Sneed-Reactivity/yara-mikesxrs/kaspersky/apt_hellsing_proxytool.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

22 lines
585 B
Text

rule apt_hellsing_proxytool
{
meta:
version = "1.0"
filetype = "PE"
author = "Costin Raiu, Kaspersky Lab"
copyright = "Kaspersky Lab"
date = "2015-04-07"
description = "detection for Hellsing proxy testing tool"
strings:
$mz="MZ"
$a1="PROXY_INFO: automatic proxy url => %s "
$a2="PROXY_INFO: connection type => %d "
$a3="PROXY_INFO: proxy server => %s "
$a4="PROXY_INFO: bypass list => %s "
$a5="InternetQueryOption failed with GetLastError() %d"
$a6="D:\\Hellsing\\release\\exe\\exe\\" nocase
condition:
($mz at 0) and (2 of ($a*)) and filesize < 300000
}