qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Adware/MacOS/Pirrit/Adware_MacOS_Pirrit_D_MTB.yar

14 lines
482 B
Plaintext
Raw Blame History

rule Adware_MacOS_Pirrit_D_MTB{
meta:
description = "Adware:MacOS/Pirrit.D!MTB,SIGNATURE_TYPE_MACHOHSTR_EXT,04 00 04 00 03 00 00 02 00 "
strings :
$a_00_0 = {63 6f 6d 2e 47 6f 53 65 61 72 63 68 32 32 2e 45 78 74 65 6e 73 69 6f 6e } //01 00 com.GoSearch22.Extension
$a_00_1 = {4b 36 39 47 35 32 46 57 54 39 } //01 00 K69G52FWT9
$a_00_2 = {68 6f 6e 67 73 68 65 6e 67 20 79 61 6e } //00 00 hongsheng yan
$a_00_3 = {5d 04 } //00 00 ѝ
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink