[Community-sigs] Js.Trojan.Nemucod
Samuel Lidén Borell
samuel at kodafritt.se
Tue Mar 29 15:52:35 EDT 2016
Hi,
Here's one more signature for the Nemucod trojan downloader. I had to
use some ranges because the malware is randomly generated, with random
variable names and junk lines etc.
Js.Trojan.Nemucod:7:*:3d20226372656174656f626a656374223b2076617220{1-15}203d2066756e6374696f6e20{1-15}2829207b72657475726e20777363726970745b{1-15}5d2822777363726970742e7368656c6c22293b7d2829{-50}203d20226d73786d6c322e786d6c68747470223b
Samples SHA256:
3e210a47cb09e280cdd8e759f4404762c1a16b850c179693ca7c16d58630ee25
f50f74881973fe9c371dc626441d05a46a7163ca98be34dc398f05671e12ec30
7b918b4b5473b222a2c7b39af1d0021e398046da49da418be32ab2e91f6217d4
Regards,
Samuel
More information about the Community-sigs
mailing list