15 lines
714 B
Plaintext
15 lines
714 B
Plaintext
|
|
rule _PseudoThreat_4000002c{
|
|
meta:
|
|
description = "!PseudoThreat_4000002c,SIGNATURE_TYPE_PEHSTR_EXT,04 00 04 00 05 00 00 01 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {56 41 43 2e 56 69 64 65 6f 00 } //01 00 䅖⹃楖敤o
|
|
$a_01_1 = {72 6c 65 2e 64 6c 6c 00 } //01 00
|
|
$a_01_2 = {65 00 6c 00 72 00 } //01 00 elr
|
|
$a_01_3 = {46 69 6e 64 43 6c 6f 73 65 55 72 6c 43 61 63 68 65 00 00 00 46 69 6e 64 46 69 72 73 74 55 72 6c 43 61 63 68 65 45 6e 74 72 79 41 00 } //01 00
|
|
$a_01_4 = {47 65 74 46 69 6c 65 56 65 72 73 69 6f 6e 49 6e 66 6f 41 00 47 65 74 46 69 6c 65 56 65 72 73 69 6f 6e 49 6e 66 6f 53 69 7a 65 41 00 } //00 00 敇䙴汩噥牥楳湯湉潦A敇䙴汩噥牥楳湯湉潦楓敺A
|
|
condition:
|
|
any of ($a_*)
|
|
|
|
} |