detection rules for the following Malware:
- Adware.Gamevance
- Trojan.Agent
- Trojan.BHO
- Trojan.Downloader
- Trojan.FakeAlert
- Trojan.Virtumonde
Category: Trojan
Code:
:: New Malware v8
// Revision 1
// {Cat:Trojan}{Cnt:1}
// {Det:Matt,2009-05-23}
// Adware.Gamevance:
//BrowserHelperEx:"Gamevance","flagfile=1"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{0ED403E8-470A-4a8a-85A4-D7688CFE39A3}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{0ED403E8-470A-4a8a-85A4-D7688CFE39A3}"
// Trojan.Agent:
// BrowserHelperEx:"CDNSCacheObj Object","flagfile=1"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{376892AE-1825-4E5F-9F85-23F9640051CC}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{376892AE-1825-4E5F-9F85-23F9640051CC}"
// Trojan.BHO:
// BrowserHelperEx:"Microsoft copyright","flagfile=1"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{F30B5E7E-CFBB-44fb-A947-226E5A7A4290}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{F30B5E7E-CFBB-44fb-A947-226E5A7A4290}"
// Trojan.Downloader:
AutoRun:"Cognac","<$LOCALSETTINGS>\Temp\2207.exe","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","Cognac"
File:"<$FILE_EXE>","<$LOCALSETTINGS>\Temp\2207.exe"
// Trojan.FakeAlert:
// BrowserHelperEx:"XML module","flagfile=1"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{500BCA15-57A7-4eaf-8143-8C619470B13D}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{500BCA15-57A7-4eaf-8143-8C619470B13D}"
// Trojan.Downloader
| Downloads: 8 | Rating: 25 (rated by 2 users) |
|
New Malware v8
Reply With Quote
