Tools:

• Razorback
• PE-Sig

Web Tools:

• SO Rule Generator

Mind Games:

• AWBO Exercises

Papers:

• Index

See also:

• VRT Blog
• Snort.org

Contact:

• Sourcefire VRT
  research @ sourcefire . com
• Other Methods and PGP Key

The following is a list of md5sums of malware samples which have displayed the behavior detected by SID 16860:

000a588c8d48a461828fbaee57cd4f42
00c2b204403d66d54d975147bdaaef54
03b7a22d9c01ed341d226204baf54432
078a8fbbf3173ffc15af727bbf70693d
0994cd2efabf89b06dd90897bbb23813
0ac9b5adf3236ca00a1176cd106e2365
0c4ae68cc611ab18f53551b74d09b68d
0fafb34e705abd4868ef771e3d1aacbd
10e78264ead3f9ff8f95c273f8f7cc6d
1e3ebc3af05810be9e1e9a3177c3942c
1e6e9872029e339afb4ad6c62819a564
1f26e211df697388e9ac361472b51152
2223cec13e21ab05192022708023dd17
2676569834b7b48f9ebb68237e0c7c35
27182be2873ad81e7afe99492e474da0
27c0e010cc2e7f4b4f5570128bd724e6
28dfd03b3f7747d7a20504cef27ddba8
29b78edbe0ae32ffbde27d0eab2d87de
2aba7172df56d0593de0b36e03ca7f33
2d4eee9f6896643b005b31c4433cc8b8
2e6878066825867c642031a2de6d83dd
2eb40dc5b1c60462dc6d6a2c83e9c492
30874f6eb45e1ee0d83206a8085f9258
312f369efdc0377044f9c1eec7f09027
341e4e8c7489d486a1e15ba96b923532
3827cd4b82cc3a5bfc8282309e4fb231
38c28ea181a25f6f85b272d38c42b724
3ad43ccb50a163b1ad708985b21a2883
3c97d127bca211bd032818d4a64fc062
3cc9b324e90ea3b2c4f2a343aa3529e3
3eed6e8e749a9946d75dda085f758633
446c1bbe1d930113110849038a0eb2b2
45b48a8e263bacfd57fd14f6cfbc1225
463996a28e5b06394374975a78c3c495
467862cfd03b4a56793b27286fa0eb3a
46b1188b7dd016ecc5dc99ff51165cd0
46dbb90f19c9377a1c814d17e9e3c2f8
4776e94910d2975762cd8b0fdee22fcd
47ac9ae220ea0a1c970f93b6670357ca
482b109fccf6fa591d6660728850f7dd
48d4d1125cc2fe90d5c7b07d22e1100a
4c70cf17d6c7c0c70f14983d6074ef0b
4df047e371f1c800a2e15244ae1d02e0
52cf5848a1d26f9d5d3b5a19238331a2
534256bc85ce2290a90e5bf58d3cf0be
598e0eede128152911bd4dbc36cf2c4a
5a7f7fd653f1e0302a5742b323086f04
5d2111f2db59cf6732964eeac63f5cbc
5d265d23fdadc4c12d7f52ba5e8b9591
5ec86699ce465b0a736dac6552e595a8
5ed17a2c05710e44467334b9420cf86e
61525d465864d5ea1fd63928b4d3f107
63a14edcbf5c22b2a7520ac8865b5cfa
647d731dd636bb8d48ff74dec9670470
66f4c419a235be29c29cbcb33b2663ff
6b7b4d8ed436af3a7425686e8dde362d
6b8a5dab37d6ed442027ad0c3ccf24e7
6cc29095f555ba27a00fdd42d21de5de
6ec1edfd5c14e10e1a84693bfeae8a14
6fef1d5eeb84ac39e2da906f95e56533
6ff43c9a78e5328d1b80f4301ee25843
72c18aabda48c00b7e2cf9c674067a23
762dacd81803df0e6751a89e4811534c
76f44f2ae2e3129022cc25b3a5ff3d2c
7877427723fbec274a75419dc1d6d2b4
7a06cdeb96bfec5eb8a78f69d4f9826b
7ba7f3d531fdf95209de9cf04975105e
8345fb1645a09f512db3dcd5d8f924eb
85f191a758718ff55f09e6540a1fd74d
88d12c3596c27ca257e3e58a20eb8df9
8a88cb6bc72aa75f7fbb66131793ae75
8e913e7dd7d212d51c7cd58d93e4ece1
8f5c0d66e4ec9b992b3460ba31c4d5d0
8f6c5ac1cbc100d1c0f0978890d76591
9299473ededbfbb3e6e1dcb19f943bb9
941b869e00ba38ec1ac7fe93b4f34209
95733b6cea5f6cac43a7b37476d09af3
998729a828a31bff07ddaf41413b7bea
9b5c02b084e392bfc6e7229dbb94541f
9c7b4285e8febc7a4a6e2016a0be3d13
a29d216b9fb1f7804cb1d24b2a64111e
a39a3dd537b2dc2d73b0059b91766ffc
a83e6b0fbddaa3e0a61f43cdebb5797a
aa09f5da36c14e301ae96fce3799ab79
ac62b677f86a89c092f9abd68e1901ee
af0f9ae41df641f83aed79d30959e88a
af1060e2d113816a29b52ec560077ee8
b18b9ec5fd174d0fefc02878433f38c4
b52214ef6576dc9f54debec25c50910e
b72dc51d7cb36b9156afb2c2243220f7
b7fd69de23a39726073b8a548a5acdc7
b807ddac99773d85d15c540f37f3748b
b8df89b467c7c6f4b7d5b40d6aaf3070
b8eb3e7f6ff002cd4b7997a240b289d5
b97429ce40af5f375e4426387f544ef9
bbac7b9a5d0412b4018d1faf27e84a06
c367c0f89ee7967ffa2dbca3f1f32bc4
c393dac379f3eb85120a34f7708c9799
c3b638bb45564664344a7d152439e2fb
c4f5ea749cb7e1c1a93d2fb257fdf618
c64ecc87baa66d316837d347b482a430
c69869ae59b6324ddee867953793dad1
c7f634e5e6c937aff16abffc648e0834
c9c242f94c631b144cddc76b6d3790a1
cda2062f0a043fa672d22672f499d6c7
cf75602f9991306c7caec8b6f2c735f9
d038da4b9a48591e6228e02f9cdc590d
d094cb8249dc57cee8b91d0f15e77d02
d0d3d6f83c4b8cc91f87e5a710f4b50d
d0faa12f042f0a200c7fc8871ebfc725
d6467c15e40cd17b7ab1a4631c7e357f
d8df28db01851eda9abf71f89ed7c41d
d938b4c95e814aec0380bdd9edaebe52
d94a8d32cdbbad5489f63fa5967cc6a8
db334def9f627d4e90e0e3ecc631f455
db5907f1032c96d019e537d70cd994e8
e3d7cc2f8bc08dc01011ccdb0ae1de1d
e5a3873ca1154021668a5685f692037a
ea7928c9272b50bedc6398fcc54f977d
edfb0409ce718b7e1dd62d8d52cf02f0
ee10ac1443acc8eb49c2dddf3f1dec7b
ee8c7c56ac6cf04121d942da3f2b46cf
eec79dd7dd1ae2798a768f8ca9a82ae9
eff46ae38872520f55b93f2f25558248
f0b6716c6feec0cb7d281009e9a0e96e
f249d06e41800e7c147ee9aa9d16f181
f4a7f1095768c0bb8a5489a56b24fb77
f50ba7ff6135b484eefd81e0cf5551b9
f6b50ef90d1df43f2aee9e96a9bc41bd
f75fa162d768e84a8994f76bfb1b698d
f7ec8b43b1df6b36c9c26ed477b97149
f838ff0ac8d65df9e050d67c28fc2cd5
f937e8233ff846a45b447a3ea5297428
fb3af277a73303fd1329c929dae349c8
fd0bb212e992a69360a403afaa751141
ff21f7d48926808bb79c2be3aefa672d

('')

About the Sourcefire Vulnerability Research Team

The Sourcefire Vulnerability Research Team (VRT) is a group of leading edge intrusion detection and prevention experts working to discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in network security industry.

All materials contained on this site © Sourcefire VRT