qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Spammer/Win32/Newacc/Spammer_Win32_Newacc_gen_A.yar

18 lines
911 B
Plaintext
Raw Blame History

rule Spammer_Win32_Newacc_gen_A{
meta:
description = "Spammer:Win32/Newacc.gen!A,SIGNATURE_TYPE_PEHSTR_EXT,05 00 05 00 08 00 00 04 00 "
strings :
$a_03_0 = {6a 0d 53 68 90 01 03 00 8b ce 89 5c 24 78 e8 90 01 02 ff ff 83 f8 ff 0f 84 90 01 02 00 00 55 57 8d 9b 00 00 00 00 6a 06 83 c0 0d 50 90 00 } //04 00
$a_03_1 = {72 0d 8b 4c 24 14 51 e8 90 01 02 00 00 83 c4 04 6a 08 68 90 01 03 00 8d 4c 24 90 01 01 89 74 24 90 01 01 89 5c 24 90 01 01 88 5c 24 90 01 01 e8 90 01 02 ff ff 6a 01 68 90 01 03 00 8d 4c 24 18 90 00 } //01 00
$a_01_2 = {2f 70 6f 73 74 5f 61 63 63 2e 63 67 69 3f 6c 3d 00 } //01 00
$a_01_3 = {2f 67 65 6e 5f 6e 61 6d 65 2e 63 67 69 00 } //01 00
$a_01_4 = {6d 6f 72 65 61 63 6f 76 00 } //01 00
$a_01_5 = {2f 72 65 67 2e 73 72 66 00 } //01 00
$a_01_6 = {2f 6f 63 72 2f 00 00 00 70 69 63 00 } //01 00
$a_01_7 = {00 70 66 66 30 } //00 00
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink