qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Backdoor/Win32/Isnup/Backdoor_Win32_Isnup_A.yar

13 lines
445 B
Plaintext
Raw Permalink Blame History

rule Backdoor_Win32_Isnup_A{
meta:
description = "Backdoor:Win32/Isnup.A,SIGNATURE_TYPE_PEHSTR_EXT,03 00 03 00 03 00 00 "
strings :
$a_01_0 = {0f 84 81 00 00 00 56 6a 01 6a 25 8d 44 24 28 50 6a 00 ff 15 } //1
$a_01_1 = {3c 3b 74 09 8a 44 1e 01 46 84 c0 75 f3 } //1
$a_01_2 = {85 ff b0 45 7e 14 56 8b 74 24 0c 30 04 31 2c 06 b2 14 f6 ea 41 3b cf 7c f2 } //1
condition:
((#a_01_0 & 1)*1+(#a_01_1 & 1)*1+(#a_01_2 & 1)*1) >=3
}
Reference in New Issue View Git Blame Copy Permalink