16 lines
316 B
Text
16 lines
316 B
Text
rule trojan_poweliks_dropper
|
|
{
|
|
meta:
|
|
author = "Adam Burt (adam_burt@symantec.com)"
|
|
md5hash = "181dbed16bce32a7cfc15ecdd6e31918"
|
|
sha1hash = "b00a9e4e12f799a1918358d175f571439fc4b45c"
|
|
|
|
strings:
|
|
$s1 = "NameOfMutexObject"
|
|
$c1 = {2F 2E 6D 2C}
|
|
$c2 = {76 AB 0B A7}
|
|
|
|
|
|
condition:
|
|
$c1 at 0x104a0 or ($s1 and $c2 at 0x104a8)
|
|
}
|