Sneed-Reactivity/yara-mikesxrs/g00dv1n/Rogue.SDef.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

20 lines
No EOL
526 B
Text

rule RogueSpywareDefenderSample
{
meta:
Description = "Rogue.SDef.sm"
ThreatLevel = "5"
strings:
$str1 = "/get_two.php?" ascii wide
$str2 = "spyware-defender.com" ascii wide
$str3 = "Spyware Defender 2014" ascii wide
$str4 = "Antivirus MAC 2014" ascii wide
$str5 = "Antivirus WIN 2014" ascii wide
$ = "Delete" ascii wide
$ = "NoRemove" ascii wide
$ = "ForceRemove" ascii wide
$ = "RunInvalidSignatures" ascii wide
$ = "CheckExeSignatures" ascii wide
condition:
(5 of them) or (any of ($str*))
}