15 lines
467 B
Plaintext
15 lines
467 B
Plaintext
|
|
rule Backdoor_Win32_Matchaldru_D{
|
|
meta:
|
|
description = "Backdoor:Win32/Matchaldru.D,SIGNATURE_TYPE_PEHSTR_EXT,05 00 05 00 05 00 00 01 00 "
|
|
|
|
strings :
|
|
$a_00_0 = {31 34 30 2e 31 31 32 2e 31 39 2e 31 39 35 } //01 00 140.112.19.195
|
|
$a_01_1 = {73 65 61 72 63 68 35 25 64 } //01 00 search5%d
|
|
$a_01_2 = {26 68 34 3d } //01 00 &h4=
|
|
$a_00_3 = {4d 6f 7a 69 6c 6c 61 2f 35 } //01 00 Mozilla/5
|
|
$a_00_4 = {b2 64 b1 25 } //00 00
|
|
condition:
|
|
any of ($a_*)
|
|
|
|
} |