41 lines
810 B
Text
41 lines
810 B
Text
|
private rule WarpCode : Warp Family
|
||
|
{
|
||
|
meta:
|
||
|
description = "Warp code features"
|
||
|
author = "Seth Hardy"
|
||
|
last_modified = "2014-07-10"
|
||
|
|
||
|
strings:
|
||
|
// character replacement
|
||
|
$ = { 80 38 2B 75 03 C6 00 2D 80 38 2F 75 03 C6 00 5F }
|
||
|
|
||
|
condition:
|
||
|
any of them
|
||
|
}
|
||
|
|
||
|
private rule WarpStrings : Warp Family
|
||
|
{
|
||
|
meta:
|
||
|
description = "Warp Identifying Strings"
|
||
|
author = "Seth Hardy"
|
||
|
last_modified = "2014-07-10"
|
||
|
|
||
|
strings:
|
||
|
$ = "/2011/n325423.shtml?"
|
||
|
$ = "wyle"
|
||
|
$ = "\\~ISUN32.EXE"
|
||
|
|
||
|
condition:
|
||
|
any of them
|
||
|
}
|
||
|
|
||
|
rule Warp : Family
|
||
|
{
|
||
|
meta:
|
||
|
description = "Warp"
|
||
|
author = "Seth Hardy"
|
||
|
last_modified = "2014-07-10"
|
||
|
|
||
|
condition:
|
||
|
WarpCode or WarpStrings
|
||
|
}
|