qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Backdoor/Win32/Losfondup/Backdoor_Win32_Losfondup_C.yar

13 lines
476 B
Plaintext
Raw Blame History

rule Backdoor_Win32_Losfondup_C{
meta:
description = "Backdoor:Win32/Losfondup.C,SIGNATURE_TYPE_PEHSTR_EXT,03 00 03 00 03 00 00 01 00 "
strings :
$a_01_0 = {8a 54 1a ff 80 f2 02 88 54 18 ff 43 4e 75 e6 } //01 00
$a_01_1 = {83 fe 05 7c be 0f af dd 0f af fe 03 df 81 fb b8 88 00 00 7e ae 81 fb 00 71 02 00 } //01 00
$a_03_2 = {68 23 01 00 00 8d 84 24 24 01 00 00 50 57 8b 03 50 e8 90 01 04 c7 44 24 0c 07 00 01 00 90 00 } //00 00
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink