Sneed-Reactivity/yara-Neo23x0/crime_malumpos.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

17 lines
569 B
Text

rule PoS_Malware_MalumPOS
{
meta:
author = "Trend Micro, Inc."
date = "2015-05-25"
description = "Used to detect MalumPOS memory dumper"
sample_filtype = "exe"
id = "6d85c7fe-bf1b-53fb-b618-4b0f8b63cae4"
strings:
$string1 = "SOFTWARE\\Borland\\Delphi\\RTL"
$string2 = "B)[0-9]{13,19}\\"
$string3 = "[A-Za-z\\s]{0,30}\\/[A-Za-z\\s]{0,30}\\"
$string4 = "TRegExpr(exec): ExecNext Without Exec[Pos]"
$string5 = /Y:\\PROGRAMS\\.{20,300}\.pas/
condition:
all of ($string*)
}