25 lines
467 B
Text
25 lines
467 B
Text
|
rule Sengoku_PDB
|
||
|
{
|
||
|
meta:
|
||
|
Author = "@X0RC1SM"
|
||
|
Description = "Looking for unique PDB"
|
||
|
Reference = "http://artemonsecurity.com/snake_whitepaper.pdf"
|
||
|
Date = "2017-10-28"
|
||
|
strings:
|
||
|
$PDB1 = "d:\\proj\\cn\\fa64\\sengoku\\_bin\\sengoku\\win32_debug\\sengoku_Win32.pdb" ascii wide nocase
|
||
|
$PDB2 = "d:\\proj\\cn\\fa64\\sengoku\\" ascii wide nocase
|
||
|
$PDB3 = "\\sengoku_Win32.pdb" ascii wide nocase
|
||
|
condition:
|
||
|
any of them
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|