qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Backdoor/Win32/Tosct/Backdoor_Win32_Tosct_A.yar

12 lines
395 B
Plaintext
Raw Blame History

rule Backdoor_Win32_Tosct_A{
meta:
description = "Backdoor:Win32/Tosct.A,SIGNATURE_TYPE_PEHSTR,02 00 02 00 02 00 00 01 00 "
strings :
$a_01_0 = {31 32 33 34 35 00 00 00 31 32 33 21 40 23 71 77 65 51 57 45 } //01 00
$a_01_1 = {69 6e 69 65 74 2e 65 78 65 00 00 00 25 73 5c 25 73 00 00 00 63 6d 64 2e 65 78 65 00 43 72 65 61 74 65 50 69 70 65 } //00 00
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink