Sneed-Reactivity/yara-mikesxrs/patrickrolsen/blat_email_301.yar

rule blat_email_301
{
meta:
	author = "@patrickrolsen"
strings:
	$s1 = {33 00 2E 00 30 00 2E 00 31} // 301 uni
	$s2 = "Mar  7 2012"
condition:
	uint16(0) == 0x5A4D and (all of ($s*))
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 17:43:35 +00:00			`rule blat_email_301`
			`{`
			`meta:`
			`author = "@patrickrolsen"`
			`strings:`
			`$s1 = {33 00 2E 00 30 00 2E 00 31} // 301 uni`
			`$s2 = "Mar 7 2012"`
			`condition:`
			`uint16(0) == 0x5A4D and (all of ($s*))`
			`}`