valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 02:25:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

False Positive

Browse Source
This commit is contained in:
Florian Roth 2016-10-13 09:39:49 +02:00
parent 3e98d30987
commit 7f3a863862
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
yara/gen_malware_set_qa.yar
View File

@ -72,7 +72,7 @@ rule Malware_QA_fil {
$s8 = "PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDIN" ascii $s8 = "PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDIN" ascii
$s9 = "SuppressIldasmAttribute" fullword ascii $s9 = "SuppressIldasmAttribute" fullword ascii
condition: condition:
( uint16(0) == 0x5a4d and filesize < 200KB and ( 1 of ($x*) or 4 of ($s*) ) ) ( uint16(0) == 0x5a4d and filesize < 200KB and all of them )
} }
rule Malware_QA_update { rule Malware_QA_update {