cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

How to figure out what definitions are included in a DAT - specifically W32/XDocCrypt.a

On August 9th  McAfee issued the following Threat Advisory for W32/XDocCrypt.aMcAfee Labs has released a Threat Advisory for W32/XDocCrypt.a.

W32/XDocCrypt.a belongs to a family of malware which encrypts Microsoft Office Word, Excel and executable files. It encrypts these files using RC4 encryption algorithm. On successful encryption, the original file is replaced with the infector followed by encrypted data; and if the original file name has “.doc”/”.docx” then it is replaced by “U+202Ecod.scr”. If the original filename has “.xls/.xlsx” then it is replaced by “U+202Eslx.scr”.

I did not deploy the superDAT and am trying to figure out if W32/XDocCrypt.a was included in the regular DAT deployed the following  Friday or over the weekend. Where can I find that information - either on the McAfee site, in ePO4.6 console, or in VSE 8.8 on a local machine.

Also, in general, is there a list of what is included in a DAT? Where?

Thank you

4 Replies
Highlighted
Level 13
Report Inappropriate Content
Message 2 of 5

Re: How to figure out what definitions are included in a DAT - specifically W32/XDocCrypt.a

I find a quick google of what malware your looking for normally turns up a mcafee link with which DAT you need: http://home.mcafee.com/virusinfo/virusprofile.aspx?key=1411863

As for what is in each DAT i dont think they provide that, also I would enable Artemis (GTI lookups) as this is where quite a few of my detections are getting picked up these days. and you will see in some of the recommendations that if your artemis is medium then dont worry about this super DAT update etc....

thanks,

Pierce

Highlighted
Level 14
Report Inappropriate Content
Message 3 of 5

Re: How to figure out what definitions are included in a DAT - specifically W32/XDocCrypt.a

follow this link to find exact DAT definations.

https://kc.mcafee.com/corporate/index?page=content&id=KB75928

Highlighted
Level 12
Report Inappropriate Content
Message 4 of 5

Re: How to figure out what definitions are included in a DAT - specifically W32/XDocCrypt.a

Each DAT file released also has an associated readme http://www.mcafee.com/apps/mcafee-labs/release-notes/datreadme.aspx?region=uk which shows the changed detections.

Highlighted

Re: How to figure out what definitions are included in a DAT - specifically W32/XDocCrypt.a

thank you, all that was the info I needed. not sure why I couldn't find it

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community