08e8d462fe
RED PILL 🔴 💊
29 lines
No EOL
729 B
Text
29 lines
No EOL
729 B
Text
rule CryptoLocker_set1
|
|
{
|
|
meta:
|
|
author = "Christiaan Beek, Christiaan_Beek@McAfee.com"
|
|
date = "2014-04-13"
|
|
description = "Detection of Cryptolocker Samples"
|
|
|
|
strings:
|
|
$string0 = "static"
|
|
$string1 = " kscdS"
|
|
$string2 = "Romantic"
|
|
$string3 = "CompanyName" wide
|
|
$string4 = "ProductVersion" wide
|
|
$string5 = "9%9R9f9q9"
|
|
$string6 = "IDR_VERSION1" wide
|
|
$string7 = " </trustInfo>"
|
|
$string8 = "LookFor" wide
|
|
$string9 = ":n;t;y;"
|
|
$string10 = " <requestedExecutionLevel level"
|
|
$string11 = "VS_VERSION_INFO" wide
|
|
$string12 = "2.0.1.0" wide
|
|
$string13 = "<assembly xmlns"
|
|
$string14 = " <trustInfo xmlns"
|
|
$string15 = "srtWd@@"
|
|
$string16 = "515]5z5"
|
|
$string17 = "C:\\lZbvnoVe.exe" wide
|
|
condition:
|
|
8 of ($string*)
|
|
} |