import "pe" rule MAL_Ransomware_Wadhrama { meta: description = "Detects Wadhrama Ransomware via Imphash" author = "Florian Roth (Nextron Systems)" reference = "Internal Research" date = "2019-04-07" hash1 = "557c68e38dce7ea10622763c10a1b9f853c236b3291cd4f9b32723e8714e5576" id = "f7de40e9-fe22-5f14-abc6-f6611a4382ac" condition: uint16(0) == 0x5a4d and pe.imphash() == "f86dec4a80961955a89e7ed62046cc0e" }