[Community-sigs] Virus.Win32.Enerlam
Christopher Marczewski
cmarczewski at sourcefire.com
Mon Sep 12 09:35:52 EDT 2016
Hello Komal,
Thank you for your submission. Your signature has been queued for FP
testing.
On Sat, Sep 10, 2016 at 9:27 AM, komal raskar <komal.raskar496 at gmail.com>
wrote:
> Virus.Win32.Enerlam.c:1:*:4d5a90000300000004000000ffff00
> 00b800000000000000400000000000000000000000000000000000000000
> 000000000000000000000000000000b00000000e1fba0e00b409cd21b801
> 4ccd21546869732070726f6772616d2063616e6e6f742062652072756e20
> 696e20444f53206d6f64652e0d0d0a24000000000000005d171ddb197673
> 8819767388197673881976738810767388e5566188187673885269636819
> 7673880000000000000000504500004c010400826dc93d00000000000000
> 00e0000f010b01050c001200000002000000000000503300000010000000
> 400000000040000010000000020000040000000000000004000000000000
> 000050000000040000000000000200000000001000001000000000100000
> 100000000000001000000000000000000000001c40000028000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 0000000000000000000000000000000000004000001c0000000000000000
> 000000000000000000000000000000000000002e74657874000000240000
> 000010000000020000000400000000000000000000000000002000006048
> 6f7374000000004a00000000200000000200000006000000000000000000
> 00000000002000006056697275730000008c0c000000300000000e000000
> 080000000000000000000000000000200000602e72646174610000ca0000
> 000040000000020000001600000000000000000000000000004000004000
> 000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 000000000000000000000000000000000000000000000000000000000000
> 00000000000000000000000000000000000000
>
> signature looks for specific block of code:
>
> detection:
>
> 720937f20ce0b2de51e208cc261c41f3
> f8c5ea49a9394e15f152c6fa84d60eeb
> e47b34be148398aeeae09c2042fe0a85
> 8bafa619ddfe0cef0f49b1f3f169478c
> 9defb3347cf7385f4704eaa841179b81
> be926175be6111b3f8c9a9ff3e7fce58
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
>
--
Christopher Marczewski
Research Engineer
Talos Group
cmarczewski at sourcefire.com
Phone: 443.430.7118
More information about the Community-sigs
mailing list