MrThreat/gist:ce62500fc88ce70d1c49dca4340baf9d

## gistfile1.txt
rule Roddendoc
{
meta:
	author = "Grotez"
	date = "2017-10-18"
	description = "datenight"
	hash0 = "707feb462bc1845b66eb137f517858a8"
	sample_filetype = "office"
	yaragenerator = "https://github.com/Xen0ph0n/YaraGenerator"
strings:
	$string0 = " Alias                                                "
	$string1 = "aKWufmec0olVy"
	$string2 = "SECURITY_ATTRIBUTES"
	$string3 = "*\\CNormal" wide
	$string4 = "A-101B-BHDE5"
	$string5 = "AttrThrd"
	$string6 = "lpDesktop"
	$string7 = "ThisDocument/"
	$string8 = "mjuboKrc"
	$string9 = "130503"
	$string10 = "\\Windows"
	$string11 = "2a0c04c3e"
	$string12 = "Flags As Long,        ByVal lpEnv As Long,        ByVal lpCurDir As Long,        lpStartupInfo As ST"
	$string13 = "1e1d645"
	$string14 = "yVal l "
	$string15 = "Microsoft Word 97-2003 Belgesi"
	$string16 = "SECURITY"
	$string17 = "WiVGVUsb"
	$string18 = "IdYwCmOPRFsXt0H"
condition:
	18 of them
}
	rule Roddendoc
	{
	meta:
	author = "Grotez"
	date = "2017-10-18"
	description = "datenight"
	hash0 = "707feb462bc1845b66eb137f517858a8"
	sample_filetype = "office"
	yaragenerator = "https://github.com/Xen0ph0n/YaraGenerator"
	strings:
	$string0 = " Alias "
	$string1 = "aKWufmec0olVy"
	$string2 = "SECURITY_ATTRIBUTES"
	$string3 = "*\\CNormal" wide
	$string4 = "A-101B-BHDE5"
	$string5 = "AttrThrd"
	$string6 = "lpDesktop"
	$string7 = "ThisDocument/"
	$string8 = "mjuboKrc"
	$string9 = "130503"
	$string10 = "\\Windows"
	$string11 = "2a0c04c3e"
	$string12 = "Flags As Long, ByVal lpEnv As Long, ByVal lpCurDir As Long, lpStartupInfo As ST"
	$string13 = "1e1d645"
	$string14 = "yVal l "
	$string15 = "Microsoft Word 97-2003 Belgesi"
	$string16 = "SECURITY"
	$string17 = "WiVGVUsb"
	$string18 = "IdYwCmOPRFsXt0H"
	condition:
	18 of them
	}