Sneed-Reactivity/yara-mikesxrs/phish me/PM_Zip_With_Exe.yar

rule PM_Zip_With_Exe
{
meta:
	author="R.Tokazowski"
	company="PhishMe, Inc."
	URL="http://phishme.com/two-attacks-two-dyres-infrastructure/"
	
strings:
	$hdr = "PK"
	
	$e1 = ".exe" nocase
	$e2 = ".scr" nocase

	
condition:
	$hdr at 0 and (($e1 in (filesize-100..filesize)) or ($e2 in (filesize-100..filesize)))
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 17:43:35 +00:00			`rule PM_Zip_With_Exe`
			`{`
			`meta:`
			`author="R.Tokazowski"`
			`company="PhishMe, Inc."`
			`URL="http://phishme.com/two-attacks-two-dyres-infrastructure/"`

			`strings:`
			`$hdr = "PK"`

			`$e1 = ".exe" nocase`
			`$e2 = ".scr" nocase`


			`condition:`
			`$hdr at 0 and (($e1 in (filesize-100..filesize)) or ($e2 in (filesize-100..filesize)))`
			`}`