17 lines
863 B
Plaintext
17 lines
863 B
Plaintext
|
|
rule Backdoor_Win32_Temratanam_A{
|
|
meta:
|
|
description = "Backdoor:Win32/Temratanam.A,SIGNATURE_TYPE_PEHSTR_EXT,0d 00 0c 00 06 00 00 04 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {52 00 45 00 5c 00 47 00 6f 00 6f 00 67 00 6c 00 65 00 5c 00 43 00 68 00 72 00 6f 00 69 00 6d 00 75 00 6d 00 } //04 00 RE\Google\Chroimum
|
|
$a_01_1 = {54 00 56 00 52 00 41 00 54 00 5f 00 46 00 52 00 45 00 45 00 } //04 00 TVRAT_FREE
|
|
$a_01_2 = {31 00 32 00 33 00 34 00 00 00 00 00 74 00 76 00 70 00 61 00 73 00 73 00 00 00 } //04 00
|
|
$a_01_3 = {5f 74 76 72 61 74 66 72 65 65 } //01 00 _tvratfree
|
|
$a_01_4 = {72 00 6d 00 61 00 6e 00 73 00 79 00 73 00 2e 00 72 00 75 00 } //01 00 rmansys.ru
|
|
$a_01_5 = {54 65 61 6d 56 69 65 77 65 72 00 00 44 79 6e 47 61 74 65 49 6e 73 74 61 6e 63 65 4d 75 74 65 78 } //00 00
|
|
$a_00_6 = {5d 04 00 00 97 70 03 80 } //5c 21
|
|
condition:
|
|
any of ($a_*)
|
|
|
|
} |