qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Exploit/Win32/Senglot/Exploit_Win32_Senglot_Q.yar

11 lines
836 B
Plaintext
Raw Permalink Blame History

rule Exploit_Win32_Senglot_Q{
meta:
description = "Exploit:Win32/Senglot.Q,SIGNATURE_TYPE_PEHSTR,01 00 01 00 01 00 00 "
strings :
$a_01_0 = {8b 5a 20 01 eb e3 35 49 8b 34 8b 01 ee 31 ff fc 31 c0 ac 38 56 51 ff d0 53 68 98 fe 8a 0e e8 2d 00 00 00 51 57 ff 66 b9 6f 6e 51 68 75 72 6c 6d 54 ff d0 50 90 90 90 90 90 90 e9 cc 00 00 00 5f e8 56 00 00 00 89 c3 50 68 8e 4e 0e ec e8 60 00 00 00 68 36 1a 2f 70 e8 46 00 00 00 31 c9 51 51 8d 37 56 8d 77 08 c9 49 90 90 53 68 7e d8 e2 73 e8 19 00 00 00 ff d0 55 56 64 a1 30 00 00 00 8b 40 0c 8b 70 1c ad 8b 68 08 89 e8 5e 5d c3 53 55 56 57 8b 6c 24 18 8b 45 3c 8b 54 05 78 01 ea 8b 4a 18 e0 74 07 c1 cf 0d 01 c7 eb f2 3b 7c 24 14 75 e1 8b 5a 24 01 eb 66 8b 0c 4b 8b 5a 1c 01 eb 8b 04 8b 01 e8 e9 02 00 00 00 31 c0 89 ea 5f 5e 5d 5b c3 e8 2f } //1
condition:
((#a_01_0 & 1)*1) >=1
}
Reference in New Issue View Git Blame Copy Permalink