08e8d462fe
RED PILL 🔴 💊
18 lines
No EOL
474 B
Text
18 lines
No EOL
474 B
Text
rule rtf_yahoo_ken
|
|
{
|
|
meta:
|
|
author = "@patrickrolsen"
|
|
maltype = "Yahoo Ken"
|
|
filetype = "RTF"
|
|
version = "0.1"
|
|
description = "Test rule"
|
|
description = "https://github.com/1aN0rmus/Yara"
|
|
date = "2013-12-14"
|
|
strings:
|
|
$magic1 = { 7b 5c 72 74 30 31 } // {\rt01
|
|
$magic2 = { 7b 5c 72 74 66 31 } // {\rtf1
|
|
$magic3 = { 7b 5c 72 74 78 61 33 } // {\rtxa3
|
|
$author1 = { 79 61 68 6f 6f 20 6b 65 63 } // "yahoo ken"
|
|
condition:
|
|
($magic1 or $magic2 or $magic3 at 0) and $author1
|
|
} |