Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
R
rules
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
fact-depend
rules
Commits
ba702c5b
Commit
ba702c5b
authored
Aug 04, 2017
by
d00rt
Committed by
GitHub
Aug 04, 2017
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Create MALW_Virut_FileInfector_UNK_VERSION.yar
parent
eced3058
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
20 additions
and
0 deletions
+20
-0
MALW_Virut_FileInfector_UNK_VERSION.yar
malware/MALW_Virut_FileInfector_UNK_VERSION.yar
+20
-0
No files found.
malware/MALW_Virut_FileInfector_UNK_VERSION.yar
0 → 100644
View file @
ba702c5b
rule VirutFileInfector
{
meta:
author = "D00RT <@D00RT_RM>"
data = "2017/08/04"
description = "Virut (unknown version) fileinfector detection"
reference = "http://reversingminds-blog.logdown.com"
infected_sample1 = "5755f09d445a5dcab3ea92d978c7c360"
infected_sample2 = "68e508108ed94c8c391c70ef1d15e0f8"
infected_sample2 = "2766e8e78ee10264cf1a3f5f4a16ff00"
strings:
$sign = { F9 E8 22 00 00 00 ?? 31 EB 56 }
$func = { 52 C1 E9 1D 68 31 D4 00 00 58 5A 81 C1 94 01 00 00 80 4D 00 F0 89 6C 24 04 F7 D1 81 6C 24 04 }
condition:
$sign and $func
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
