13 lines
422 B
Plaintext
13 lines
422 B
Plaintext
|
|
rule TrojanSpy_Win32_Rukhami_S{
|
|
meta:
|
|
description = "TrojanSpy:Win32/Rukhami.S,SIGNATURE_TYPE_PEHSTR,03 00 03 00 03 00 00 01 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {54 6f 72 72 65 6e 74 73 20 44 6f 77 6e 6c 6f 61 64 65 72 } //01 00 Torrents Downloader
|
|
$a_01_1 = {61 64 75 6c 74 68 75 62 6e 65 77 2e 63 6c 75 62 } //01 00 adulthubnew.club
|
|
$a_01_2 = {70 61 79 6c 6f 61 64 } //00 00 payload
|
|
condition:
|
|
any of ($a_*)
|
|
|
|
} |