16 lines
866 B
Plaintext
16 lines
866 B
Plaintext
|
|
rule Adware_AndroidOS_Dasu_A_MTB{
|
|
meta:
|
|
description = "Adware:AndroidOS/Dasu.A!MTB,SIGNATURE_TYPE_DEXHSTR_EXT,06 00 06 00 06 00 00 01 00 "
|
|
|
|
strings :
|
|
$a_03_0 = {10 00 54 31 90 02 10 21 00 22 00 90 02 06 00 00 1a 01 90 02 06 10 00 54 31 90 02 10 21 00 22 00 90 02 06 00 00 22 00 90 02 06 00 00 1a 01 90 02 06 10 00 54 31 90 00 } //01 00
|
|
$a_01_1 = {54 78 77 70 33 50 49 66 59 5a 42 71 58 2f 45 52 51 6b 64 35 78 42 78 46 30 58 51 } //01 00 Txwp3PIfYZBqX/ERQkd5xBxF0XQ
|
|
$a_01_2 = {63 6f 6d 2f 6c 6f 61 64 65 72 2f 61 63 74 69 76 69 74 79 2f 50 41 } //01 00 com/loader/activity/PA
|
|
$a_01_3 = {44 65 78 43 6c 61 73 73 4c 6f 61 64 65 72 } //01 00 DexClassLoader
|
|
$a_01_4 = {67 65 74 52 75 6e 6e 69 6e 67 54 61 73 6b 73 } //01 00 getRunningTasks
|
|
$a_01_5 = {73 65 74 41 75 74 6f 43 61 6e 63 65 6c } //00 00 setAutoCancel
|
|
condition:
|
|
any of ($a_*)
|
|
|
|
} |