DefenderYara/VirTool/WinNT/Nedsym/VirTool_WinNT_Nedsym_gen_A.yar


rule VirTool_WinNT_Nedsym_gen_A{
	meta:
		description = "VirTool:WinNT/Nedsym.gen!A,SIGNATURE_TYPE_PEHSTR_EXT,02 00 02 00 02 00 00 01 00 "
		
	strings :
		$a_01_0 = {6a 06 59 8d 45 e0 50 be f6 04 01 00 8d 7d e0 f3 a5 33 f6 8d 45 f8 50 89 35 88 06 01 00 } //01 00 
		$a_01_1 = {48 69 64 65 50 6f 72 74 } //00 00  HidePort
	condition:
		any of ($a_*)
 
}
init 2024-02-05 06:12:47 -08:00
			`rule VirTool_WinNT_Nedsym_gen_A{`
			`meta:`
			`description = "VirTool:WinNT/Nedsym.gen!A,SIGNATURE_TYPE_PEHSTR_EXT,02 00 02 00 02 00 00 01 00 "`

			`strings :`
			`$a_01_0 = {6a 06 59 8d 45 e0 50 be f6 04 01 00 8d 7d e0 f3 a5 33 f6 8d 45 f8 50 89 35 88 06 01 00 } //01 00`
feat: hex text add comment 2024-02-07 06:09:14 -08:00			`$a_01_1 = {48 69 64 65 50 6f 72 74 } //00 00 HidePort`
init 2024-02-05 06:12:47 -08:00			`condition:`
			`any of ($a_*)`

			`}`