qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Backdoor/Win32/Specfret/Backdoor_Win32_Specfret_A.yar

11 lines
306 B
Plaintext
Raw Blame History

rule Backdoor_Win32_Specfret_A{
meta:
description = "Backdoor:Win32/Specfret.A,SIGNATURE_TYPE_PEHSTR_EXT,01 00 01 00 01 00 00 01 00 "
strings :
$a_03_0 = {8d b5 6c f8 ff ff 8d bd d0 f8 ff ff f3 a5 68 10 27 00 00 e8 90 01 04 83 c4 08 05 00 78 00 00 90 00 } //00 00
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink