2024-02-05 06:12:47 -08:00
|
|
|
|
|
|
|
|
rule TrojanSpy_Win32_Heeshnik_A{
|
|
|
|
|
meta:
|
|
|
|
|
description = "TrojanSpy:Win32/Heeshnik.A,SIGNATURE_TYPE_PEHSTR_EXT,08 00 08 00 0b 00 00 01 00 "
|
|
|
|
|
|
|
|
|
|
strings :
|
|
|
|
|
$a_01_0 = {47 65 74 50 63 49 6e 66 6f 7c 00 } //01 00
|
|
|
|
|
$a_01_1 = {4f 6e 6c 69 6e 65 4b 65 79 6c 6f 67 67 65 72 7c 00 } //01 00
|
|
|
|
|
$a_01_2 = {53 74 61 74 75 73 7c 4b 65 79 20 4c 6f 67 67 65 72 20 45 6e 61 62 6c 65 64 00 } //01 00
|
|
|
|
|
$a_01_3 = {53 74 61 74 75 73 7c 4b 65 79 20 4c 6f 67 67 65 72 20 44 69 73 61 62 6c 65 64 00 } //01 00
|
2024-02-07 06:09:14 -08:00
|
|
|
$a_01_4 = {3c 73 70 65 63 69 61 6c 6b 65 79 3e 5b 00 } //01 00 猼数楣污敫㹹[
|
|
|
|
|
$a_01_5 = {43 6c 69 70 62 6f 61 72 64 7c 5b 00 } //01 00 汃灩潢牡籤[
|
2024-02-05 06:12:47 -08:00
|
|
|
$a_01_6 = {53 69 6e 67 6c 65 4b 65 79 7c 00 } //01 00
|
2024-02-07 06:09:14 -08:00
|
|
|
$a_01_7 = {4f 66 66 6c 69 6e 65 4b 65 79 6c 6f 67 67 65 72 7c 53 74 61 72 74 7c 00 } //01 00 晏汦湩䭥祥潬杧牥卼慴瑲|
|
|
|
|
|
$a_01_8 = {55 6e 69 74 4b 65 79 4c 6f 67 67 65 72 00 } //01 00 湕瑩敋䱹杯敧r
|
|
|
|
|
$a_01_9 = {75 53 79 73 74 65 6d 49 6e 66 6f 00 } //01 00 卵獹整䥭普o
|
|
|
|
|
$a_01_10 = {6d 55 6e 69 74 4f 66 66 6c 69 6e 65 4b 65 79 4c 6f 67 67 65 72 00 } //00 00 啭楮佴晦楬敮敋䱹杯敧r
|
2024-02-05 06:12:47 -08:00
|
|
|
$a_00_11 = {5d 04 00 00 a9 } //7a 03
|
|
|
|
|
condition:
|
|
|
|
|
any of ($a_*)
|
|
|
|
|
|
|
|
|
|
}
|
