cancel
Showing results for 
Search instead for 
Did you mean: 

How to figure out what definitions are included in a DAT - specifically W32/XDocCrypt.a

On August 9th  McAfee issued the following Threat Advisory for W32/XDocCrypt.aMcAfee Labs has released a Threat Advisory for W32/XDocCrypt.a.

W32/XDocCrypt.a belongs to a family of malware which encrypts Microsoft Office Word, Excel and executable files. It encrypts these files using RC4 encryption algorithm. On successful encryption, the original file is replaced with the infector followed by encrypted data; and if the original file name has “.doc”/”.docx” then it is replaced by “U+202Ecod.scr”. If the original filename has “.xls/.xlsx” then it is replaced by “U+202Eslx.scr”.

I did not deploy the superDAT and am trying to figure out if W32/XDocCrypt.a was included in the regular DAT deployed the following  Friday or over the weekend. Where can I find that information - either on the McAfee site, in ePO4.6 console, or in VSE 8.8 on a local machine.

Also, in general, is there a list of what is included in a DAT? Where?

Thank you

4 Replies
pierce
Level 13
Report Inappropriate Content
Message 2 of 5

Re: How to figure out what definitions are included in a DAT - specifically W32/XDocCrypt.a

I find a quick google of what malware your looking for normally turns up a mcafee link with which DAT you need: http://home.mcafee.com/virusinfo/virusprofile.aspx?key=1411863

As for what is in each DAT i dont think they provide that, also I would enable Artemis (GTI lookups) as this is where quite a few of my detections are getting picked up these days. and you will see in some of the recommendations that if your artemis is medium then dont worry about this super DAT update etc....

thanks,

Pierce

alexn
Level 14
Report Inappropriate Content
Message 3 of 5

Re: How to figure out what definitions are included in a DAT - specifically W32/XDocCrypt.a

follow this link to find exact DAT definations.

https://kc.mcafee.com/corporate/index?page=content&id=KB75928

mjmurra
Level 12
Report Inappropriate Content
Message 4 of 5

Re: How to figure out what definitions are included in a DAT - specifically W32/XDocCrypt.a

Each DAT file released also has an associated readme http://www.mcafee.com/apps/mcafee-labs/release-notes/datreadme.aspx?region=uk which shows the changed detections.

Highlighted

Re: How to figure out what definitions are included in a DAT - specifically W32/XDocCrypt.a

thank you, all that was the info I needed. not sure why I couldn't find it

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator