qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/TrojanSpy/Win32/Bafi/TrojanSpy_Win32_Bafi_I.yar

12 lines
396 B
Plaintext
Raw Blame History

rule TrojanSpy_Win32_Bafi_I{
meta:
description = "TrojanSpy:Win32/Bafi.I,SIGNATURE_TYPE_PEHSTR_EXT,0f 00 0f 00 02 00 00 0a 00 "
strings :
$a_03_0 = {0f b6 c0 25 0f 00 00 80 79 05 48 83 c8 f0 40 90 03 07 0b 88 44 24 18 8a 04 31 88 45 ff 8b 45 08 8d 14 01 8a 02 32 c3 90 00 } //05 00
$a_00_1 = {8d 13 0b 37 79 1f ed cf 78 ae 63 30 70 8f ec 94 } //00 00
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink