Sneed-Reactivity/yara-mikesxrs/McAfee/CryptoLocker_rule2.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

27 lines
No EOL
696 B
Text

rule CryptoLocker_rule2
{
meta:
author = "Christiaan Beek, Christiaan_Beek@McAfee.com"
date = "2014-04-14"
description = "Detection of CryptoLocker Variants"
strings:
$string0 = "2.0.1.7" wide
$string1 = " <security>"
$string2 = "Romantic"
$string3 = "ProductVersion" wide
$string4 = "9%9R9f9q9"
$string5 = "IDR_VERSION1" wide
$string6 = "button"
$string7 = " </security>"
$string8 = "VFileInfo" wide
$string9 = "LookFor" wide
$string10 = " </requestedPrivileges>"
$string11 = " uiAccess"
$string12 = " <trustInfo xmlns"
$string13 = "last.inf"
$string14 = " manifestVersion"
$string15 = "FFFF04E3" wide
$string16 = "3,31363H3P3m3u3z3"
condition:
8 of ($string*)
}