Sneed-Reactivity/yara-mikesxrs/Checkpoint/explosive_dll.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

15 lines
No EOL
338 B
Text

import "pe"
rule explosive_dll
{
meta:
author = "Check Point Software Technologies Inc."
info = "Explosive DLL"
reference = "https://www.checkpoint.com/downloads/volatile-cedar-technical-report.pdf"
condition:
pe.DLL
and ( pe.exports("PathProcess") or pe.exports("_PathProcess@4") ) and
pe.exports("CON")
}