08e8d462fe
RED PILL 🔴 💊
15 lines
No EOL
327 B
Text
15 lines
No EOL
327 B
Text
rule explosive_exe
|
|
{
|
|
meta:
|
|
author = "Check Point Software Technologies Inc."
|
|
info = "Explosive EXE"
|
|
reference = "https://www.checkpoint.com/downloads/volatile-cedar-technical-report.pdf"
|
|
|
|
strings:
|
|
$MZ = "MZ"
|
|
$DLD_S = "DLD-S:"
|
|
$DLD_E = "DLD-E:"
|
|
|
|
condition:
|
|
$MZ at 0 and all of them
|
|
} |