mirror of
https://github.com/valitydev/signature-base.git
synced 2024-11-07 10:28:53 +00:00
14 lines
423 B
Plaintext
14 lines
423 B
Plaintext
|
|
||
|
rule Malware_JS_powershell_obfuscated {
|
||
|
meta:
|
||
|
description = "Unspecified malware - file rechnung_3.js"
|
||
|
author = "Florian Roth"
|
||
|
reference = "Internal Research"
|
||
|
date = "2017-03-24"
|
||
|
hash1 = "3af15a2d60f946e0c4338c84bd39880652f676dc884057a96a10d7f802215760"
|
||
|
strings:
|
||
|
$x1 = "po\" + \"wer\" + \"sh\" + \"e\" + \"ll\";" fullword ascii
|
||
|
condition:
|
||
|
filesize < 30KB and 1 of them
|
||
|
}
|