18 lines
1.1 KiB
Plaintext
18 lines
1.1 KiB
Plaintext
|
|
rule TrojanSpy_Win32_Bancos_CJ{
|
|
meta:
|
|
description = "TrojanSpy:Win32/Bancos.CJ,SIGNATURE_TYPE_PEHSTR_EXT,11 00 0f 00 08 00 00 "
|
|
|
|
strings :
|
|
$a_00_0 = {53 79 73 74 65 6d 61 20 50 61 72 63 65 72 69 61 20 61 74 75 61 6c 69 7a 61 64 6f 5c 52 65 64 69 72 20 44 65 6c 70 68 69 20 31 2e 30 5c 52 65 67 73 76 72 33 32 2e 70 61 73 00 } //10
|
|
$a_01_1 = {49 4e 54 45 52 4e 45 54 42 41 4e 4b 49 4e 47 43 41 49 58 41 00 } //1
|
|
$a_01_2 = {42 41 4e 43 4f 49 54 41 46 45 49 54 4f 50 41 52 41 56 4f 43 00 } //1
|
|
$a_01_3 = {42 52 41 44 45 53 43 4f 50 52 49 4d 45 00 } //1 剂䑁卅佃剐䵉E
|
|
$a_01_4 = {42 52 41 44 45 53 43 4f 50 45 53 53 4f 41 46 53 49 43 41 00 } //1 剂䑁卅佃䕐卓䅏卆䍉A
|
|
$a_01_5 = {50 4f 52 54 41 4c 42 41 4e 43 4f 52 45 41 4c } //1 PORTALBANCOREAL
|
|
$a_01_6 = {49 54 41 55 43 41 52 44 43 52 45 44 49 43 41 52 44 49 54 41 50 4f 52 54 41 4c 00 } //1
|
|
$a_01_7 = {57 57 57 53 49 43 52 45 44 49 43 4f 4d 42 52 00 } //1 块南䍉䕒䥄佃䉍R
|
|
condition:
|
|
((#a_00_0 & 1)*10+(#a_01_1 & 1)*1+(#a_01_2 & 1)*1+(#a_01_3 & 1)*1+(#a_01_4 & 1)*1+(#a_01_5 & 1)*1+(#a_01_6 & 1)*1+(#a_01_7 & 1)*1) >=15
|
|
|
|
} |