Mailing List Archive: [clamav-users] More info on Win.Trojan.Generic-9847134-0 please

[clamav-users] More info on Win.Trojan.Generic-9847134-0 please

Mar 29, 2021, 8:28 AM

Post #1 of 3 (262 views)

Hello,

I am using ClamAV with Exim in Cpanel v94. Today, doing scanning found
couple of email files infected with "Win.Trojan.Generic-9847134-0". I could
not find any additional information on this malware anywhere. Please any one
share me with more info of it. Thank you.

Best Regards,

Trung Hoang

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] More info on Win.Trojan.Generic-9847134-0 please [ In reply to ]

njones at megan

Mar 29, 2021, 10:06 AM

Post #2 of 3 (262 views)

Permalink

The clamav project doesn't publish malware analysis.

Upload the offending file to VirusTotal and see what other scanners
say. They will probably show a different name you can try looking
up, or of nothing else hits on it maybe it's a false positive.

-- Noel Jones

On 3/29/2021 10:28 AM, Trung Hoang via clamav-users wrote:
> Hello,
>
> I am using ClamAV with Exim in Cpanel v94. Today, doing scanning found
> couple of email files infected with "Win.Trojan.Generic-9847134-0". I could
> not find any additional information on this malware anywhere. Please any one
> share me with more info of it. Thank you.
>
> Best Regards,
>
> Trung Hoang
>
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] More info on Win.Trojan.Generic-9847134-0 please [ In reply to ]

clamav-users at lists

Mar 29, 2021, 10:07 AM

Post #3 of 3 (262 views)

Permalink

Hi there,

On Mon, 29 Mar 2021, Trung Hoang via clamav-users wrote:

> I am using ClamAV with Exim in Cpanel v94. Today, doing scanning found
> couple of email files infected with "Win.Trojan.Generic-9847134-0". I could
> not find any additional information on this malware anywhere. Please any one
> share me with more info of it.

$ time sigtool --datadir=/EXPORTS/clamav/databases --find-sigs 'Win.Trojan.Generic-9847134-0' | sigtool --decode-sigs
VIRUS NAME: Win.Trojan.Generic-9847134-0
TDB: Engine:51-255,Target:1
LOGICAL EXPRESSION: 0&1&2&3&4
* SUBSIG ID 0
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
Computer wins
* SUBSIG ID 1
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
Bgcedtxsf
* SUBSIG ID 2
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
Player Wins
* SUBSIG ID 3
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
Enter your choice:>
* SUBSIG ID 4
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
Your Turn :>

real 2m27.815s
user 0m10.970s
sys 0m9.467s

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml