9 lines
196 B
Text
9 lines
196 B
Text
|
rule bouncer2_exe : apt
|
||
|
{
|
||
|
strings:
|
||
|
$a = "asdfqwe123cxz"
|
||
|
$b = "dump"
|
||
|
$c = "loadlibrary kernel32 error %d"
|
||
|
condition:
|
||
|
filesize < 300KB and (3 of ($a,$b,$c))
|
||
|
}
|