qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Worm/Win32/Bankim/Worm_Win32_Bankim_A.yar

33 lines
2.3 KiB
Plaintext
Raw Blame History

rule Worm_Win32_Bankim_A{
meta:
description = "Worm:Win32/Bankim.A,SIGNATURE_TYPE_PEHSTR_EXT,1a 00 19 00 17 00 00 02 00 "
strings :
$a_00_0 = {4d 00 73 00 6e 00 6a 00 5c 00 50 00 72 00 6f 00 6a 00 65 00 63 00 74 00 } //02 00
$a_00_1 = {57 00 49 00 4e 00 44 00 4f 00 57 00 53 00 5c 00 43 00 55 00 52 00 52 00 45 00 4e 00 54 00 56 00 45 00 52 00 53 00 49 00 4f 00 4e 00 5c 00 52 00 55 00 4e 00 } //01 00
$a_00_2 = {4d 00 65 00 73 00 73 00 65 00 6e 00 67 00 65 00 72 00 } //01 00
$a_00_3 = {73 00 79 00 73 00 74 00 65 00 6d 00 5c 00 6d 00 73 00 6d 00 6e 00 73 00 67 00 72 00 2e 00 65 00 78 00 65 00 } //02 00
$a_00_4 = {7b 00 45 00 4e 00 54 00 45 00 52 00 7d 00 } //02 00
$a_00_5 = {57 00 49 00 4e 00 44 00 49 00 52 00 } //01 00
$a_00_6 = {73 00 79 00 73 00 74 00 65 00 6d 00 33 00 32 00 5c 00 73 00 76 00 } //01 00
$a_01_7 = {68 00 74 00 74 00 70 00 3a 00 2f 00 2f 00 } //02 00
$a_00_8 = {79 00 61 00 68 00 6f 00 6f 00 2e 00 63 00 6f 00 6d 00 2e 00 62 00 72 00 } //02 00
$a_00_9 = {73 00 76 00 68 00 6f 00 6f 00 74 00 73 00 73 00 2e 00 65 00 78 00 65 00 } //02 00
$a_00_10 = {73 00 76 00 68 00 6f 00 74 00 73 00 73 00 2e 00 65 00 78 00 65 00 } //01 00
$a_00_11 = {46 00 61 00 6c 00 68 00 61 00 20 00 4e 00 61 00 20 00 4d 00 65 00 6d 00 } //01 00
$a_00_12 = {53 00 59 00 53 00 54 00 45 00 4d 00 20 00 45 00 52 00 52 00 4f 00 52 00 } //01 00
$a_00_13 = {52 00 65 00 71 00 75 00 65 00 72 00 69 00 64 00 6f 00 20 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 20 00 4e 00 54 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 } //01 00
$a_00_14 = {4f 00 20 00 61 00 70 00 6c 00 69 00 63 00 61 00 74 00 69 00 76 00 6f 00 } //01 00
$a_00_15 = {6f 00 20 00 66 00 6f 00 69 00 20 00 6c 00 6f 00 63 00 61 00 6c 00 69 00 7a 00 61 00 64 00 6f 00 } //01 00
$a_00_16 = {73 00 75 00 61 00 20 00 6c 00 6f 00 63 00 61 00 6c 00 69 00 7a 00 61 00 } //02 00
$a_00_17 = {46 4f 54 4f 53 5f } //02 00
$a_00_18 = {4d 65 73 73 65 6e 67 65 72 41 50 49 } //02 00
$a_00_19 = {4d 65 73 73 65 6e 67 65 72 5c 6d 73 6d 73 67 73 } //03 00
$a_00_20 = {4d 53 4e 5f 4f 6e 49 4d 57 69 6e 64 6f 77 43 72 65 61 74 65 64 } //01 00
$a_00_21 = {55 52 4c 44 6f 77 6e 6c 6f 61 64 54 6f 46 69 6c 65 41 } //01 00
$a_00_22 = {47 65 74 57 69 6e 64 6f 77 54 65 78 74 41 } //00 00
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink