qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Adware/MacOS/SAgnt/Adware_MacOS_SAgnt_A_MTB.yar

11 lines
373 B
Plaintext
Raw Blame History

rule Adware_MacOS_SAgnt_A_MTB{
meta:
description = "Adware:MacOS/SAgnt.A!MTB,SIGNATURE_TYPE_MACHOHSTR_EXT,01 00 01 00 01 00 00 01 00 "
strings :
$a_00_0 = {c7 45 fc 00 00 00 00 89 7d f8 48 89 75 f0 e8 33 00 00 00 48 8d 35 e6 03 00 00 48 89 f7 48 89 45 e8 b0 00 e8 12 00 00 00 48 8b 7d e8 e8 0f 00 00 00 31 c0 48 83 c4 20 } //00 00
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink