""ET TROJAN W32/NSIS.TrojanDownloader Second Stage Download Instructions from Server""
SID: 2014312
Revision: 1
Class Type: trojan-activity
Metadata: created_at 2012_03_06, updated_at 2012_03_06
Reference:
-
md5
-
3ce5da32903b52394cff2517df51f599
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "|3B 20|Ini download file modue"
-
Value: "DownUrl="
-
Value: "FileName="
-
Value: "SaveType="
Within:
PCRE: "/FileName\x3D[^\r\n]*\x2E(dll|exe)/i"
Special Options:
-
file_data
-
nocase
-
nocase
-
nocase
-
nocase