41 lines
No EOL
1.1 KiB
Text
41 lines
No EOL
1.1 KiB
Text
rule LinkuryASample
|
|
{
|
|
meta:
|
|
Description = "Adware.Linkury.A.vb"
|
|
ThreatLevel = "5"
|
|
|
|
strings:
|
|
$ = "Smartbar" ascii wide
|
|
$ = "Linkury" ascii wide
|
|
$ = "ChromeUtils" ascii wide
|
|
$ = "FirefoxUtils" ascii wide
|
|
$ = "AddBundledSoftware" ascii wide
|
|
$ = "UpdateToolbarState" ascii wide
|
|
$ = "New Tab Search" ascii wide
|
|
$ = "get_BrowserIsOpen" ascii wide
|
|
$ = "get_BetterSearchResults" ascii wide
|
|
$ = "get_AllYourBrowsers" ascii wide
|
|
$ = "get_ChangeHomepageAndSearch" ascii wide
|
|
$ = "get_BrowserSettingsProtectOk" ascii wide
|
|
$ = "get_BrowserSettingsChange" ascii wide
|
|
$ = "get_BrowserSettingsProtectChange" ascii wide
|
|
$ = "get_BrowserSettingsProtectDescription" ascii wide
|
|
$ = "get_BrowserSettingsProtectHeader" ascii wide
|
|
$ = "get_BrowserSettingsProtectKeep" ascii wide
|
|
|
|
condition:
|
|
2 of them
|
|
}
|
|
|
|
rule LinkuryBSample
|
|
{
|
|
meta:
|
|
Description = "Adware.Linkury.B.vb"
|
|
ThreatLevel = "5"
|
|
|
|
strings:
|
|
$ = "C:\\Cranberry\\bin\\CaraDelevigne\\Cara.pdb" ascii wide
|
|
|
|
condition:
|
|
any of them
|
|
} |