qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Worm/Win32/Ainslot/Worm_Win32_Ainslot_O.yar

12 lines
431 B
Plaintext
Raw Blame History

rule Worm_Win32_Ainslot_O{
meta:
description = "Worm:Win32/Ainslot.O,SIGNATURE_TYPE_PEHSTR_EXT,02 00 02 00 02 00 00 01 00 "
strings :
$a_01_0 = {5f 59 61 68 4f 6f 5f 5c 4d 79 20 4c 69 4e 6b 5c 42 6c 61 63 6b 53 68 61 64 65 73 5c 64 65 20 44 61 72 6b 20 45 79 65 5c 45 4d 49 4e 65 4d } //01 00
$a_01_1 = {40 7e 7e 40 49 6e 65 74 6e 74 20 43 6c 65 61 6e 65 61 61 72 40 7e 7e 40 } //00 00
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink