[Community-sigs] JS.Trojan.Nemucod variant signature
Janos Cservenak
hawk at hwk.hu
Wed Dec 14 06:01:36 EST 2016
Hi,
One of the last days trapped Nemucod trojan variants...
Received via email, all messages tried to disguise himself
as a scanned document attached as 2016-12-XXXX.ZIP file.
In the ZIP there was only a 2016-12-XXXX.jse file.
-- Signature --
JS.Trojan.Nemucod.JSE.v03.20161213;
Target:0;0;7661722077796c736f6e*49475a31626d4e3061573975
-- /Signature --
Decoded:
VIRUS NAME: JS.Trojan.Nemucod.JSE.v03.20161213
TDB: Target:0
LOGICAL EXPRESSION: 0
* SUBSIG ID 0
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
var wylson{WILDCARD_ANY_STRING}IGZ1bmN0aW9u
MD5 sums for the JSE files:
995d5852f720163112be6bb18dc45fea
df1e47f1394fb849b84a9b62ac2c5257
3d93cabf4377ac59b6a8a578f28e0460
3d93cabf4377ac59b6a8a578f28e0460
d6e9a17e0dd09384d328f110b29a0f55
d45a7e7650232738d3937c8434a49f0d
6899c73d40a95442272f32f2aa1d7606
6b5831cef9e705787a655bc66d832758
31fea40298868ea7f43f0e07292153c7
d1b3b53fcb8b9604e596806851423996
f02379e533deee8bc814bf720ac8249e
3b68fb002b17c7f9796f68240b55e1c5
3d93cabf4377ac59b6a8a578f28e0460
ab4d4e0a53aa5deca221b8e0920a3fda
e1d99edc1efdccd136409e110ffda5df
7e6c1715499fcce0c7dd0efdc8348175
df1e47f1394fb849b84a9b62ac2c5257
05add189dcce665300f8b104c197b240
31fea40298868ea7f43f0e07292153c7
--
Best Regards,
Janos Cservenak
More information about the Community-sigs
mailing list