[Community-sigs] Win.Trojan.Agent
Ben Baker
bbaker at sourcefire.com
Thu Jul 28 15:49:17 EDT 2016
Thanks Askar,
We'll queue this up for FP testing. The previous 4 signatures (Zbot,
Tepfer, and Ransom x2) all passed FP testing and should be published soon.
On Thu, Jul 28, 2016 at 2:01 PM, Askar Dyussekeyev <dyussekeyev at yandex.kz>
wrote:
>
> Win.Trojan.Agent:1:EP+263:83C40CC705????????????????A1????????05C0200100A3????????68B28431008BC9A1????????8BC933D28BD48BC98BC98BC98BC98BC9508BC98BC28BC98BC98BC88BC98BC98BC98BC9B8260000002BC858BA1A0000008BC9C744110C358200008BC90144110C8BC9816C110C358200008BC98BC95A8BC9FFE2
>
> signature looks for specific block of code
>
> detections (74):
>
> 07f5530e5bd579a2f761aae1d03f1e53
> 1958e032b43665bfed716e7149ab39ce
> 19e08417f89b2f7204708c9d954e5680
> 1d1ba87f51e85b599f709409265419a8
> 1da1447e507715f7f2e63b5fb6577650
> ................................
> fcc06d5aa21b0321eb9888fa695b32b2
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
>
More information about the Community-sigs
mailing list