The US FBI has issued a warning for malware that attempts to download a remote access trojan to users' computer to assist in a spearphishing attempt. It currently only applies to a UK Bank (Truist Bank), but I'm posting it in case it starts attacking other banks as well. This signature is for the rsrc section of this Windows malware file. The malware author(s) have gone to a lot of trouble with this section, and it might stand for a while. Currently, no AVs at Virus Total detect it as malware--they are wrong!

Copy the MDB signature(s) to a Notepad file and save it in the ClamWin db program data folder, or add the signature to an existing MDB file if you already have one therer. Do not save the file with a .txt or .text extension on the end of the name. Save the file as Sigfile.mdb. Select file type All Files to prevent the .txt or .text from being used at the end of the filename. ClamWin is unable to recognize a text file as a signature and will give a corrupt database warning. After saving the file to the ClamWin db program folder, scan something with ClamWin to make sure the signature works--delete the signature file if it does not, or remove the signature from an existing MDB file if you put it there.

Signatures may last up to a week or longer, depending upon how lazy the malware authors are about changing their version(s). MDB signatures are signatures for a section of a malware file, and they can sometimes last up to a month, especially if the section is re-used in another malware. You can delete signatures after about a month--the last section of each signature tells the month/date/time the signature was prepared (such as May 17 2021 at 7:40 pm).

Regards,


41904640:43422cd3d19b5884e3040b159afd36b2:Win.Trojan.BankRAT-051721.1940