11 lines
326 B
Text
11 lines
326 B
Text
|
rule dropper:realshell {
|
||
|
meta:
|
||
|
source = "https://blog.malwarebytes.org/mobile-2/2015/06/complex-method-of-obfuscation-found-in-dropper-realshell/"
|
||
|
strings:
|
||
|
$a = "hexKey:"
|
||
|
$b = "Decrypt.malloc.memset.free.pluginSMS_encrypt.Java_com_skymobi_pay_common_util_LocalDataDecrpty_Encrypt.strcpy"
|
||
|
|
||
|
condition:
|
||
|
any of them
|
||
|
}
|