[Community-sigs] Win.Trojan.Ransom
Askar Dyussekeyev
dyussekeyev at yandex.kz
Tue Jul 26 12:19:58 EDT 2016
Win.Trojan.Ransom:1:6368:837D0C0175698D95DEFEFFFF52FFB5E6FEFFFF8D8502FFFFFF50FFB5BAFEFFFF68A0100001FF15081000018985F2FEFFFF8985EEFEFFFF83BDEEFEFFFF00752FFFB5EAFEFFFF8B95DEFEFFFF52FFB5FEFEFFFFFFB5FEFEFFFF8D450883E80450E84EF8FFFF83C414C60580D2010117
signature looks for specific block of code
detections:
00268ed136e3faf91a1ff07ded15f83a
06351f405317652149779aaf354e6646
08bd6d9fdea951f3a2090d4e949ef4ed
167d5148e7240b1287328767e79eb0e1
1c6f71741d20e0dfbd21370023b56f09
22354e773b898f85c23109b3b693bbde
23c970e9e5047718beca2f98be209a93
4f2e901d697130737c59710209db9b7c
513c68716282b005fc42dab9fc3faa6f
53646b61018704dcde299a2b89c6be5c
553a3b1a7ee8d9aed14a134f973170bb
5ed24dea7486bf72c8ef2b19a8316452
601096eb0237d7fc343019e748e6396b
60162f1282c50abd161284c81102fd48
66943651e31e75775021a0c55f26b8ef
6811280d2a2efbe15d1e2691f4af9f7b
8f4bea44c1905959d44ccab522f8cc3d
950b7d21d527c2e6e8cf98b569bd1a58
9cab05d5e4432232adfa22aed91a5bbe
b773e7b4c1368790dcf8f57d646f2954
c21be6c282411eb0c3b333bda559fc5b
c5bfe9d9fe7aeda7948165051ef38b3e
d25d50ed7496e76577008e958bcab36f
ec8de7cb963260d4a68bb64bf30c01bd
More information about the Community-sigs
mailing list