Sneed-Reactivity/yara-mikesxrs/EmersonElectricCo/ft_cab.yara

15 lines
245 B
Text
Raw Permalink Normal View History

rule ft_cab
{
meta:
author = "Jason Batchelor"
company = "Emerson"
lastmod = "20150723"
desc = "File magic for CABs (Microsoft Cabinet Files)"
strings:
$cab = { 4D 53 43 46 }
condition:
$cab at 0
}