qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Backdoor/Win32/Idicaf/Backdoor_Win32_Idicaf_gen_B...

13 lines
457 B
Plaintext
Raw Blame History

rule Backdoor_Win32_Idicaf_gen_B{
meta:
description = "Backdoor:Win32/Idicaf.gen!B,SIGNATURE_TYPE_PEHSTR_EXT,04 00 03 00 03 00 00 02 00 "
strings :
$a_02_0 = {8b 44 24 0c 6a 90 01 01 5f 8d 0c 06 8b c6 99 f7 ff b0 90 01 01 2a c2 00 01 46 90 00 } //01 00
$a_00_1 = {70 6c 75 67 5f 6b 65 79 6c 6f 67 } //01 00 plug_keylog
$a_03_2 = {5b 53 53 44 54 90 02 01 52 69 6e 67 30 90 02 04 3a 5d 20 25 64 90 00 } //00 00
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink