diff --git a/yara-mikesxrs/phish me/viotto_keylogger.yar b/yara-mikesxrs/phish me/viotto_keylogger.yar deleted file mode 100644 index 73f4fdd..0000000 --- a/yara-mikesxrs/phish me/viotto_keylogger.yar +++ /dev/null @@ -1,18 +0,0 @@ -rule viotto_keylogger -{ -meta: - author = "Paul B. (@hexlax) PhishMe Research" - description = "Matches unpacked Viotto Keylogger samples" - details "http://phishme.com/viotto-keylogger" - -strings: - $hdr = "MZ" - $s1 = "Viotto Keylogger" - $s2 = "msvbvm60" - $s3 = "FtpPutFileA" - $s4 = "VBA6" - $s5 = "SetWindowsHookExA" -condition: - ($hdr at 0) and all of ($s*) - -} \ No newline at end of file