Sneed-Reactivity/yara-mikesxrs/Koodous/realshell.yar

11 lines
326 B
Text
Raw Normal View History

rule dropper:realshell {
meta:
source = "https://blog.malwarebytes.org/mobile-2/2015/06/complex-method-of-obfuscation-found-in-dropper-realshell/"
strings:
$a = "hexKey:"
$b = "Decrypt.malloc.memset.free.pluginSMS_encrypt.Java_com_skymobi_pay_common_util_LocalDataDecrpty_Encrypt.strcpy"
condition:
any of them
}