24 lines
525 B
Text
24 lines
525 B
Text
|
/*
|
||
|
Version 0.0.1 2016/03/21
|
||
|
Source code put in public domain by Didier Stevens, no Copyright
|
||
|
https://DidierStevens.com
|
||
|
Use at your own risk
|
||
|
|
||
|
Shortcomings, or todo's ;-) :
|
||
|
|
||
|
History:
|
||
|
2016/03/21: start
|
||
|
*/
|
||
|
|
||
|
rule Contains_VBE_File
|
||
|
{
|
||
|
meta:
|
||
|
author = "Didier Stevens (https://DidierStevens.com)"
|
||
|
description = "Detect a VBE file inside a byte sequence"
|
||
|
method = "Find string starting with #@~^ and ending with ^#~@"
|
||
|
strings:
|
||
|
$vbe = /#@~\^.+\^#~@/
|
||
|
condition:
|
||
|
$vbe
|
||
|
}
|