DefenderYara/Backdoor/Win32/Baceed/Backdoor_Win32_Baceed_A_bit...


rule Backdoor_Win32_Baceed_A_bit{
	meta:
		description = "Backdoor:Win32/Baceed.A!bit,SIGNATURE_TYPE_PEHSTR_EXT,02 00 02 00 02 00 00 01 00 "
		
	strings :
		$a_01_0 = {53 6f 66 74 77 61 72 65 5c 50 5c 37 33 34 33 38 39 33 } //01 00  Software\P\7343893
		$a_01_1 = {5c 4d 6f 64 75 6c 65 73 5c 42 61 73 65 43 6f 64 65 5c 4d 79 49 6e 69 2e 63 70 70 } //00 00  \Modules\BaseCode\MyIni.cpp
	condition:
		any of ($a_*)
 
}
init 2024-02-05 06:12:47 -08:00
			`rule Backdoor_Win32_Baceed_A_bit{`
			`meta:`
			`description = "Backdoor:Win32/Baceed.A!bit,SIGNATURE_TYPE_PEHSTR_EXT,02 00 02 00 02 00 00 01 00 "`

			`strings :`
feat: hex text add comment 2024-02-07 06:09:14 -08:00			`$a_01_0 = {53 6f 66 74 77 61 72 65 5c 50 5c 37 33 34 33 38 39 33 } //01 00 Software\P\7343893`
			`$a_01_1 = {5c 4d 6f 64 75 6c 65 73 5c 42 61 73 65 43 6f 64 65 5c 4d 79 49 6e 69 2e 63 70 70 } //00 00 \Modules\BaseCode\MyIni.cpp`
init 2024-02-05 06:12:47 -08:00			`condition:`
			`any of ($a_*)`

			`}`