qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/TrojanDownloader/O97M/Donoff/TrojanDownloader_O97M_Donof...

24 lines
952 B
Plaintext
Raw Blame History

rule TrojanDownloader_O97M_Donoff_DR{
meta:
description = "TrojanDownloader:O97M/Donoff.DR,SIGNATURE_TYPE_MACROHSTR_EXT,18 00 18 00 0d 00 00 14 00 "
strings :
$a_00_0 = {41 74 74 72 69 62 75 74 65 20 56 42 5f 4e 61 6d 65 20 3d 20 22 6d 6f 64 65 22 } //01 00
$a_00_1 = {20 3d 20 22 63 4d 64 22 } //01 00
$a_00_2 = {20 3d 20 22 2e 65 78 22 } //01 00
$a_00_3 = {20 3d 20 22 70 6f 5e 22 } //01 00
$a_00_4 = {20 3d 20 22 57 65 5e 22 } //01 00
$a_00_5 = {20 3d 20 22 52 53 48 22 } //01 00
$a_00_6 = {20 3d 20 22 44 6f 57 22 } //01 00
$a_00_7 = {20 3d 20 22 63 6d 22 } //01 00
$a_00_8 = {20 3d 20 22 64 2e 22 } //01 00
$a_00_9 = {20 3d 20 22 65 78 22 } //01 00
$a_00_10 = {20 3d 20 22 2f 43 22 } //01 00
$a_00_11 = {20 3d 20 22 70 6f 22 } //01 00
$a_00_12 = {20 3d 20 22 57 45 22 } //00 00
$a_00_13 = {5d 04 00 00 7d 98 03 80 5c 35 00 00 7e 98 03 80 00 00 01 00 04 00 } //1f 00
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink