Sneed-Reactivity/yara-mikesxrs/g00dv1n/Backdoor.Liudoor.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

27 lines
845 B
Text

rule BackdoorLiudoor
{
meta:
author = "RSA FirstWatch"
date = "2015-07-23"
Description = "Backdoor.Liudoor.sm"
ThreatLevel = "5"
hash0 = "78b56bc3edbee3a425c96738760ee406"
hash1 = "5aa0510f6f1b0e48f0303b9a4bfc641e"
hash2 = "531d30c8ee27d62e6fbe855299d0e7de"
hash3 = "2be2ac65fd97ccc97027184f0310f2f3"
hash4 = "6093505c7f7ec25b1934d3657649ef07"
type = "Win32 DLL"
strings:
$string0 = "Succ" ascii wide
$string1 = "Fail" ascii wide
$string2 = "pass" ascii wide
$string3 = "exit" ascii wide
$string4 = "svchostdllserver.dll" ascii wide
$string5 = "L$,PQR" ascii wide
$string6 = "0/0B0H0Q0W0k0" ascii wide
$string7 = "QSUVWh" ascii wide
$string8 = "Ht Hu[" ascii wide
condition:
all of them
}