Sneed-Reactivity/yara-mikesxrs/xme/Worm_VBS_Uaper_B.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

17 lines
623 B
Text

rule Worm_VBS_Uaper_B
{
meta:
description = "Example rule from blog"
author = "Xavier Mertens"
reference = "https://blog.rootshell.be/2012/06/20/cuckoomx-automating-email-attachments-scanning-with-cuckoo/"
strings:
$a0 = { 466f72204f353d3120546f204f332e41646472657373456e74726965732e436f756e74 }
$a1 = { 536574204f363d4f332e41646472657373456e7472696573284f3529 }
$a2 = { 4966204f353d31205468656e }
$a3 = { 4f342e4243433d4f362e41646472657373 }
$a4 = { 456c7365 }
$a5 = { 4f342e4243433d4f342e424343202620223b20222026204f362e41646472657373 }
condition:
$a0 and $a1 and $a2 and $a3 and $a4 and $a5
}