rule CryptoLocker_rule2
{
meta:
author = "Christiaan Beek, Christiaan_Beek@McAfee.com"
date = "2014-04-14"
description = "Detection of CryptoLocker Variants"
strings:
$string0 = "2.0.1.7" wide
$string1 = " "
$string2 = "Romantic"
$string3 = "ProductVersion" wide
$string4 = "9%9R9f9q9"
$string5 = "IDR_VERSION1" wide
$string6 = "button"
$string7 = " "
$string8 = "VFileInfo" wide
$string9 = "LookFor" wide
$string10 = " "
$string11 = " uiAccess"
$string12 = "