YARA Rule to Detect MiniASP3 in memory

By | June 16, 2015

rule MiniAsp3_mem { meta: author = “chort (@chort0)” description = “Detect MiniASP3 in memory” strings: $pdb = “MiniAsp3\Release\MiniAsp.pdb” fullword $httpAbout = “http://%s/about.htm” fullword $httpResult = “http://%s/result_%s.htm” fullword $msgInetFail = “open internet failed…” fullword $msgRunErr = “run error!” fullword $msgRunOk = “run ok!” fullword $msgTimeOutM0 = “time out,change to mode 0” fullword $msgCmdNull = “command is null!” fullword condition: ($pdb and (all of ($http*)) and any of ($msg*)) }

Share Button

2 thoughts on “YARA Rule to Detect MiniASP3 in memory

  1. Pingback: click here link click click this link good site here is the site http://www.clemsondeckbuilders.com/ www.clemsondeckbuilders.com/ clemsondeckbuilders.com/ http://www.clemsondeckbuilders.com/ www.clemsondeckbuilders.com/ clemsondeckbuilders.com/ http://www

  2. Pingback: Joseph de Saram#Rhodium

Leave a Reply

Your email address will not be published. Required fields are marked *