mirror of
https://github.com/valitydev/signature-base.git
synced 2024-11-06 18:15:20 +00:00
15 lines
489 B
Plaintext
15 lines
489 B
Plaintext
|
|
rule Malware_JS_powershell_obfuscated {
|
|
meta:
|
|
description = "Unspecified malware - file rechnung_3.js"
|
|
license = "https://creativecommons.org/licenses/by-nc/4.0/"
|
|
author = "Florian Roth"
|
|
reference = "Internal Research"
|
|
date = "2017-03-24"
|
|
hash1 = "3af15a2d60f946e0c4338c84bd39880652f676dc884057a96a10d7f802215760"
|
|
strings:
|
|
$x1 = "po\" + \"wer\" + \"sh\" + \"e\" + \"ll\";" fullword ascii
|
|
condition:
|
|
filesize < 30KB and 1 of them
|
|
}
|