qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Backdoor/Win32/Grifwin/Backdoor_Win32_Grifwin_A.yar

13 lines
526 B
Plaintext
Raw Permalink Blame History

rule Backdoor_Win32_Grifwin_A{
meta:
description = "Backdoor:Win32/Grifwin.A,SIGNATURE_TYPE_PEHSTR_EXT,03 00 03 00 03 00 00 "
strings :
$a_01_0 = {5c 25 73 5c 25 73 2e 65 78 65 00 00 57 69 6e 67 72 66 6d 4d 75 74 65 78 00 } //1
$a_01_1 = {49 44 52 5f 41 47 45 4e 54 49 44 00 } //1 䑉归䝁久䥔D
$a_01_2 = {4c 6f 77 4c 65 76 65 6c 4d 6f 75 73 65 50 72 6f 63 00 00 00 4c 6f 77 4c 65 76 65 6c 4b 65 79 62 6f 61 72 64 50 72 6f 63 00 } //1
condition:
((#a_01_0 & 1)*1+(#a_01_1 & 1)*1+(#a_01_2 & 1)*1) >=3
}
Reference in New Issue View Git Blame Copy Permalink