[Community-sigs] Nemucod variant
Janos Cservenak
hawk at hwk.hu
Wed Dec 14 10:56:19 EST 2016
Hi,
Another Nemucod variant signature.
Received by email, attachment was a .ZIP that contains the trojan WSF.
-- Signature --
JS.Trojan.Nemucod;Target:7;0>2&1>3&2;
766172{-10}686974666d;66756e6374696f6e{-20}686974666d;
746d39307a786e696177726b7a773478
-- /Signature --
VIRUS NAME: JS.Trojan.Nemucod.WSF.v03.20161214
TDB: Target:7
LOGICAL EXPRESSION: 0>2&1>3&2
* SUBSIG ID 0
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
var{WILDCARD_ANY_STRING(LENGTH<=10)}hitfm
* SUBSIG ID 1
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
function{WILDCARD_ANY_STRING(LENGTH<=20)}hitfm
* SUBSIG ID 2
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
tm90zxniawrkzw4x
Matched files MD5:
bd9ac941df4dd18fc3a9357ca8fc51d4
075267b6930949754fd2d26e81cf3b6f
ed006688b4d4dbeb57be273d022f3e93
1a80ed55e9efe95742b41d6fbbfc9a93
fc4bf5f72c29990570d34fdd823a411d
4ff5f72d1375cb62ec8760e395dabc49
bb989de0945fadbd26828f43e0fccb1f
ece6efedf0ec3a381826f12e0a6d695d
9aaba658f4058e6f59a2350620d67a88
9aaba658f4058e6f59a2350620d67a88
9aaba658f4058e6f59a2350620d67a88
15c985f5a947e6730609215392954588
15c985f5a947e6730609215392954588
277a4374e36db8dcd1b7d984642ab749
d195d846366cc139f38e34744ff2217e
218e468ed5f0af73a68986dcadd43707
2dcff3cb473324f619605c1752ffdb3b
dba26a9757c92889d36e2171a0b8499c
789f9af5c3521e44123b474b901e3733
789f9af5c3521e44123b474b901e3733
98aec43fc91195e73957022ed89d663c
739f7cbde8886faf1cb4c8aaf64865a1
0c1f6e786ee71e1d55fad52af868a1fa
ebebc6db349c8457a009ea67bef9f5c2
f9c4b03fe200e0575ce77581a088a344
36196947aa0da7ee81b2174e6f992e74
36196947aa0da7ee81b2174e6f992e74
2f8021da04fb26f4b1c458229d9e06e7
754d009b8f2d9fc6eafc605a27afa64f
754d009b8f2d9fc6eafc605a27afa64f
add45ad1030774a2251f874b24dc710d
add45ad1030774a2251f874b24dc710d
b9110a5360c4f12c6aa4a2e794efbe6a
dd2fd0a397836bf55ebf7cbd98f0f6b1
--
Best regards,
Janos Cservenak
More information about the Community-sigs
mailing list