[Community-sigs] Win.Ransomware
Askar Dyussekeyev
dyussekeyev at yandex.kz
Thu Jul 28 11:43:38 EDT 2016
Win.Ransomware:1:7412:C785????????00004000C745??????????FFB5????????C785????????00000000C785????????00000000C785????????0000000068960000008D8D????????51FF15????????B906000000BE????????8DBD????????F3A56A00FF15????????817D??E803000073166A006A00FF15????????6A006A00FF15????????EB346A00FF15????????FF35????????C785????????7CB100008F85????????8B95????????8995????????6A006A00FF15
signature looks for specific block of code
detections:
004690dca55c266a465290ed40670710
08b85da9c5f83a5e06bd658bd4995a20
0ca6957ef091cd457805448a533f219c
198a03632d8ca81eb3d5f547fa9d3da0
2b8ce4c10e665bf0c3537447263a90f0
34589806603a14bce0e9e22b80d85160
373bf494811cb72660b0e097471aa360
3cb673469d160dcb3ca402ece963c272
3f424f1b88c8bb697f86f92ccd509a70
42b87a017be9bf4db6145bcfb42e2c20
4d000854607faaac194b4ced84c141a0
4f3e1b2e58223b3b6aba8e94725bf0f0
4fe28f69452cccc471afd7cb1ca852a0
5b4b798b1d288fcaef7d76b3feb81590
5b852bce11a96e4b7eaf220fc0feaa21
5c3a86631d655e93931c40d3c96533f0
6201f054885a2c82c94b0cf402a8aa70
64746c7183e7bba42e93238f357c2e70
72ab9dbba9545e4630c4103389b17950
7a11669f0245c4143e065f02f59cded1
7ceb4bc5ef2ce0d583a32d2e7650067c
80f73fdd4c821ca8b6daccaa140e41c0
81e36c9fb10614f850d746a1263b3a40
83ae0b8e12ce0ae62285059164beaad0
978a49603f87deeb14825233dbb32e60
9884bd947582e98a1952947108305b80
a3edb239a423a2871cb97974226ebee0
a4f572bdcd43b49b00be6d837953b450
a89d6403ab2a0c42ab7c257432abd5cf
a90f840b5ddeff5e8afb2cfc0e76a110
ac2a4cd53e6ad83f5f7415bc9d292460
b0061bc4c25e01ddc21d6702726fa0f0
bbd5d916811a9ed5c1193eb4c0d1a0d0
c261289aacc64474d9a826356ba19dc8
c50c689228dbacd41124eeb2ff4f7710
d5a4551acd523b10b1600ae2c20c1a00
f04c4a2790c3e7258907d0d69b0ec0e0
f54d27fdf1fce8e0f9a11ecaef0445d0
f60e13dcffac9d521c3944808311a680
More information about the Community-sigs
mailing list