DefenderYara/TrojanDownloader/AndroidOS/Agent/TrojanDownloader_AndroidOS_Agent_A.yar

rule TrojanDownloader_AndroidOS_Agent_A{
	meta:
		description = "TrojanDownloader:AndroidOS/Agent.A,SIGNATURE_TYPE_DEXHSTR_EXT,03 00 03 00 03 00 00 01 00 "
		
	strings :
		$a_02_0 = {26 03 91 00 00 00 14 04 74 50 8c 00 93 04 02 04 14 04 bc 0c 5a 84 23 15 90 02 04 92 06 04 02 b1 06 90 02 04 23 77 90 02 04 26 07 90 02 04 00 00 01 28 12 02 13 09 12 00 35 92 0b 00 13 08 19 00 b3 68 d8 08 08 a9 b0 48 d8 02 02 01 28 f4 90 00 } //01 00 
		$a_01_1 = {36 68 0d 00 14 02 59 b9 0d 00 14 04 8c 2e 01 00 92 09 08 06 b0 29 91 04 09 04 33 64 08 00 13 02 33 00 d8 06 04 ec b3 82 b0 26 12 02 12 69 35 92 0f 00 14 08 01 16 0f 00 14 09 5d 07 07 00 92 09 09 06 b3 49 b0 98 d8 02 02 01 28 f1 } //01 00 
		$a_02_2 = {35 12 34 00 d8 08 08 a0 48 04 03 02 14 06 9f 32 03 00 b0 86 dc 09 90 02 04 48 09 07 09 14 0a 17 0b 07 00 b3 6a b0 8a 93 0b 0a 0a d8 0b 0b ff b0 4b 92 04 06 08 da 04 04 00 b0 4b b3 88 dc 08 08 01 b0 8b 97 04 0b 09 8d 44 4f 04 05 02 14 04 e3 16 04 00 14 08 5b 6e 0b 00 92 08 08 0a b1 84 b0 64 d8 02 02 01 01 a8 28 cd 90 00 } //00 00 
	condition:
		any of ($a_*)
 
}