Sneed-Reactivity/yara-mikesxrs/g00dv1n/Trojan.PowerLoader.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

22 lines
No EOL
531 B
Text

rule MalwarePowerLoaderSample
{
meta:
Description = "Trojan.PowerLoader.sm"
ThreatLevel = "5"
strings:
$str_1 = "powerloader" ascii wide
$ = "inject64_section" ascii wide
$ = "inject64_event" ascii wide
$ = "inject_section" ascii wide
$ = "inject_event" ascii wide
$ = "loader.dat" ascii wide
$ = "Inject64End" ascii wide
$ = "Inject64Normal" ascii wide
$ = "Inject64Start" ascii wide
$ = "UacInject64End" ascii wide
$ = "UacInject64Start" ascii wide
condition:
(2 of them) or (any of ($str_*))
}