Cryptobot is a new version of an infostealer that is being distributed via cracked software/sites. Below are some MDB signature for this malware. Copy the signature(s) to a separate line in a new Notepad or similar text writer file, and then save the file as a file named Sigfile.mdb with a file type of “All Files” in the ClamWin database folder. Make sure the system does not name it with a .txt or .text extension on the end of the file name. ClamWin can not process signature files with those 2 extensions, and it will give you an error upon scanning. The file should be named only Sigfile.hdb.

After you save the signature file, scan a file somewhere with ClamWin to make sure the signature works okay—sometimes I can make a mistake, and I don't have ClamWin on this Linux computer. If the scan gives you an error, delete this signature file from the database folder. You can add signatures to the top of an existing MDB signature file (just add one blank line and put the signatures there—any additional lines needed will be added if there is more than one signature. If you add to the bottom of an existing file, you will get a scanning error. Make sure to delete any blank lines between this signature and the old signatures—that will also give a scanning error.

I hope this helps someone. Signatures can last for about a month. Delete them from the database folder after that.

146944:82636f024d14bef07cfb2dcd5b13ad38:Win.Trojan.Cryptobot-022122.1549
37376:9a225aff3723bda6b76974c01cc3bb84:Win.Trojan.Cryptobot-022122.1551
51200:222d1ce25c7cf0fc9fddbc50a5ae31cf:Win.Trojan.Cryptobot-022122.1557
13824:8168d0a40c802cc164a64c5b9b1a0762:Win.Trojan.Cryptobot-022122.1559
89600:86197646be918caa55fa784afc21b622:Win.Trojan.Cryptobot-022122.1603

Regards,