qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/PseudoThreat_c0000b08/_PseudoThreat_c0000b08.yar

18 lines
2.0 KiB
Plaintext
Raw Blame History

rule _PseudoThreat_c0000b08{
meta:
description = "!PseudoThreat_c0000b08,SIGNATURE_TYPE_PEHSTR,08 00 08 00 08 00 00 01 00 "
strings :
$a_01_0 = {49 45 48 6c 70 72 4f 62 6a 2e 49 45 48 6c 70 72 4f 62 6a 2e 31 20 3d 20 73 20 27 49 45 48 6c 70 72 4f 62 6a 20 43 6c 61 73 73 27 } //01 00
$a_01_1 = {43 4c 53 49 44 20 3d 20 73 20 27 7b 41 42 43 44 45 43 46 30 2d 34 42 31 35 2d 31 31 44 31 2d 41 42 45 44 2d 37 30 39 35 34 39 43 31 30 30 30 30 7d 27 } //01 00
$a_01_2 = {49 45 48 6c 70 72 4f 62 6a 2e 49 45 48 6c 70 72 4f 62 6a 20 3d 20 73 20 27 49 45 48 6c 70 72 4f 62 6a 20 43 6c 61 73 73 27 } //01 00
$a_01_3 = {43 75 72 56 65 72 20 3d 20 73 20 27 49 45 48 6c 70 72 4f 62 6a 2e 49 45 48 6c 70 72 4f 62 6a 2e 31 27 } //01 00
$a_01_4 = {46 6f 72 63 65 52 65 6d 6f 76 65 20 7b 41 42 43 44 45 43 46 30 2d 34 42 31 35 2d 31 31 44 31 2d 41 42 45 44 2d 37 30 39 35 34 39 43 31 30 30 30 30 7d 20 3d 20 73 20 27 49 45 48 6c 70 72 4f 62 6a 20 43 6c 61 73 73 27 } //01 00
$a_01_5 = {50 72 6f 67 49 44 20 3d 20 73 20 27 49 45 48 6c 70 72 4f 62 6a 2e 49 45 48 6c 70 72 4f 62 6a 2e 31 27 } //01 00
$a_01_6 = {56 65 72 73 69 6f 6e 49 6e 64 65 70 65 6e 64 65 6e 74 50 72 6f 67 49 44 20 3d 20 73 20 27 49 45 48 6c 70 72 4f 62 6a 2e 49 45 48 6c 70 72 4f 62 6a 27 } //01 00
$a_01_7 = {49 00 6e 00 74 00 65 00 72 00 6e 00 61 00 6c 00 4e 00 61 00 6d 00 65 00 00 00 49 00 45 00 48 00 45 00 4c 00 50 00 45 00 52 00 00 00 00 00 42 00 0f 00 01 00 4c 00 65 00 67 00 61 00 6c 00 43 00 6f 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6f 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 31 00 39 00 39 00 37 00 00 00 00 00 42 00 0d 00 01 00 4f 00 72 00 69 00 67 00 69 00 6e 00 61 00 6c 00 46 00 69 00 6c 00 65 00 6e 00 61 00 6d 00 65 00 00 00 49 00 45 00 48 00 45 00 4c 00 50 00 45 00 52 00 2e 00 44 00 4c 00 4c 00 00 00 00 00 40 00 10 00 01 00 50 00 72 00 6f 00 64 00 75 00 63 00 74 00 4e 00 61 00 6d 00 65 00 00 00 00 00 49 00 45 00 48 00 65 00 6c 00 70 00 65 00 72 00 20 00 4d 00 6f 00 64 00 75 00 6c 00 65 } //00 00
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink