qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Backdoor/BAT/Bladabindi/Backdoor_BAT_Bladabindi_AO.yar

15 lines
710 B
Plaintext
Raw Blame History

rule Backdoor_BAT_Bladabindi_AO{
meta:
description = "Backdoor:BAT/Bladabindi.AO,SIGNATURE_TYPE_PEHSTR_EXT,15 00 15 00 04 00 00 0a 00 "
strings :
$a_03_0 = {1f 1d 0f 01 1a 28 90 01 01 00 00 06 26 90 00 } //01 00
$a_03_1 = {09 20 a0 00 00 00 90 02 20 09 20 a1 00 00 00 90 02 20 09 20 00 00 01 00 90 02 20 09 1f 10 90 02 20 09 20 00 00 02 00 90 02 20 09 1f 11 90 02 20 09 20 a3 00 00 00 90 00 } //05 00
$a_03_2 = {1f 64 14 13 04 12 04 1f 64 28 90 01 01 00 00 06 90 00 } //05 00
$a_03_3 = {12 03 14 13 04 12 04 16 12 01 16 13 05 12 05 16 13 06 12 06 14 13 07 12 07 16 28 90 01 01 00 00 06 90 00 } //00 00
$a_00_4 = {87 10 00 00 5b b1 a2 d3 4d 14 55 } //2c ea
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink