27 lines
595 B
Text
27 lines
595 B
Text
|
rule Reign_1 {
|
||
|
meta:
|
||
|
info = "Reign"
|
||
|
|
||
|
strings:
|
||
|
$string_decode = {55 8b ec 5d 8b 45 08 0b c0 74 0c eb 05 fe 08 fe 08 40 80 38 00 75 f6}
|
||
|
|
||
|
condition:
|
||
|
$string_decode
|
||
|
}
|
||
|
|
||
|
|
||
|
rule Reign_Driver {
|
||
|
meta:
|
||
|
info = "Reign Driver Component (32-bit)"
|
||
|
|
||
|
strings:
|
||
|
// 2C8B9D2885543D7ADE3CAE98225E263B
|
||
|
// This is dead space at the end of the config block that will be constant between reconfigurations
|
||
|
$config_block_padding = {c739f2c8ee70ebc9cf31fac0e678d3f1f709c2f8de40dbf9ff01caf0}
|
||
|
|
||
|
condition:
|
||
|
$config_block_padding
|
||
|
}
|
||
|
|
||
|
|