42 lines
No EOL
834 B
Text
42 lines
No EOL
834 B
Text
rule YayihCode : Yayih Family
|
|
{
|
|
meta:
|
|
description = "Yayih code features"
|
|
author = "Seth Hardy"
|
|
last_modified = "2014-07-11"
|
|
|
|
strings:
|
|
// encryption
|
|
$ = { 80 04 08 7A 03 C1 8B 45 FC 80 34 08 19 03 C1 41 3B 0A 7C E9 }
|
|
|
|
condition:
|
|
any of them
|
|
}
|
|
|
|
rule YayihStrings : Yayih Family
|
|
{
|
|
meta:
|
|
description = "Yayih Identifying Strings"
|
|
author = "Seth Hardy"
|
|
last_modified = "2014-07-11"
|
|
|
|
strings:
|
|
$ = "/bbs/info.asp"
|
|
$ = "\\msinfo.exe"
|
|
$ = "%s\\%srcs.pdf"
|
|
$ = "\\aumLib.ini"
|
|
|
|
condition:
|
|
any of them
|
|
}
|
|
|
|
rule Yayih : Family
|
|
{
|
|
meta:
|
|
description = "Yayih"
|
|
author = "Seth Hardy"
|
|
last_modified = "2014-07-11"
|
|
|
|
condition:
|
|
YayihCode or YayihStrings
|
|
} |