13 lines
764 B
Plaintext
13 lines
764 B
Plaintext
|
|
rule TrojanSpy_Win32_Bancos_UB{
|
|
meta:
|
|
description = "TrojanSpy:Win32/Bancos.UB,SIGNATURE_TYPE_PEHSTR,03 00 02 00 03 00 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {43 30 35 35 45 36 30 33 32 33 44 38 30 43 33 34 45 43 31 30 30 46 37 30 38 46 43 32 45 31 41 32 42 42 36 45 42 36 36 43 39 42 34 34 46 43 32 30 31 32 33 35 38 37 44 35 36 38 45 42 35 35 43 42 } //1 C055E60323D80C34EC100F708FC2E1A2BB6EB66C9B44FC20123587D568EB55CB
|
|
$a_01_1 = {5a 3a 5c 41 70 70 5c 44 72 6f 70 42 6f 78 5c 4d 79 20 44 72 6f 70 62 6f 78 5c 50 72 6f 6a 65 74 6f 73 5c 4a 61 76 61 77 5c 73 74 61 72 74 5c 70 75 6d 61 78 5c 70 75 6d 61 78 2e 64 70 72 00 } //1
|
|
$a_01_2 = {49 4e 4f 56 41 4e 44 4f 4f 4f 4f 2e 2e 2e 00 } //1
|
|
condition:
|
|
((#a_01_0 & 1)*1+(#a_01_1 & 1)*1+(#a_01_2 & 1)*1) >=2
|
|
|
|
} |