[Community-sigs] new vbs sig
Jean-Baptiste Lanel
jb at lanel.eu
Sun Sep 24 09:15:09 EDT 2017
Hello,
Just made an other vbs sig :
JB_DWNL2_VBS:7:*:7468656e206f6c6f6767696e672e637265617465656e7472792022616e20696e76616c696420736c73686172652076616c7565206f6620222026206f656e7669726f6e6d656e742e6974656d2822736c736861726522292026202220776173207370656369666965642e22
Samples on virus total :
https://www.virustotal.com/#/file/95060734fa1fe59c18befcd3f413fdc336551c25ad4a1ad2ea978d5f70c66381/detection
https://www.virustotal.com/#/file/040c424e4dc86da39a3e70f6754c136aae884684e00447272f28e28e8df97e04/detection
https://www.virustotal.com/#/file/b723a06b37d3ef18c6b02ba907fac430b5af603070ee78165c51c7b946d608fa/detection
Regards,
JB
On 23/08/2017 16:43, Christopher Marczewski wrote:
> Jean-Baptiste,
>
> We have published your signature as Vbs.Downloader.Agent-6335783-1. It
> should be available within the next few daily updates.
>
> Thanks again for your contribution.
>
> On Fri, Aug 18, 2017 at 11:28 AM, Christopher Marczewski <
> cmarczewski at sourcefire.com> wrote:
>
>> Hello Jean-Baptiste,
>>
>> Thank you for your submission. We're currently reviewing the signature &
>> will keep you posted.
>>
>> On Fri, Aug 18, 2017 at 8:23 AM, Jean-Baptiste Lanel <jb at lanel.eu> wrote:
>>
>>> Hello,
>>>
>>> Just made a new sig :
>>>
>>> VBS.Dwnl:7:*:6d61726b6574706c616365203d20726466676f28
>>>
>>> It seems rather odd but so far catched a lot (see samples, for decrypting
>>> with openssl : openssl enc -d -aes256 -in sample.tar.gz.enc -out
>>> sample.tar.gz)
>>>
>>> Regards,
>>>
>>> JB
>>> _______________________________________________
>>> Community-sigs mailing list
>>> Community-sigs at lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>>
>>
>> --
>> --
>> Christopher Marczewski
>> Research Engineer
>> Talos Group
>> cmarczewski at sourcefire.com
>> Phone: 443.832.2975 <(443)%20832-2975>
>>
>
>
More information about the Community-sigs
mailing list