14 lines
718 B
Plaintext
14 lines
718 B
Plaintext
|
|
rule TrojanDownloader_O97M_Dotraj_N{
|
|
meta:
|
|
description = "TrojanDownloader:O97M/Dotraj.N,SIGNATURE_TYPE_MACROHSTR_EXT,07 00 07 00 03 00 00 05 00 "
|
|
|
|
strings :
|
|
$a_02_0 = {2c 20 31 29 20 3d 20 43 68 72 28 41 73 63 28 4d 69 64 28 90 1c 20 00 90 1d 20 00 2c 20 90 1c 20 00 90 1d 20 00 2c 20 31 29 29 20 2d 20 90 00 } //01 00
|
|
$a_02_1 = {4f 70 65 6e 20 90 1c 20 00 90 1d 20 00 28 22 90 01 03 22 2c 20 22 90 01 02 22 29 2c 20 90 1c 20 00 90 1d 20 00 28 22 90 02 40 22 2c 20 22 90 01 02 22 29 2c 20 46 61 6c 73 65 90 00 } //01 00
|
|
$a_02_2 = {2e 77 72 69 74 65 20 90 1c 20 00 90 1d 20 00 2e 72 65 73 70 6f 6e 73 65 42 6f 64 79 90 00 } //00 00
|
|
$a_00_3 = {5d 04 00 00 56 } //d8 03
|
|
condition:
|
|
any of ($a_*)
|
|
|
|
} |