Sneed-Reactivity/yara-mikesxrs/Novetta/hidkit.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

13 lines
No EOL
258 B
Text

rule hidkit
{
meta:
Author = "Novetta"
Reference = "https://www.novetta.com/wp-content/uploads/2014/11/HiKit.pdf"
strings:
$a = "---HIDE"
$b = "hide---port = %d"
condition:
uint16(0)==0x5A4D and uint32(uint32(0x3c))==0x00004550 and $a and $b
}