Sneed-Reactivity/yara-mikesxrs/pombredanne/PDF_Embedded_Exe.yar

rule PDF_Embedded_Exe{
	strings:
    	$header = {25 50 44 46}
    	$Launch_Action = {3C 3C 2F 53 2F 4C 61 75 6E 63 68 2F 54 79 70 65 2F 41 63 74 69 6F 6E 2F 57 69 6E 3C 3C 2F 46}
        $exe = {3C 3C 2F 45 6D 62 65 64 64 65 64 46 69 6C 65 73}
    condition:
    	$header at 0 and $Launch_Action and $exe
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 17:43:35 +00:00			`rule PDF_Embedded_Exe{`
			`strings:`
			`$header = {25 50 44 46}`
			`$Launch_Action = {3C 3C 2F 53 2F 4C 61 75 6E 63 68 2F 54 79 70 65 2F 41 63 74 69 6F 6E 2F 57 69 6E 3C 3C 2F 46}`
			`$exe = {3C 3C 2F 45 6D 62 65 64 64 65 64 46 69 6C 65 73}`
			`condition:`
			`$header at 0 and $Launch_Action and $exe`
			`}`