[Community-sigs] Win.Trojan.Downloader
Christopher Marczewski
cmarczewski at sourcefire.com
Wed Aug 31 14:13:19 EDT 2016
Askar,
Your submission has been published. Thanks again for the contribution.
On Tue, Aug 30, 2016 at 9:35 AM, Christopher Marczewski <
cmarczewski at sourcefire.com> wrote:
> Askar,
>
> Thank you for your submission. Your signature has been queued for FP
> testing.
>
> On Mon, Aug 29, 2016 at 2:02 PM, Askar Dyussekeyev <dyussekeyev at yandex.kz>
> wrote:
>
>> Win.Trojan.Downloader:1:17316:3C580F85????????807C2EFF307501
>> 45458A442EFF8BD080C2D080EA0A721280C2F980EA06721780C2E680EA06
>> 721CEB7A8BF881E7FF00000083EF30EB188BF881E7FF00000083EF37EB0B
>> 8BF881E7FF00000083EF57837C240C007509837C2408007247EB027C4381
>> 7C240CFFFFFF0F7509837C2408FF7604EB307F2E8BC79952508B4424108B
>> 5424140FA4C204C1E0040304241354240483C408894424088954240C4533
>> DBE9????????807C2410000F84????????8B4424088B54240CF7D883D200
>> F7DA894424088954240CE9????????8A442EFF8BD080C2D080EA0A73628B
>> F881E7FF00000083EF30837C240C007509837C2408007249EB027C45817C
>> 240CCCCCCC0C750C817C2408CCCCCCCC7604EB2F7F2D
>>
>> signature looks for specific block of code.
>>
>> detections (57):
>> 058965930fc55ad6f28c87d0d5a7ce5d
>> 0d92afbb43f089e8fc300119ffee4a46
>> 110b8ec149c5f4bf59d3302837e566e1
>> 12880fe90f4fdaf108ad10fb9f417c83
>> 169d007a4672a548c8797ed4a666a44a
>> 16d82ee8e944dcd1bf1f9294891def73
>> 1c52fbd2730cf6f81331ad03f03f18ca
>> 30c88afa8b3807b7d37fd572576a508a
>> 330c299841d805cfcface4e24c24c5a4
>> 34900ed64eed0bf17e3e9f5d2a1b6f71
>> 3bc057ca934fa97759ff1d96330ee7f2
>> 41b2a9f97181f7aa2e1689c4f306f7d1
>> 41b8dabc2003ee08a794cc7bce2033ef
>> 52150d7f223f0d97c747d00de34aa3bc
>> 530132c1f4be17e92bd5c250cfd6a8da
>> 571146a4479ff976a744dbb3d739e4b0
>> 58e5340abe7da9b173e218143ac6f4dd
>> 59572799670b926c747abef52d1931f4
>> 59e5bd4ccdedc35e544305d347bcb9c8
>> 601f44a991c540933d1f5c5a55f9b422
>> 6792f7e09ce9ce64a19cbae7fe22c79f
>> 69a7afa8566d93d88db0bd1d7dcd7373
>> 6e182bad3fd22b8e2d5f55651fa4292d
>> 776d8844930cb0d6e10527b6362fb073
>> 7bb3c090a9f503eca01e4e4d6d3b4fd3
>> 7c4c535a6d20b254116bcafacca558d0
>> 7d1d129830f7ae4b9336943c08601d84
>> 7dccd8267302e8124d85416864392822
>> 8056b8c76918f717795d6d8725ce2950
>> 8f31c5e1e15610ab025ff217844e8a19
>> 9369e3064381adece8f7c4df8bfbb409
>> 964db56fbf0b3b06df602f72780b5810
>> 9a854ba9c2157507cf1920ecba2e7c42
>> 9b30bef46eee550146d91ef2e3363fe9
>> 9befff62d192be08e99b54b27486cd80
>> a196845782d80a5308a06a8f99d9c173
>> a4f8a0f4538424c524b2852fe21c7226
>> aa8935036489c5b49ba17e6f18deedd2
>> ac83323b38a13fc53e757cb0961bb706
>> b686a9bce7fc7a0b1b168dd6222b38df
>> beba18127ee0e3bf5b3a33bf40cc39be
>> bf04e210123e304243021e380053ba97
>> c527a4dafc139a8e43fc72154e44cf27
>> c9284a3a844886c1a9934c43f6883b7e
>> cc5c048684b06266b21d69a07a6c47cf
>> d74122590debcb8e8f8e08eccb1c6f62
>> d84c064642958eaa0c8639d6a5001d0d
>> dd2f5ece48dc7afe7567cf41bf2d980c
>> e4935a5bf484272e124c743a2845ea7a
>> e9cc3e4709231f07e5e1bd1650d3c63c
>> eb379c6c168831a4e5f72712be835adf
>> eb3ac8b08f016c38d8c69d1c0766479f
>> ef02954e4a04f17acf4613fdcc71defe
>> f4c385072c3d0a02eec5dace60e6f637
>> f81c94834e3adf517ae971cefc3831cf
>> f96c52b623b564163053afaa8f917da0
>> fcaee1148bd0ab48139e6e6c061b0684
>> _______________________________________________
>> Community-sigs mailing list
>> Community-sigs at lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>>
>> http://www.clamav.net/contact.html#ml
>>
>
>
>
> --
> Christopher Marczewski
> Research Engineer
> Talos Group
> cmarczewski at sourcefire.com
> Phone: 443.430.7118
>
--
Christopher Marczewski
Research Engineer
Talos Group
cmarczewski at sourcefire.com
Phone: 443.430.7118
More information about the Community-sigs
mailing list