19 lines
1.3 KiB
Plaintext
19 lines
1.3 KiB
Plaintext
|
|
rule _PseudoThreat_c00009d1{
|
|
meta:
|
|
description = "!PseudoThreat_c00009d1,SIGNATURE_TYPE_PEHSTR_EXT,1d 00 1a 00 09 00 00 0a 00 "
|
|
|
|
strings :
|
|
$a_02_0 = {78 3a 5c 44 65 76 5f 43 50 50 5c 57 6f 72 6b 5c 56 53 5f 4b 6e 7a 53 74 72 5f 41 64 77 61 72 65 5c 52 65 6c 65 61 73 65 5c 56 53 5f 57 6f 72 6b 90 01 01 2e 70 64 62 90 00 } //0a 00
|
|
$a_00_1 = {8b 45 14 85 c0 0f 8c 4b 01 00 00 83 f8 01 0f 84 42 01 00 00 83 f8 24 0f 8f 39 01 00 00 85 c0 75 2a 80 fb 30 74 09 c7 45 14 0a 00 00 00 eb 34 } //05 00
|
|
$a_00_2 = {73 61 66 65 2d 73 74 72 69 70 2d 64 6f 77 6e 6c 6f 61 64 2e 63 6f 6d } //01 00 safe-strip-download.com
|
|
$a_02_3 = {72 65 67 65 64 69 74 20 2d 73 20 72 65 67 90 01 01 2e 72 65 67 20 90 00 } //01 00
|
|
$a_02_4 = {52 45 47 20 49 4d 50 4f 52 54 20 72 65 67 90 01 01 2e 72 65 67 20 90 00 } //01 00
|
|
$a_02_5 = {65 72 61 73 65 20 72 65 67 90 01 01 2e 72 65 67 20 90 00 } //01 00
|
|
$a_02_6 = {65 72 61 73 65 20 72 65 67 78 90 01 01 2e 62 61 74 20 90 00 } //01 00
|
|
$a_00_7 = {57 41 52 4e 49 4e 47 3a 20 59 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 69 73 20 69 6e 66 65 63 74 65 64 } //01 00 WARNING: Your computer is infected
|
|
$a_00_8 = {57 69 6e 64 6f 77 73 20 68 61 73 20 64 65 74 65 63 74 65 64 20 73 70 79 77 61 72 65 20 69 6e 66 65 63 74 69 6f 6e 21 } //00 00 Windows has detected spyware infection!
|
|
condition:
|
|
any of ($a_*)
|
|
|
|
} |