On Sat 11/Aug/2018 23:11:07 +0200 Al Varnell wrote:
> Here's the VirusTotal page on this file
> <https://www.virustotal.com/#/file/e23900b00ffd67cd8dfa3283d9ced691566df6d63d1d46c95b22569b49011f09/detection>
> and it does show that ClamAV detects it as Win.Trojan.Agent-6641267-0
> which was just added yesterday
Thanks a lot! That solves my doubt. Yet, I'd be curious to know if NCCIC's
Yara rule would detect it, because of:
strings:
// This is a "text" string, although it looks like a hex dump
// (except for having an odd number of digits)
$n = "bc9b75a31177587245305cd418b8df78652d1c03e9da0cfc910d6d38ee4191d40"
(Recall that hex strings in Yara require curly braces, for example:
$h =
{bc9b75a31177587245305cd418b8df78652d1c03e9da0cfc910d6d38ee4191d400}
)
Best
Ale
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
