qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Worm/Win32/Taterf/Worm_Win32_Taterf_gen_E.yar

23 lines
900 B
Plaintext
Raw Blame History

rule Worm_Win32_Taterf_gen_E{
meta:
description = "Worm:Win32/Taterf.gen!E,SIGNATURE_TYPE_PEHSTR_EXT,01 00 01 00 01 00 00 01 00 "
strings :
$a_01_0 = {8b 85 30 f0 ff ff 8d bc 05 f8 ef ff ff 0f b7 84 05 08 f0 ff ff 8d 77 14 03 c6 89 45 f4 8b 45 10 3b c3 74 05 8b 4e 1c 89 08 ff 76 38 e8 } //00 00
condition:
any of ($a_*)
}
rule Worm_Win32_Taterf_gen_E_2{
meta:
description = "Worm:Win32/Taterf.gen!E,SIGNATURE_TYPE_PEHSTR_EXT,01 00 01 00 03 00 00 01 00 "
strings :
$a_01_0 = {ff d7 25 ff ff 00 00 3d 16 1c 00 00 76 08 3d 20 1c 00 00 73 01 cc } //01 00
$a_03_1 = {ff d6 bf ff ff 00 00 23 c7 3d 16 1c 00 00 76 90 03 0d 0c 90 01 01 3d 20 1c 00 00 73 90 01 01 cc 0f 3d 20 1c 00 00 73 08 6a 00 ff 15 90 00 } //01 00
$a_03_2 = {58 83 38 00 75 1f ff 00 ff 74 24 10 ff 74 24 10 ff 74 24 10 ff 74 24 10 90 09 09 00 e8 04 00 00 00 90 00 } //00 00
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink