Sneed-Reactivity/yara-mikesxrs/g00dv1n/Trojan.Kovter.yar

rule TrojanWin32KovterSample
{
	meta:
		Description  = "Trojan.Kovter.sm"
		ThreatLevel  = "5"

	strings:
		$ = "AntiVirtualBox" ascii wide
		$ = "AntiVMware" ascii wide
		$ = "AntiVMwareEx" ascii wide
		$ = "AntiVirtualPC" ascii wide
		$ = "AntiSandboxie" ascii wide
		$ = "AntiThreadExpert" ascii wide
		$ = "AntiWireshark" ascii wide
		$ = "AntiJoeBox" ascii wide
		$ = "AntiRFP" ascii wide
		$ = "AntiAllDebugger" ascii wide
		$ = "AntiODBG" ascii wide
		$ = "AntiSoftIce" ascii wide
		$ = "AntiSyserDebugger" ascii wide
		$ = "AntiTrwDebugger" ascii wide
		$ = "AntiVirtualMachine" ascii wide
		$ = "AntiSunbeltSandboxie" ascii wide

		$a = "i:\\MySoft\\project Locker\\optimize orig Binary\\kol\\err.pas" ascii wide

	condition:
		3 of them or $a
}