DefenderYara/HackTool/Win32/GameHack/HackTool_Win32_GameHack.yar

rule HackTool_Win32_GameHack{
	meta:
		description = "HackTool:Win32/GameHack,SIGNATURE_TYPE_PEHSTR_EXT,05 00 05 00 05 00 00 01 00 "
		
	strings :
		$a_80_0 = {5c 48 57 49 44 2e 74 78 74 } //\HWID.txt  01 00 
		$a_80_1 = {50 6f 69 6e 74 42 6c 61 6e 6b 2e 65 78 65 } //PointBlank.exe  01 00 
		$a_80_2 = {2f 2f 69 6e 64 6f 63 68 65 61 74 2e 78 79 7a } ////indocheat.xyz  01 00 
		$a_80_3 = {54 72 61 79 49 63 6f 6e 2e 63 70 70 } //TrayIcon.cpp  01 00 
		$a_80_4 = {50 53 41 50 49 2e 44 4c 4c } //PSAPI.DLL  00 00 
	condition:
		any of ($a_*)
 
}