 |
 | HDB And MDB Signatures For Trojan.Adwind |  |
|
GuitarBob
|
|
Adwind is an information stealing trojan that the malware authors market as malware as a service. The current campaign targets the national utilities grid of the US and perhaps other countries. The malware is distributed in an email attachment (PDF files mostly) as an invoice (or similar business document). Below are HDB and MDB signatures for some versions of this malware that Clam AV does not detect, although it does detect several versions of the main malware.
Copy the HDB signature(s) to a Notepad file and save it in the ClamWin db program data folder, or add the signature(s) to an existing HDB file you may already have there. Copy the MDB signature(s) to another Notepad file and save it in the ClamWin db program data folder, or add the signature(s) to an existing MDB file you may already have there. Do not save the files with a .txt or .text extension on the end of the name. Save the 2 files as Sigfile.hdb and Sigfile.mdb (select file type All Files to prevent the .txt or .text at the end of the filename). ClamWin is unable to recognize a text file as a signature. The signatures may last for a week to a month depending upon how lazy the malware authors are about changing their versions. HDB Signatures 7f97f5f336944d427c03cc730c636b8f:27926:Win.Trojan.REG-081919.2044 6b94046ac3ade886488881521bfce90f:634529:JAR.Trojan.Qrat-081919.2037 MDB Signature 19968:6d7cbae76c2e34c009367ebde4939ef4:Win.Trojan.Spy-081919.2050 Regards, |
|||||||||||
|
|||||||||||||
 |
 | HDB And MDB Signatures For Trojan.Adwind | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.