qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/TrojanSpy/BAT/Kabolog/TrojanSpy_BAT_Kabolog_A.yar

15 lines
538 B
Plaintext
Raw Blame History

rule TrojanSpy_BAT_Kabolog_A{
meta:
description = "TrojanSpy:BAT/Kabolog.A,SIGNATURE_TYPE_PEHSTR,0d 00 0d 00 05 00 00 05 00 "
strings :
$a_01_0 = {08 06 16 20 b3 ea 65 15 20 b3 da 65 15 59 6f a4 00 00 0a 13 08 } //05 00
$a_01_1 = {40 00 6b 00 6f 00 6c 00 61 00 2d 00 62 00 6f 00 6b 00 61 00 } //01 00
$a_01_2 = {5b 00 47 00 75 00 69 00 6c 00 6c 00 65 00 6d 00 65 00 74 00 73 00 5d 00 } //01 00
$a_01_3 = {73 65 74 5f 48 4b 42 } //01 00
$a_01_4 = {63 61 70 73 73 68 69 66 74 } //00 00
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink