15 lines
No EOL
295 B
Text
15 lines
No EOL
295 B
Text
// Copyright (C) 2013 Claudio "nex" Guarnieri
|
|
|
|
rule embedded_pe
|
|
{
|
|
meta:
|
|
author = "nex"
|
|
description = "Contains an embedded PE32 file"
|
|
|
|
strings:
|
|
$a = "PE32"
|
|
$b = "This program"
|
|
$mz = { 4d 5a }
|
|
condition:
|
|
($a and $b) and not ($mz at 0)
|
|
} |