0ab48139e6e6c061b0684
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
>
--
Christopher Marczewski
Research Engineer
Talos Group
cmarczewski at sourcefire.com
Phone: 443.430.7118
More information about the Community-sigs
mailing list