qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Backdoor/Win32/Atadommoc/Backdoor_Win32_Atadommoc_C.yar

13 lines
460 B
Plaintext
Raw Blame History

rule Backdoor_Win32_Atadommoc_C{
meta:
description = "Backdoor:Win32/Atadommoc.C,SIGNATURE_TYPE_PEHSTR_EXT,03 00 03 00 03 00 00 01 00 "
strings :
$a_01_0 = {fe 45 17 8d 04 37 c0 20 04 8a 10 8a cb 80 e9 30 80 f9 09 77 06 0a ca 88 08 eb 11 8a cb 80 e9 61 80 f9 05 77 2f 80 eb 57 } //01 00
$a_01_1 = {ff 4d fc c6 00 e9 89 48 01 75 } //01 00
$a_01_2 = {63 6f 6d 6d 6f 6e 2e 64 61 74 61 00 } //00 00 潣浭湯搮瑡a
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink