Delete viotto_keylogger.yar
This commit is contained in:
parent
753a50d51e
commit
ef9edf2e0e
1 changed files with 0 additions and 18 deletions
|
@ -1,18 +0,0 @@
|
|||
rule viotto_keylogger
|
||||
{
|
||||
meta:
|
||||
author = "Paul B. (@hexlax) PhishMe Research"
|
||||
description = "Matches unpacked Viotto Keylogger samples"
|
||||
details "http://phishme.com/viotto-keylogger"
|
||||
|
||||
strings:
|
||||
$hdr = "MZ"
|
||||
$s1 = "Viotto Keylogger"
|
||||
$s2 = "msvbvm60"
|
||||
$s3 = "FtpPutFileA"
|
||||
$s4 = "VBA6"
|
||||
$s5 = "SetWindowsHookExA"
|
||||
condition:
|
||||
($hdr at 0) and all of ($s*)
|
||||
|
||||
}
|
Loading…
Reference in a new issue