 |
 | MDB and HDB Signatures For Infostealer |  |
|
GuitarBob
|
|
Below are several mdb signatures and one hdb signature for a monetary infostealer that does other evil things too. There are many files, but this is all that I had the time for. I think they are the most recent.
Copy the mdb signatures to a new Notepad or similar text writer file and save it in the ClamWin database folder as a file named Sigfile.mdb, with a file type of “All Files”. Do not save the file as a text file. The file name should be Sigfile.mdb and nothing else. Copy the hdb signature to a new Notepad or similar text writer file and save it in the ClamWin database folder as a file named Sigfile.hdb, with a file type of “All Files”. Do not save the file as a text file. The file name should be Sigfile.hdb and nothing else. For multiple signatures, put each signature on a separate line in a Notepad or similar file. Put mdb and hdb signatures in separate files. You can add multiple signatures to the top of an existing mdb or hdb signature file. Copy the signatures, add one blank line to the top of the file and paste the signatures there—any additional lines needed will be added. Do not add signatures to the bottom of existing signature files or you will get a ClamWin scanning error. Delete any blank lines between signatures in a file before saving the file. After you save a signature file in the ClamWin database folder, scan something with ClamWin to make sure it works. If you get a scan error, accept my apology, and delete the signature file from the database folder or delete only the signatures that you just posted to an existing mdb or hdb file and re-save it after first removing any blank lines in the signature file. For multiple signature files, do a scan after you save each file to help you locate a file if it causes a scan error. After 4 weeks, the malware will probably be updated, so you can delete signatures then. The date (USA) and time (24 hr) are the last two items in each signature. Thanks to Cisco Talos! MDB Signatures 52224:7f6b342c316ff670706f73f87799e2c4:Win.Trojan.Infostealer-041422.1010 46080:a995a1d13cf7e8e902d8944a0d49dc9e:Win.Trojan.Infostealer-041422.1012 46592:cc21e95ea3c2d5fed8904e43495c7181:Win.Trojan.Infostealer-041422.1017 46592:d8d0ed7f55579191ec442bd56ffafdde:Win.Trojan.Infostealer-041422.1018 46592:8f706d74f669a39c321aab434d6a8882:Win.Trojan.Infostealer-041422.1020 49664:aa9a5dafb820564ffafada028a8d59d8:Win.Trojan.Infostealer-041422.1021 46080:d42d22825282a6e31b6f63f7d9c51a86:Win.Trojan.Infostealer-041422.1022 52224:3f69460e67862958d634fe1149136dc9:Win.Trojan.Infostealer-041422.1025 HDB Signature 0830463c17e933c96a80fe804eac9b70:188928:Win.Trojan.Infostealer-041422.1015 Regards, |
|||||||||||
|
|||||||||||||
 |
 | MDB and HDB Signatures For Infostealer | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.