Top 5 Malware Signatures – Week 25-26

Our team is always thriving to make the internet even safer with awesome innovations. We launched our brand new detecting method, the Source Code Structure Analysis in the past weeks and thought that you would be interested how well it works. Below you can find the Top 5 malware signatures with the most catches and don’t forget that you are able to create your own malware signature too! We experienced that this crowdsourcing method between severals thousands of servers works fantastic in our IP reputation system, that’s why we implemented it also to our malware detection tool. Thanks to your contribution we have already added more than 15 000 malware signatures to our database totally. 

#5 PHP Backdoor Web Shell Orb 4.2.6

An obfuscated HTML file manager with base64 encoding, using eval to run decoded PHP code. According to VirusTotal, it runs by the name: Tencent Heur:Trojan.Script.LS_Gencirc.7179453.0.

#4 PHP Obfuscated Backdoor 2

It uses a variable obfuscation technique. Bacdkoor tries to invoke curl, code is executed by a user-vcreated method.

#3 PHP Web Shell Orb 2.6

A Webshell with escaped hexadecimal ASCII character based obfuscation.

#2 PHP Backdoor Hexa Botnet Decimal Variant

Possible variant of the Hexa Botnet. Using decimal numbers instead of hexadecimal.

#1 PHP Backdoor Hexa Botnet Double Variant

Possible variant of the Hexa Botnet. Using double numbers instead of hexadecimal.

If you haven’t tried BitNinja yet don’t forget to registerfor the 7-day free trial! 

Sign up for a free trial

No credit card needed! For our subscribers we also provide valuable information about malwares and the most recent news from the cybersecurity world.