22 lines
442 B
Text
22 lines
442 B
Text
|
rule Infinity
|
||
|
{
|
||
|
meta:
|
||
|
author = " Kevin Breen <kevin@techanarchy.net>"
|
||
|
date = "2014/04"
|
||
|
ref = "http://malwareconfig.com/stats/Infinity"
|
||
|
maltype = "Remote Access Trojan"
|
||
|
filetype = "exe"
|
||
|
|
||
|
strings:
|
||
|
$a = "CRYPTPROTECT_PROMPTSTRUCT"
|
||
|
$b = "discomouse"
|
||
|
$c = "GetDeepInfo"
|
||
|
$d = "AES_Encrypt"
|
||
|
$e = "StartUDPFlood"
|
||
|
$f = "BATScripting" wide
|
||
|
$g = "FBqINhRdpgnqATxJ.html" wide
|
||
|
$i = "magic_key" wide
|
||
|
|
||
|
condition:
|
||
|
all of them
|
||
|
}
|