16 lines
661 B
Plaintext
16 lines
661 B
Plaintext
|
|
rule Backdoor_Win32_Nosrawec_C{
|
|
meta:
|
|
description = "Backdoor:Win32/Nosrawec.C,SIGNATURE_TYPE_PEHSTR_EXT,07 00 07 00 06 00 00 02 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {26 68 6c 3d 74 72 26 70 72 6d 64 3d 69 6c 62 26 73 74 61 72 74 3d } //02 00 &hl=tr&prmd=ilb&start=
|
|
$a_01_1 = {68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2e 74 72 2f 23 71 3d } //02 00 http://www.google.com.tr/#q=
|
|
$a_01_2 = {70 68 70 3f 63 6f 6d 70 75 74 65 72 6e 61 6d 65 3d } //01 00 php?computername=
|
|
$a_01_3 = {2e 65 78 65 63 } //01 00 .exec
|
|
$a_01_4 = {2e 67 6f 67 6c } //01 00 .gogl
|
|
$a_01_5 = {2e 64 64 6f 73 } //00 00 .ddos
|
|
condition:
|
|
any of ($a_*)
|
|
|
|
} |