Sneed-Reactivity/yara-mikesxrs/adamburt/win_trojan-poweliks-dropper.yara

17 lines
316 B
Text
Raw Permalink Normal View History

rule trojan_poweliks_dropper
{
meta:
author = "Adam Burt (adam_burt@symantec.com)"
md5hash = "181dbed16bce32a7cfc15ecdd6e31918"
sha1hash = "b00a9e4e12f799a1918358d175f571439fc4b45c"
strings:
$s1 = "NameOfMutexObject"
$c1 = {2F 2E 6D 2C}
$c2 = {76 AB 0B A7}
condition:
$c1 at 0x104a0 or ($s1 and $c2 at 0x104a8)
}