qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Backdoor/BAT/Bladabindi/Backdoor_BAT_Bladabindi_BF.yar

13 lines
1.1 KiB
Plaintext
Raw Blame History

rule Backdoor_BAT_Bladabindi_BF{
meta:
description = "Backdoor:BAT/Bladabindi.BF,SIGNATURE_TYPE_PEHSTR,03 00 03 00 03 00 00 01 00 "
strings :
$a_01_0 = {37 00 23 00 43 00 23 00 30 00 23 00 30 00 23 00 32 00 23 00 37 00 23 00 30 00 23 00 30 00 23 00 37 00 23 00 43 00 23 00 30 00 23 00 30 00 23 00 32 00 23 00 37 00 23 00 30 00 23 00 30 00 23 00 37 00 23 00 43 00 23 00 } //01 00 7#C#0#0#2#7#0#0#7#C#0#0#2#7#0#0#7#C#
$a_01_1 = {35 00 23 00 42 00 23 00 30 00 23 00 30 00 23 00 34 00 23 00 35 00 23 00 30 00 23 00 30 00 23 00 34 00 23 00 45 00 23 00 30 00 23 00 30 00 23 00 35 00 23 00 34 00 23 00 30 00 23 00 30 00 23 00 34 00 23 00 35 00 23 00 30 00 23 00 30 00 23 00 35 00 23 00 32 00 23 00 30 00 23 00 30 00 23 00 35 00 23 00 44 00 23 00 } //01 00 5#B#0#0#4#5#0#0#4#E#0#0#5#4#0#0#4#5#0#0#5#2#0#0#5#D#
$a_01_2 = {34 00 23 00 34 00 23 00 34 00 23 00 43 00 23 00 35 00 23 00 36 00 23 00 30 00 23 00 30 00 23 00 36 00 23 00 45 00 23 00 30 00 23 00 30 00 23 00 34 00 23 00 37 00 23 00 35 00 23 00 34 00 23 00 35 00 23 00 36 00 23 00 } //00 00 4#4#4#C#5#6#0#0#6#E#0#0#4#7#5#4#5#6#
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink