decompiled unsorted
This commit is contained in:
parent
c89740987c
commit
76b6708944
|
@ -0,0 +1,52 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 1.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if epcode[1] ~= 232 then
|
||||
return mp.CLEAN
|
||||
end
|
||||
if epcode[6] ~= 163 then
|
||||
return mp.CLEAN
|
||||
end
|
||||
if epcode[11] ~= 199 then
|
||||
return mp.CLEAN
|
||||
end
|
||||
if epcode[12] ~= 5 then
|
||||
return mp.CLEAN
|
||||
end
|
||||
if epcode[21] ~= 104 then
|
||||
return mp.CLEAN
|
||||
end
|
||||
if epcode[22] ~= 0 then
|
||||
return mp.CLEAN
|
||||
end
|
||||
if epcode[23] ~= 2 then
|
||||
return mp.CLEAN
|
||||
end
|
||||
if epcode[24] ~= 0 then
|
||||
return mp.CLEAN
|
||||
end
|
||||
if epcode[25] ~= 0 then
|
||||
return mp.CLEAN
|
||||
end
|
||||
if epcode[134] ~= 45 then
|
||||
return mp.CLEAN
|
||||
end
|
||||
if epcode[143] ~= 114 then
|
||||
return mp.CLEAN
|
||||
end
|
||||
if pehdr.NumberOfSections ~= 4 then
|
||||
return mp.CLEAN
|
||||
end
|
||||
if peattributes.isexe ~= true then
|
||||
return mp.CLEAN
|
||||
end
|
||||
;
|
||||
(mp.readprotection)(false)
|
||||
local l_0_0 = (mp.readfile)((pe.foffset_rva)((pesecs[pehdr.NumberOfSections]).VirtualAddress), 832)
|
||||
if (mp.crc32)(-1, l_0_0, 1, 832) ~= 3485187017 then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if pehdr.NumberOfSections ~= 5 then
|
||||
return mp.CLEAN
|
||||
end
|
||||
if pehdr.SizeOfImage ~= 819200 then
|
||||
return mp.CLEAN
|
||||
end
|
||||
if (mp.readu_u32)(headerpage, 649) ~= 1936487470 then
|
||||
return mp.CLEAN
|
||||
end
|
||||
if (mp.readu_u32)(headerpage, 685) ~= 3221225536 then
|
||||
return mp.CLEAN
|
||||
end
|
||||
;
|
||||
(mp.readprotection)(false)
|
||||
local l_0_0 = (mp.readfile)((pe.foffset_rva)(pehdr.AddressOfEntryPoint), 23)
|
||||
;
|
||||
(mp.writeu_u32)(l_0_0, 17, 0)
|
||||
if (mp.crc32)(-1, l_0_0, 1, 23) ~= 1897054316 then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 100.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if not (mp.get_mpattribute)("MpIsVBScriptAMSIScan") and not (mp.get_mpattribute)("MpIsJScriptAMSIScan") and not (mp.get_mpattribute)("MpIsPowerShellAMSIScan") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
local l_0_0 = {}
|
||||
local l_0_1 = (mp.get_contextdata)(mp.CONTEXT_DATA_AMSI_OPERATION_PPID)
|
||||
;
|
||||
(table.insert)(l_0_0, l_0_1)
|
||||
;
|
||||
(MpCommon.SetPersistContextNoPath)("amsidetct", l_0_0, 120)
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 1000.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
local l_0_0 = (string.lower)((bm.get_imagepath)())
|
||||
if l_0_0 then
|
||||
if (string.find)((string.lower)(l_0_0), "\\program files", 1, true) or (string.find)((string.lower)(l_0_0), "teamviewer", 1, true) or (string.find)((string.lower)(l_0_0), "\\steam", 1, true) or (string.find)((string.lower)(l_0_0), "torrent.exe", 1, true) or (string.find)((string.lower)(l_0_0), "game", 1, true) then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10000.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.ismsil == true and peattributes.isdll == false then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10001.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isdll and peattributes.hasexports then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10002.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PACKED_WITH:[CMDEmbedded]") then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10003.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isexe and peattributes.is_delphi then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10004.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("HSTR:Exception:Mimikatz.A") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10005.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("HSTR:Exception:Mimikatz.A") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10006.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isexe == true and peattributes.x86_image == true then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10007.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10008.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("SIGATTR:Win32/CompinjWindow") then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.LOWFI
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10009.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isexe == true and peattributes.x86_image == true then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 1001.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
local l_0_0 = (string.lower)((bm.get_imagepath)())
|
||||
if l_0_0 then
|
||||
if (string.find)((string.lower)(l_0_0), "\\program files", 1, true) or (string.find)((string.lower)(l_0_0), "teamviewer", 1, true) or (string.find)((string.lower)(l_0_0), "\\steam", 1, true) or (string.find)((string.lower)(l_0_0), "torrent.exe", 1, true) or (string.find)((string.lower)(l_0_0), "game", 1, true) then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10010.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10011.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
(pe.mmap_patch_va)(pevars.sigaddr + 24, "\1850\000\000\000\144")
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10012.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isexe == true and peattributes.x86_image == true then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10013.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isexe == true and peattributes.x86_image == true then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10014.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10015.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isexe == true and peattributes.x86_image == true then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10016.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10017.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isexe == true and peattributes.x86_image == true then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10018.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if pehdr.SizeOfImage > 135168 and pehdr.SizeOfImage < 143360 then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10019.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 1002.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
is_in_program_files = function(l_1_0)
|
||||
-- function num : 0_0
|
||||
if (string.match)(l_1_0, "%a:\\program files") ~= nil then
|
||||
return true
|
||||
else
|
||||
return false
|
||||
end
|
||||
end
|
||||
|
||||
is_clickonce_app = function(l_2_0)
|
||||
-- function num : 0_1
|
||||
if (string.match)(l_2_0, "\\appdata\\local\\apps\\2.0\\") ~= nil then
|
||||
return true
|
||||
else
|
||||
return false
|
||||
end
|
||||
end
|
||||
|
||||
local l_0_0 = (string.lower)((mp.PathToWin32Path)((bm.get_imagepath)()))
|
||||
if is_in_program_files(l_0_0) then
|
||||
return mp.CLEAN
|
||||
end
|
||||
if is_clickonce_app(l_0_0) then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10020.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
(pe.mmap_patch_va)(pevars.sigaddr + 35, "é\a\000\000\144")
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10021.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if not (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10022.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10023.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10024.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10025.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("CURE:Virus:Win32/Expiro.EK1") then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10026.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.no_security and peattributes.isexe then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10027.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.no_security and peattributes.isexe then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10028.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10029.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.no_security and peattributes.isexe then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 1003.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (this_sigattrlog[1]).matched then
|
||||
local l_0_0 = nil
|
||||
l_0_0 = (this_sigattrlog[1]).utf8p2
|
||||
if l_0_0 == nil then
|
||||
return mp.CLEAN
|
||||
end
|
||||
if (string.find)(l_0_0, "-k", 1, true) or (string.find)(l_0_0, "UnistackSvcGroup", 1, true) then
|
||||
return mp.CLEAN
|
||||
end
|
||||
local l_0_1 = (bm.get_imagepath)()
|
||||
if l_0_1 ~= nil and (string.lower)((string.sub)(l_0_1, -4)) == ".dll" then
|
||||
return mp.CLEAN
|
||||
end
|
||||
local l_0_2 = (bm.get_current_process_startup_info)()
|
||||
if l_0_2.integrity_level < MpCommon.SECURITY_MANDATORY_SYSTEM_RID then
|
||||
local l_0_3, l_0_4 = (bm.get_process_relationships)()
|
||||
for l_0_8,l_0_9 in ipairs(l_0_3) do
|
||||
if l_0_9.image_path ~= nil and (mp.bitand)(l_0_9.reason_ex, 1) == 1 and (string.find)(l_0_9.image_path, "windows\\system32\\svchost.exe", 1, true) then
|
||||
return mp.CLEAN
|
||||
end
|
||||
end
|
||||
return mp.INFECTED
|
||||
end
|
||||
end
|
||||
do
|
||||
return mp.CLEAN
|
||||
end
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10030.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.no_security and peattributes.isexe then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10031.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10032.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10033.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.no_security and peattributes.isexe then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10034.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PACKED_WITH:[aPLib_034_mem]") then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10035.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10036.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10037.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.no_security and peattributes.isexe then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10038.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("AGGREGATOR:CheckInstalledAV") then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10039.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.no_security and peattributes.isexe then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 1004.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.ismsil == true then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10040.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10041.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if mp.HSTR_WEIGHT > 2 then
|
||||
(mp.set_mpattribute)("HSTR:Nivdort.AE1")
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10042.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isdll and peattributes.no_security then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10043.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.amd64_image then
|
||||
(mp.changedetectionname)(805306485)
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10044.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if pehdr.SizeOfImage > 56320 and pehdr.SizeOfImage < 57856 then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10045.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10046.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10047.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.amd64_image then
|
||||
(mp.changedetectionname)(805306481)
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10048.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isexe and peattributes.no_security then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10049.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 1005.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
GetRuleInfo = function()
|
||||
-- function num : 0_0
|
||||
local l_1_0 = {}
|
||||
l_1_0.Name = "Aplha Test for ASR in Block Mode"
|
||||
l_1_0.Description = "Generic ASR Block mode use for unit testing"
|
||||
return l_1_0
|
||||
end
|
||||
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10050.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10051.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isexe and peattributes.no_security then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10052.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10053.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10054.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isexe and peattributes.no_security then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10055.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isexe and peattributes.no_security then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10056.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10057.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10058.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10059.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("NID:Adware:Win32/Linkury.A1") then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 1006.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
GetRuleInfo = function()
|
||||
-- function num : 0_0
|
||||
local l_1_0 = {}
|
||||
l_1_0.Name = "Block execution of potentially obfuscated scripts"
|
||||
l_1_0.Description = "Windows Defender Exploit Guard detected either obfuscated JavaScript, VBScript, or macro code."
|
||||
return l_1_0
|
||||
end
|
||||
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10060.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isexe and peattributes.hasexports then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10061.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("SIGATTR:ExCheckInstalledAV") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10062.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("RPF:MsilOverlappingMethods") then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10063.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isdll and peattributes.no_exports then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10064.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isdll and peattributes.hasexports then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10065.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.ismsil == true and peattributes.isdll == false then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10066.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isexe and peattributes.hasexports then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10067.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
(pe.mmap_patch_va)(pevars.sigaddr + 13, "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>\144")
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10068.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isdll == true and peattributes.hasexports == true then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10069.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isdll == true and peattributes.hasexports == true then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 1007.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
GetRuleInfo = function()
|
||||
-- function num : 0_0
|
||||
local l_1_0 = {}
|
||||
l_1_0.Name = "Block Office applications from creating executable content"
|
||||
l_1_0.Description = "Windows Defender Exploit Guard detected the Office application creating executable content."
|
||||
return l_1_0
|
||||
end
|
||||
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10070.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.ismsil and peattributes.no_security then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10071.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("SIGATTR:GetSystemTimeBailout") then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10072.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
(mp.set_mpattribute)("do_exhaustivehstr_rescan")
|
||||
;
|
||||
(pe.reemulate)()
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10073.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
(pe.mmap_patch_va)(pevars.sigaddr + 68, "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>\144")
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10074.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isdll == true and peattributes.hasexports == true then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10075.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isdll == true and peattributes.hasexports == true then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10076.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isdll == true and peattributes.hasexports then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10077.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isdll == true and peattributes.hasexports == true then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10078.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.ismsil and peattributes.no_security then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10079.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (pe.isdynamic_va)(pevars.sigaddr) then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 1008.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
GetRuleInfo = function()
|
||||
-- function num : 0_0
|
||||
local l_1_0 = {}
|
||||
l_1_0.Name = "Use advanced protection against ransomware"
|
||||
l_1_0.Description = "Windows Defender Exploit Guard detected execution of file that exhibit characteristics similar to ransomware"
|
||||
return l_1_0
|
||||
end
|
||||
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10080.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
(pe.mmap_patch_va)(pevars.sigaddr + 13, "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>\144")
|
||||
return mp.INFECTED
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10081.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("CERT:PUA:Win32/FusionCore.AB") then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10082.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isdll == true and peattributes.hasexports == true then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10083.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isdll == true and peattributes.hasexports == true then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10084.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isdll == true and peattributes.hasexports == true then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10085.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.isdll == true and peattributes.hasexports == true then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10086.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if peattributes.no_security and peattributes.ismsil then
|
||||
return mp.INFECTED
|
||||
end
|
||||
return mp.CLEAN
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
|
||||
-- Command line: 10087.luac
|
||||
|
||||
-- params : ...
|
||||
-- function num : 0
|
||||
if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
|
||||
return mp.CLEAN
|
||||
end
|
||||
return mp.INFECTED
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue