Create MiniAsp3_mem_1.yar

malware/MiniAsp3_mem_1.yar

+rule MiniAsp3_mem { 
+  meta: author = "chort (@chort0)"
+  description = "Detect MiniASP3 in memory"
+  strings: 
+    $pdb = "MiniAsp3\Release\MiniAsp.pdb" fullword 
+    $httpAbout = "http://%s/about.htm" fullword 
+    $httpResult = "http://%s/result_%s.htm" fullword 
+    $msgInetFail = "open internet failed…" fullword 
+    $msgRunErr = "run error!" fullword 
+    $msgRunOk = "run ok!" fullword
+    $msgTimeOutM0 = "time out,change to mode 0" fullword 
+    $msgCmdNull = "command is null!" fullword 
+condition:
+  ($pdb and (all of ($http*)) and any of ($msg*))
+  }
+