security:malware:yara
Dies ist eine alte Version des Dokuments!
Inhaltsverzeichnis
Create a file on vulnerable Server
count sequences of printable characters with the minimum length of 7
strings --bytes=7 sample.exe | wc -l
Rule to detect cmd.exe
offset.yar
rule cmd_rule
{
strings:
$s = "cmd.exe /c \"%s\""
condition:
$s
}
Rule to identify PE file type
pe.yar
rule IsPeFile {
strings:
$mz = "MZ"
condition:
$mz at 0 and uint32(uint32(0x3C)) == 0x4550
}
Rule to detect maleware in PE Files
malware.yar
...
security/malware/yara.1624102438.txt.gz · Zuletzt geändert: von wikiadm