[Community-sigs] GX40 ransomware
Christopher Marczewski
cmarczewski at sourcefire.com
Tue Apr 18 09:56:57 EDT 2017
Askar,
Your signature for GX40 has been approved. Thanks again for your
contribution.
On Mon, Apr 17, 2017 at 10:45 AM, Christopher Marczewski <
cmarczewski at sourcefire.com> wrote:
> Hello Askar,
>
> Thank you for your submission. We're reviewing the signature & will keep
> you posted.
>
> On Sun, Apr 16, 2017 at 9:41 AM, Askar Dyussekeyev <dyussekeyev at yandex.kz>
> wrote:
>
>> Info:
>> - https://twitter.com/BleepinComputer/status/848702767246061568
>>
>> Samples:
>> - https://www.virustotal.com/ru/file/2d7a92a8ad1271d0544148b7a
>> 37de0d2b2180750a6e7753a26f97b801c369fb4/analysis/1492349636/
>> - https://www.virustotal.com/ru/file/b6cbd7f5f6d9946b27be877ab
>> 5bd8205f64a4155ef202694dc2ce9fb2981c18d/analysis/1492349652/
>>
>> Hello! There is a simple logical signature for GX40 ransomware, that
>> looks for specific strings:
>>
>> Win.Ransomware.GX40;Target:1;0&1&2&3&(4|(5>5)|6|7|8|9|10);63
>> 006D0064002E00650078006500;3F00670065006E0065007200610074006
>> 500;2E0078006C0073007800;2E0064006F0063007800;46617468757246
>> 7265616B7A;57696E646F777355706461746572;687474703A2F2F67616E
>> 65646174612E636F2E756B;72616E736F6D77617265696E6340796F706D6
>> 1696C2E636F6D;33427379527A3273647658635752617963506F697A4548
>> 35684162446D5763704E45;696D706F7274616E742066696C65732068617
>> 665206265656E20656E63727970746564;42006900740063006F0069006E00
>>
>> Best regards,
>> Askar
>> _______________________________________________
>> Community-sigs mailing list
>> Community-sigs at lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>>
>> http://www.clamav.net/contact.html#ml
>>
>
>
>
> --
> --
> Christopher Marczewski
> Research Engineer
> Talos Group
> cmarczewski at sourcefire.com
> Phone: 443.832.2975 <(443)%20832-2975>
>
--
--
Christopher Marczewski
Research Engineer
Talos Group
cmarczewski at sourcefire.com
Phone: 443.832.2975
More information about the Community-sigs
mailing list