[Community-sigs] Js.Trojan.Nemucod
Alain Zidouemba
azidouemba at sourcefire.com
Tue Mar 29 16:19:04 EDT 2016
Thanks for the contribution, your signature will go out momentarily.
- Alain
On Tue, Mar 29, 2016 at 3:52 PM, Samuel Lidén Borell <samuel at kodafritt.se>
wrote:
> Hi,
>
> Here's one more signature for the Nemucod trojan downloader. I had to use
> some ranges because the malware is randomly generated, with random variable
> names and junk lines etc.
>
>
>
> Js.Trojan.Nemucod:7:*:3d20226372656174656f626a656374223b2076617220{1-15}203d2066756e6374696f6e20{1-15}2829207b72657475726e20777363726970745b{1-15}5d2822777363726970742e7368656c6c22293b7d2829{-50}203d20226d73786d6c322e786d6c68747470223b
>
> Samples SHA256:
> 3e210a47cb09e280cdd8e759f4404762c1a16b850c179693ca7c16d58630ee25
> f50f74881973fe9c371dc626441d05a46a7163ca98be34dc398f05671e12ec30
> 7b918b4b5473b222a2c7b39af1d0021e398046da49da418be32ab2e91f6217d4
>
>
> Regards,
> Samuel
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
>
More information about the Community-sigs
mailing list