import "pe" rule MAL_RANSOM_Venus_Nov22_1 { meta: description = "Detects Venus Ransomware samples" author = "Florian Roth (Nextron Systems)" reference = "https://twitter.com/dyngnosis/status/1592588860168421376" date = "2022-11-16" score = 85 hash1 = "46f9cbc3795d6be0edd49a2c43efe6e610b82741755c5076a89eeccaf98ee834" hash2 = "6d8e2d8f6aeb0f4512a53fe83b2ef7699513ebaff31735675f46d1beea3a8e05" hash3 = "931cab7fbc0eb2bbc5768f8abdcc029cef76aff98540d9f5214786dccdb6a224" hash4 = "969bfe42819e30e35ca601df443471d677e04c988928b63fccb25bf0531ea2cc" hash5 = "db6fcd33dcb3f25890c28e47c440845b17ce2042c34ade6d6508afd461bfa21c" hash6 = "ee036f333a0c4a24d9aa09848e635639e481695a9209474900eb71c9e453256b" hash7 = "fa7ba459236c7b27a0429f1961b992ab87fc8b3427469fd98bfc272ae6852063" id = "0f7e0ca4-c5e2-5557-92de-2e0d73035f12" strings: $x1 = "Venus