Sneed-Group/Sneed-Reactivity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Sneed-Reactivity/yara-mikesxrs/h3x2b/obfuscation.yara
Sam Sneed 08e8d462fe OMG ISTG PLS WORK 
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

15 lines
541 B
Text
Raw Permalink Blame History

rule obfuscation_singlebyte_mov : feature obfuscation
{
meta:
author = "Andreas Schuster"
description = "Detects strings obfuscated by single-byte mov ex: mov [ebp+String+1], A"
//Check also:
//https://insights.sei.cmu.edu/sei_blog/2012/11/writing-effective-yara-signatures-to-identify-malware.html
strings:
$singleb_mov = { c6 45 [2] c6 45 [2] c6 45 [2] c6 45}
condition:
//Contains all of the strings
all of them
}
Reference in a new issue View git blame Copy permalink