qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Exploit/Win32/Senglot/Exploit_Win32_Senglot_E.yar

11 lines
590 B
Plaintext
Raw Blame History

rule Exploit_Win32_Senglot_E{
meta:
description = "Exploit:Win32/Senglot.E,SIGNATURE_TYPE_PEHSTR_EXT,01 00 01 00 01 00 00 01 00 "
strings :
$a_01_0 = {fc e8 44 00 00 00 8b 45 3c 8b 7c 05 78 01 ef 8b 4f 18 8b 5f 20 01 eb 49 8b 34 8b 01 ee 31 c0 99 ac 84 c0 74 07 c1 ca 0d 01 c2 eb f4 3b 54 24 04 75 e5 8b 5f 24 01 eb 66 8b 0c 4b 8b 5f 1c 01 eb 8b 1c 8b 01 eb 89 5c 24 04 c3 31 c0 64 8b 40 30 85 c0 78 0c 8b 40 0c 8b 70 1c ad 8b 68 08 eb 09 8b 80 b0 00 00 00 8b 68 3c 5f 31 f6 60 56 89 f8 83 c0 7b 50 68 7e d8 e2 73 68 98 fe 8a 0e 57 ff e7 } //00 00
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink