Sneed-Reactivity/yara-mikesxrs/malc0de/bouncer_exe_apt1.yar

9 lines
229 B
Text
Raw Normal View History

rule bouncer_exe : apt
{
strings:
$a = "*Qd9kdgba33*%Wkda0Qd3kvn$*&><(*&%$E#%$#1234asdgKNAg@!gy565dtfbasdg"
$b = "dump"
$c = "IDR_DATA%d"
condition:
filesize < 300KB and (3 of ($a,$b,$c))
}