valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 10:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

False Positive Reduction

Browse Source 
https://github.com/Neo23x0/signature-base/issues/44
This commit is contained in:
Florian Roth 2018-09-24 12:30:09 +02:00
parent d6a2d00cb7
commit a907fd2210
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
yara/apt_cn_pp_zerot.yar
View File

@ -98,9 +98,10 @@ rule PP_CN_APT_ZeroT_6 {
date = "2017-02-03"
hash1 = "a16078c6d09fcfc9d6ff7a91e39e6d72e2d6d6ab6080930e1e2169ec002b37d3"
strings:
$s6 = "jGetgQ|0h9=" fullword ascii
$s1 = "jGetgQ|0h9=" fullword ascii
$s2 = "\\sfxrar32\\Release\\sfxrar.pdb"
condition:
( uint16(0) == 0x5a4d and filesize < 1000KB and ( 10 of ($s*) ) ) or ( all of them )
uint16(0) == 0x5a4d and filesize < 1000KB and all of them
}
rule PP_CN_APT_ZeroT_7 {