Sneed-Reactivity/yara-mikesxrs/malc0de/longrun_apt1.yar

rule longrun : apt
{
    strings:
        $a = "%s\\%c%c%c%c%c%c%c"
        $b = "thequickbrownfxjmpsvalzydg"
    condition:
        filesize < 300KB and (2 of ($a,$b))
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 17:43:35 +00:00			`rule longrun : apt`
			`{`
			`strings:`
			`$a = "%s\\%c%c%c%c%c%c%c"`
			`$b = "thequickbrownfxjmpsvalzydg"`
			`condition:`
			`filesize < 300KB and (2 of ($a,$b))`
			`}`