42 lines
834 B
Text
42 lines
834 B
Text
|
rule YayihCode : Yayih Family
|
||
|
{
|
||
|
meta:
|
||
|
description = "Yayih code features"
|
||
|
author = "Seth Hardy"
|
||
|
last_modified = "2014-07-11"
|
||
|
|
||
|
strings:
|
||
|
// encryption
|
||
|
$ = { 80 04 08 7A 03 C1 8B 45 FC 80 34 08 19 03 C1 41 3B 0A 7C E9 }
|
||
|
|
||
|
condition:
|
||
|
any of them
|
||
|
}
|
||
|
|
||
|
rule YayihStrings : Yayih Family
|
||
|
{
|
||
|
meta:
|
||
|
description = "Yayih Identifying Strings"
|
||
|
author = "Seth Hardy"
|
||
|
last_modified = "2014-07-11"
|
||
|
|
||
|
strings:
|
||
|
$ = "/bbs/info.asp"
|
||
|
$ = "\\msinfo.exe"
|
||
|
$ = "%s\\%srcs.pdf"
|
||
|
$ = "\\aumLib.ini"
|
||
|
|
||
|
condition:
|
||
|
any of them
|
||
|
}
|
||
|
|
||
|
rule Yayih : Family
|
||
|
{
|
||
|
meta:
|
||
|
description = "Yayih"
|
||
|
author = "Seth Hardy"
|
||
|
last_modified = "2014-07-11"
|
||
|
|
||
|
condition:
|
||
|
YayihCode or YayihStrings
|
||
|
}
|