Created
October 1, 2018 19:20
-
-
Save chrisdoman/43da080fdb459d462cc65d4238b1695d to your computer and use it in GitHub Desktop.
Autogenerated Rules
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Yara rules to identify malware families, made by Yabin | |
| Auto-generated - plenty of these rules won't work as they rely on looking for compiled code | |
| */ | |
| rule BackdoorAndroidOSCoca_51dc097980b46d053085ff079b153f107d866a27dc19670b79928ec55ab336d7 { | |
| strings: | |
| $a_2 = { 558bebdcdb73a5fdef349bc5b2931e67 } | |
| $a_3 = { 558b9217b81fb2ccf3482605348e0620 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorIRCEvilbot_c6fef53b761d70c2dbb6af5aa2658878420f6969ffd82c59c0e84d1961b27b1f { | |
| strings: | |
| $a_2 = { 5589e551535657ff7508e8e10c000089 } | |
| $a_3 = { 5589e55157e8b200000089c7803f2275 } | |
| $a_4 = { 5589e581ecb800000053565731dbff75 } | |
| $a_5 = { 5589e56aff6814604000689a10400050 } | |
| $a_6 = { 5589e581ec1406000053565731ff89bd } | |
| $a_7 = { 5589e55c556a00376fef6e0168925aff } | |
| $a_8 = { 5589e581ecf400000053565731db8d7d } | |
| $a_9 = { 5589e5b8a0170000e87b230000535657 } | |
| $a_10 = { 5589e581ec380a000053565731db899d } | |
| $a_11 = { 5589e581ec1009000053565731db899d } | |
| condition: | |
| 9 of them | |
| } | |
| rule BackdoorJavaJacksbot_f270979a3a4a94151c52032a2a2a95d83ef8ac02e47e191212eaa29fa6eec5d9 { | |
| strings: | |
| $a_2 = { 558b46ae21adb9b5aa91ac6468fbdbdb } | |
| $a_3 = { 558b71a39a983a7ee184edb1cbf5a20d } | |
| $a_4 = { 558be802fc2d64ed5c474659fccecefa } | |
| $a_5 = { 558b91517afa3259dbdf7bc24e619264 } | |
| condition: | |
| 4 of them | |
| } | |
| rule BackdoorLinuxMirai_025a8aef2de0b7c60674b823a756c09e92d764f99e6edb80d621ecc58e90ac79 { | |
| strings: | |
| $a_2 = { 5589e583ec08803d2068050800740ceb } | |
| $a_3 = { 5589e557565383ec0c8a5d0c0fb67d10 } | |
| $a_4 = { 5589e553e81300000081c3fbe60000e8 } | |
| $a_5 = { 558b6c243c55e83172000083c42083f8 } | |
| $a_6 = { 5589e55383ec04bb84670508a1846705 } | |
| $a_7 = { 558b4c240c8d043b29c889f350be9001 } | |
| $a_8 = { 558b15b067050852e8df39000083c410 } | |
| $a_9 = { 5589e553e85136ffff81c3391d0000e8 } | |
| $a_10 = { 558b84244c070000408984244c070000 } | |
| $a_11 = { 5589e557565383ec2c8b45108b7d0883 } | |
| $a_12 = { 558bbc24ac51000001fb8d43015056e8 } | |
| condition: | |
| 10 of them | |
| } | |
| rule BackdoorLinuxSetag_6946cff77286dd1d9b82cd083779f86b2f908fb2f498637bca4cec3367296604 { | |
| strings: | |
| $a_2 = { 5589e5575653b8d8ffffff658b008b38 } | |
| $a_3 = { 5589e55383ec1483ec08ff75086a1ce8 } | |
| $a_4 = { 5589e5565383ec208b7508c645f601c6 } | |
| $a_5 = { 5589e5b8c7000000cd80c9c390909090 } | |
| $a_6 = { 5589e5565383ec108b7508c706207910 } | |
| $a_7 = { 5589e583ec18c645ff0183ec04ff7510 } | |
| $a_8 = { 5589e557565381ecac000000898560ff } | |
| $a_9 = { 5589e5b80000000085c07409896d0cc9 } | |
| $a_10 = { 5589e557565383ec288945cc8b480485 } | |
| $a_11 = { 5589e55756538b7d088b550c8b5d1085 } | |
| $a_12 = { 5589e5575653508b7d108b45088b7004 } | |
| $a_13 = { 5589e557565383ec2c8b45088b80d400 } | |
| $a_14 = { 5589e55383ec048b450883ec0c50e8f7 } | |
| $a_15 = { 5589e583ec08ba98f60f088b45088910 } | |
| $a_16 = { 5589e5b80000000085c07419b8d4efec } | |
| $a_17 = { 5589e556538b5d088b435c85c0752dc7 } | |
| $a_18 = { 5589e557565383ec108b7d088b750c8b } | |
| $a_19 = { 5589e583ec08b8082c13088a0084c075 } | |
| $a_20 = { 5589e557565383ec1c8945ec8955e889 } | |
| $a_21 = { 5589e5538b5d0883fb1f772f65a10800 } | |
| $a_22 = { 5589e583ec088b450883ec08688c1510 } | |
| $a_23 = { 5589e583ec0883ec086a00ff7508e815 } | |
| $a_24 = { 5589e557565383ec0c8b7d0c8b45148d } | |
| $a_25 = { 5589e5ff75106a00ff750cff7508e855 } | |
| $a_26 = { 5589e557565383ec1c8b75088b561c8b } | |
| $a_27 = { 5589e55383ec048b450883ec0c50e8ff } | |
| $a_28 = { 5589e583ec108b550c8b450889d129c1 } | |
| $a_29 = { 5589e5538b5d0c8b4d10b8c3000000cd } | |
| $a_30 = { 5589e557565383ec3889c689d7688c78 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorLinuxSetag_edf5dbe95655d2f49e4760658ea06da1b96c2df07c5c8958e32f719c45007b20 { | |
| strings: | |
| $a_2 = { 5589e557565383ec1c8b5d0c8b7508c7 } | |
| $a_3 = { 5589e55789cf565383ec448b5d0c8945 } | |
| $a_4 = { 5589e5575653658b1d0000000083ec48 } | |
| $a_5 = { 5589e583e4f883ec088b4508c7442404 } | |
| $a_6 = { 5589e55756538d4a2081ecdc01000083 } | |
| $a_7 = { 5589e583ec188b4508c700c8ed0c08b8 } | |
| $a_8 = { 5589e557565383ec4c83f9018955cc89 } | |
| $a_9 = { 5589e583ec188975f88b75148b450c8b } | |
| $a_10 = { 5589e581ec580800008b4508890424e8 } | |
| $a_11 = { 5589e583ec288b4508890424e8ad5603 } | |
| $a_12 = { 5589e55383ec24c7042400000000e8f7 } | |
| $a_13 = { 5589e557565381eca80000008b4d088b } | |
| $a_14 = { 5589e5575383e4f081ecc00000008d44 } | |
| $a_15 = { 5589e557565381ec1c0200008b4508c7 } | |
| $a_16 = { 5589e557565389c383e4f883ec208b45 } | |
| $a_17 = { 5589e557565383ec7c8b45088b909001 } | |
| $a_18 = { 5589e557565381eca4000000c7442408 } | |
| $a_19 = { 5589e55383ec248b450c890424e8c4ff } | |
| $a_20 = { 5589e5575381ec20040000c744240400 } | |
| $a_21 = { 5589e55789cf5631f65389d381ec4402 } | |
| $a_22 = { 5589e5575681ec600100008b45048db5 } | |
| $a_23 = { 5589e557565381ec901000008b75088d } | |
| $a_24 = { 5589e583e4f883ec080fb65510c74424 } | |
| $a_25 = { 5589e583ec28c745f400000000eb5d8b } | |
| $a_26 = { 5589e557565352508d85e8feffff81ec } | |
| $a_27 = { 5589e55731ff565389cb81ec84000000 } | |
| $a_28 = { 5589e557565383ec3c8b55088b451083 } | |
| $a_29 = { 5589e583ec188b450805000100008904 } | |
| $a_30 = { 558bbba0ffffff8b0785c0741590ffd0 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorLinuxShellshock_1743f358769aae7fb77176ca20cb73ee8f5f4d29f672d28a9967dc737eddf446 { | |
| strings: | |
| $a_2 = { 5589e553bb0030050883ec04a1003005 } | |
| $a_3 = { 5589e581ec78100000c7442408000000 } | |
| $a_4 = { 5589e55781ec34100000c74424040000 } | |
| $a_5 = { 5589e583ec088b45148845fc8b55080f } | |
| $a_6 = { 5589e55781ecd4000000c74424080000 } | |
| $a_7 = { 5589e557565383ec5c0fb60537330508 } | |
| $a_8 = { 5589e583ec28c745f801000000c745fc } | |
| $a_9 = { 5589e55781ecc40000008b45248945e4 } | |
| $a_10 = { 5589e581ec280200008d85fcfdffff89 } | |
| $a_11 = { 5589e583ec18a1a0930508890424e80e } | |
| $a_12 = { 5589e55383ec248b45080fb6000fb6c0 } | |
| $a_13 = { 5589e55383ec34e8b05300008945ec83 } | |
| $a_14 = { 5589e5575381ecf000000089e0898524 } | |
| $a_15 = { 5589e557565381ec0c010000e8584800 } | |
| $a_16 = { 5589e583ec188b4508890424e8f86300 } | |
| $a_17 = { 5589e583ec288b45080fb74002668945 } | |
| $a_18 = { 5589e583ec288d450c8945fc8b45fc89 } | |
| $a_19 = { 5589e583ec08eb1b8b45080fb6000fb6 } | |
| $a_20 = { 5589e583ec108b4508a3403305088b45 } | |
| $a_21 = { 5589e557565381ecac00000089e08945 } | |
| $a_22 = { 5589e581ec28100000c745f800000000 } | |
| $a_23 = { 5589e583ec288d45108945fc8b45fc89 } | |
| $a_24 = { 5589e55783ec1cc745ecc61e05088b45 } | |
| $a_25 = { 5589e55781ecd40000008b55108b450c } | |
| $a_26 = { 5589e553e81300000081c377af0000e8 } | |
| $a_27 = { 5589e583ec388b450c400fb6000fb6c0 } | |
| $a_28 = { 5589e55783ec24c745f4000000008b45 } | |
| $a_29 = { 5589e583ec08803d0033050800740ceb } | |
| $a_30 = { 5589e55756535181ece8140000c70424 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorLinuxTsunami_49cd3083c470fd42977168486193bfa757bf44559d2a63a8564d1f0e32131762 { | |
| strings: | |
| $a_2 = { 554889e5534883ec48897dcc488975c0 } | |
| $a_3 = { 554889e5534883ec38897ddc488975d0 } | |
| $a_4 = { 554889e5488b0596be20004885c07509 } | |
| $a_5 = { 554889e5534883ec48c70598572000ff } | |
| $a_6 = { 554889e54881ec20020000be00000000 } | |
| $a_7 = { 554889e54883ec2048897de8488975e0 } | |
| $a_8 = { 554889e5534883ec08488b0500432000 } | |
| $a_9 = { 554889e5415541545348897dd08975cc } | |
| $a_10 = { 554889e5534881ecd8040000ba000000 } | |
| $a_11 = { 554889e54881ece000000089bd2cffff } | |
| $a_12 = { 554889e5534881ec580a000089bdccf5 } | |
| $a_13 = { 554889e54883ec3048897dd80fb6057c } | |
| $a_14 = { 554889e5534881ec8801000089bd8cfe } | |
| $a_15 = { 554889e5534881ec6806000089bdacf9 } | |
| $a_16 = { 554889e5534881ec7801000089bd9cfe } | |
| $a_17 = { 554889e54883ec20897dfc488975f048 } | |
| $a_18 = { 554889e5534881eca80200004889bd58 } | |
| $a_19 = { 554889e54883ec20897dfc488975f089 } | |
| $a_20 = { 554889e5534881ec7814000089bd9ceb } | |
| $a_21 = { 554889e5534883ec1848897de8488975 } | |
| $a_22 = { 554889e54883ec1048897df8eb17488b } | |
| $a_23 = { 554889e5534881ec3801000089bddcfe } | |
| $a_24 = { 554889e5534881ecf819000089bd0ce6 } | |
| $a_25 = { 554889e57412b8000000004885c07408 } | |
| $a_26 = { 554889e5534881ec28040000e8d0faff } | |
| $a_27 = { 554889e5534881ec2804000089bdecfb } | |
| $a_28 = { 554889e5534881ecb814000089bd6ceb } | |
| $a_29 = { 554889e54883ec1048897df8488975f0 } | |
| $a_30 = { 554889e5534883ec28897dec488975e0 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorLinuxTurla_5a204263cac112318cd162f1c372437abf7f2092902b05e943e8784869629dd8 { | |
| strings: | |
| $a_2 = { 5589e583ec1c897dfc8b7d088975f889 } | |
| $a_3 = { 558bb560ffffff8b9d48ffffff85f60f } | |
| $a_4 = { 5589e58d45f883ec1089442404c70424 } | |
| $a_5 = { 5589e5575689c68d45e45383ec2c8955 } | |
| $a_6 = { 5589e55789cf565383ec2489c38955e4 } | |
| $a_7 = { 5589e5565383ec1c8b5d08803b000f89 } | |
| $a_8 = { 5589e557565383ec048b7d0cc745f000 } | |
| $a_9 = { 5589e583ec108b451085c07423894424 } | |
| $a_10 = { 5589e583ec048b4508890424e86f4a00 } | |
| $a_11 = { 5589e583ec10895dfc8b5d08837b38ff } | |
| $a_12 = { 5589e583ec10895df88b4d108b5d0c89 } | |
| $a_13 = { 5589e557565383ec108b550c8b450885 } | |
| $a_14 = { 5589e557565383ec1c8b7508f6460120 } | |
| $a_15 = { 5589e583ec40897dfc8b15381410088b } | |
| $a_16 = { 5589e58b4d088b510483c2308d742600 } | |
| $a_17 = { 5589e557565381ec140400008b7d088b } | |
| $a_18 = { 5589e583ec18a198600f0885c0750489 } | |
| $a_19 = { 5589e583ec1c895df48b5d088975f88b } | |
| $a_20 = { 5589e557565383ec288b3db09b0f0889 } | |
| $a_21 = { 5589e58b55085d891510900e08c389f6 } | |
| $a_22 = { 558b15700c0f0889e585d27e09b82f00 } | |
| $a_23 = { 5589e55631f65383ec1c8b15000b0f08 } | |
| $a_24 = { 558b330fb65e0cf6c301744a8b45108b } | |
| $a_25 = { 5589e5575653bb0000000083ec5c8965 } | |
| $a_26 = { 5589e557565383ec548b5d088945dc89 } | |
| $a_27 = { 5589e583ec1c895df48b5d088975f889 } | |
| $a_28 = { 5589e5565383ec048b1d8c9c0f0885db } | |
| $a_29 = { 5589e557565383ec24c745ec00000000 } | |
| $a_30 = { 5589e55731ff5689d65383ec148b5814 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorMacOSXSabPab_c3f32ba569ce3b3c8901d1bb537363317df36c42557e6a5ee4e07fd8ee7956a9 { | |
| strings: | |
| $a_2 = { 5589e557565381ec1c060000e8000000 } | |
| $a_3 = { 5589e55383ec44e8000000005b8b450c } | |
| $a_4 = { 5589e583ec188b4508668945f40fb745 } | |
| $a_5 = { 5589e557565383ec5ce8000000005b8b } | |
| $a_6 = { 5589e55383ec34e8000000005be8b523 } | |
| $a_7 = { 5589e55383ec44e8000000005b8d834c } | |
| $a_8 = { 5589e5575683ec308b450c668945e48b } | |
| $a_9 = { 5589e5575381ece0040000e800000000 } | |
| $a_10 = { 5589e5575381ec401f0000e800000000 } | |
| $a_11 = { 5589e5575381ec70040000e800000000 } | |
| $a_12 = { 5589e5575383ec70e8000000005b8b45 } | |
| $a_13 = { 5589e583ec38c745e0000000008b4510 } | |
| $a_14 = { 5589e583ec188b4510c60000c745f001 } | |
| $a_15 = { 5589e557565381ec6c040000e8000000 } | |
| $a_16 = { 5589e557565381ec6c010000e8000000 } | |
| $a_17 = { 5589e583ec38837d0cff750cc745e4ff } | |
| $a_18 = { 558b45d0f76dd489d18b45d4c1f81f89 } | |
| $a_19 = { 5589e55383ec24e8000000005b8b4508 } | |
| $a_20 = { 5589e55381ecd4040000e8000000005b } | |
| $a_21 = { 5589e5575383ec60e8000000005b837d } | |
| $a_22 = { 5589e5575683ec208b450c890424e860 } | |
| $a_23 = { 5589e55383ec74e8000000005b837d10 } | |
| $a_24 = { 5589e55381ec94000000e8000000005b } | |
| $a_25 = { 5589e583ec28e8962700008945f4c744 } | |
| $a_26 = { 5589e583ec38e84ffdffff8945f0837d } | |
| $a_27 = { 5589e55383ec44e8000000005b8b550c } | |
| $a_28 = { 5589e55383ec34e8000000005b8b450c } | |
| $a_29 = { 5589e557565381ec9c000000e8000000 } | |
| $a_30 = { 5589e55383ec44e8000000005b8b4508 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorMSILBladabindi_00d4bc6e5591439edba5b9ffcd524c5400bcf13a82fe1438b723d3b7c95ba08f { | |
| strings: | |
| $a_2 = { 558bec83c4f8e84167f7ff8855fb8945 } | |
| $a_3 = { 558bec51538945fc8b45fc83c020508b } | |
| $a_4 = { 558b45f00145f47105e8ba44fcffeb46 } | |
| $a_5 = { 558bec518945fc8b45fc83b8a4000000 } | |
| $a_6 = { 558bec83c4f8538945fc8b45fce86ed3 } | |
| $a_7 = { 558bec83c4e833d28955f48955ec8945 } | |
| $a_8 = { 558bec518b550c8b45088b00e8c39efa } | |
| $a_9 = { 558bec83c4f88855fb8945fc8b45fc83 } | |
| $a_10 = { 558b45f0508b45f88b4038058e4379a6 } | |
| $a_11 = { 558bec83c4f48955f88945fcbab00348 } | |
| $a_12 = { 558bec83c4f4668955fa8945fc8b45fc } | |
| $a_13 = { 558becb9eb0000006a006a004975f951 } | |
| $a_14 = { 558bec83c4f88955f88945fc8b45f850 } | |
| $a_15 = { 558b45f0508b45f88b401805134630a8 } | |
| $a_16 = { 558b45ec508b45f88b0005fa27a1ea50 } | |
| $a_17 = { 558bec51538bd868ffff00008bcaa160 } | |
| $a_18 = { 558bec33c055683909480064ff306489 } | |
| $a_19 = { 558bec51538945fc8b45fc83c022508b } | |
| $a_20 = { 558b45e8508b45f88b4020054f7ea86f } | |
| $a_21 = { 558bec33c05568f2f9450064ff306489 } | |
| $a_22 = { 558bec83c4e88945fc8b45fc8b10ff12 } | |
| $a_23 = { 558bec83c4e48955f88945fc6a03c745 } | |
| $a_24 = { 5589e5c9c39090908d4c240483e4f0ff } | |
| $a_25 = { 558bec51ba2c794400a15c8e5300e835 } | |
| $a_26 = { 558bec83c4d453565733c9894dd88955 } | |
| $a_27 = { 558bec83c4f8e8c15bfbff8855fb8945 } | |
| $a_28 = { 558bec83c4a433c08945fc33c0556806 } | |
| $a_29 = { 558bec83c4f8538855fb8945fc6a2033 } | |
| $a_30 = { 558ba872ce15922599dd4e19972720e7 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorMSILCorinrat_1ea1c1f5cc55bb9b89304d55f1bfa17196a8808b8620ff3a6c7886e7669c6a96 { | |
| strings: | |
| $a_2 = { 558bec83fe287a00fb770cff7508e89b } | |
| $a_3 = { 558b401cff35dca041008b7010e887d7 } | |
| $a_4 = { 558bec83ec30682c130410e83e4bffff } | |
| $a_5 = { 558beca1e0fd490083ec24c717deef49 } | |
| $a_6 = { 558becff7508e8f40612025d87c07405 } | |
| $a_7 = { 558bec568b751085f67429538b5d0c51 } | |
| $a_8 = { 558bec6a006a0068de7810f06800eafe } | |
| $a_9 = { 558bec83ec3856576a255e6e675d6e5e } | |
| $a_10 = { 558bec568b75085756e8ac0000004f89 } | |
| $a_11 = { 558bec83ec0c53565733dba8d11541d7 } | |
| $a_12 = { 558bec5dfdb9e9fdfb578becff7508ec } | |
| $a_13 = { 558bec83f8524154536825586a735e78 } | |
| $a_14 = { 558bec81ec50020000515447680eea3d } | |
| $a_15 = { 558bec8b4d108b550cf7d1568b650af9 } | |
| $a_16 = { 558beceb711ce8f0f9ffff5985c07502 } | |
| $a_17 = { 558bec5151833d70b94900000f841f07 } | |
| $a_18 = { 558bea8d551281c27517ff750c2d4304 } | |
| $a_19 = { 558bec56ff650eef750c6a48544100e8 } | |
| $a_20 = { 558bec83ec0c53569d751e578f7f0856 } | |
| $a_21 = { 558bec83e8920004025657e8c4090000 } | |
| $a_22 = { 558bec515156578b7d0868607e4100f9 } | |
| $a_23 = { 558bec6a006a0068ff8bf6fb6e0be87d } | |
| $a_24 = { 558bec83ec206a2a586a2e648951f45c } | |
| $a_25 = { 558bec83ec1853426a058f45fc33db50 } | |
| $a_26 = { 558bec83ec1c5633f68975f48975eeee } | |
| $a_27 = { 558bec8b4d0c83d9741331d28bc16639 } | |
| $a_28 = { 558bec85ecb2000402535733db53556c } | |
| $a_29 = { 558bec8b59169b571081ec3c5785c97a } | |
| $a_30 = { 558be8816f0a04761c5633f6565668df } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorMSILDalatar_19fed3675cac656d729600e42023bf54f42bd40ac91ac7432d8072b50b4c5fcc { | |
| strings: | |
| $a_2 = { 558ba573cdfc0d7b8fed14f5ee92ab87 } | |
| $a_3 = { 558b52acb3dcdfe410d67172fa6bdb35 } | |
| $a_4 = { 558b5edabe6dfb422b4d963b8c491a50 } | |
| $a_5 = { 558bf2ce643dcba5f103a1e811704eb1 } | |
| $a_6 = { 558b01d6396f385b2e985d9c60fc3580 } | |
| $a_7 = { 558b2aeadb9f827c887b45ca8b434a2b } | |
| $a_8 = { 558bde434cf0aeac19b0f4b0eaba982c } | |
| $a_9 = { 558b729bdab87aa37bc5a14bfdabe9d4 } | |
| $a_10 = { 558b41f29ea70972e6565012469c42ba } | |
| $a_11 = { 558baa4cbbea5fb8ce593b0e41565ea9 } | |
| $a_12 = { 558b0e350205bcec30b2f28f15ac323c } | |
| $a_13 = { 558bb156c1cd0af989efd2366d882955 } | |
| $a_14 = { 558b1a36530163600c72bfd966c36810 } | |
| $a_15 = { 558b56968a6f334746ee001bb7e85baf } | |
| $a_16 = { 558b49b33e828345fc42176982abb06c } | |
| $a_17 = { 558b4c56784766a32bee69c829d75706 } | |
| $a_18 = { 558b1cd63d4a43a0f1d92383a7ef587a } | |
| $a_19 = { 558b91256366200fe31c0ce222fbc20e } | |
| $a_20 = { 558b491dde6f2de812f5d3e91042bd9d } | |
| $a_21 = { 558b7bf15d0a231cbcafef1267798c74 } | |
| $a_22 = { 558b985220df8a7469f5a9c734531d61 } | |
| $a_23 = { 558b986633717ebd76b527b7a7b8a7be } | |
| $a_24 = { 558b34052582defaba547edda3df0840 } | |
| $a_25 = { 558bbed529ca06d6c6bc0725e0b6bc7a } | |
| $a_26 = { 558b5c324458a4bc55c2d879728ff50a } | |
| $a_27 = { 558b19fd8cee29da1886b9f47dfce70e } | |
| $a_28 = { 558b76060eabd04bf7d6eca79d3e5061 } | |
| $a_29 = { 558bbc9b68fb42a2599e4c233a3b32f8 } | |
| $a_30 = { 558b5cc7725c2c91eab7b6773c819718 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorMSILDraliz_048c75bd510f5d85774f9da0d8fb5fc337e7b16c25468ff32c1c2667b3a38b76 { | |
| strings: | |
| $a_2 = { 558bd8601aba3921132624c96a1467ab } | |
| $a_3 = { 558b5505f6143cb6e3c21c89cbb81da9 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorMSILFirsot_c4aae35fa55731370896d91dd2f00b97f7ea8cf0491f78943f90b969a268ba1e { | |
| strings: | |
| $a_2 = { 558b3e5cefc83c3aaf98d21faa999c90 } | |
| $a_3 = { 558b5e9b757fa3e1cdff1bd556886c05 } | |
| $a_4 = { 558bb9cc70dc812c060e8619ca731798 } | |
| $a_5 = { 558bd153b9d274f16dcee3736a950e91 } | |
| $a_6 = { 558bb934286caf8220e1f98674b34254 } | |
| $a_7 = { 558bf29d6b0560157469bc1fed2dc255 } | |
| $a_8 = { 558b568965c4f3627e21e3b3495c28f6 } | |
| $a_9 = { 558b18d9c9f2eb7d70893539b93602ca } | |
| $a_10 = { 558b0d14db2abee34bf2302e6083184a } | |
| $a_11 = { 558bd119d3eb46a5bcf0f6f701e72a09 } | |
| $a_12 = { 558b72df819fc4cf92b9270beb3d21bb } | |
| $a_13 = { 558bbaf307dacd58b1f2db7b5b3236ee } | |
| $a_14 = { 558b0f240e18e52cf52e63358680effe } | |
| $a_15 = { 558b15830011cd06af67a25d4e47fa04 } | |
| $a_16 = { 558b721747d99a590cb4f4b3b89a3cc1 } | |
| $a_17 = { 558b13bdff1f41e91f16ee3cec636a9c } | |
| $a_18 = { 558b9a266bb54c5884bff330da91e063 } | |
| $a_19 = { 558b76c8fad5b524ffb00a142dfaaa08 } | |
| $a_20 = { 558b4e95d0e9a8553eaf79a26d1564de } | |
| $a_21 = { 558b8fd4ad6f7fe7c8fc4b67c29ff094 } | |
| $a_22 = { 558b135038a961a468d7eb0fc258be7f } | |
| $a_23 = { 558b1e8294ace89a5a5a267af2edce9c } | |
| $a_24 = { 558bf1e4cc533e811964d7939dae0079 } | |
| $a_25 = { 558b6694c196015c62e7d413c810c08c } | |
| $a_26 = { 558b522dc948e8bae55cb91ebdb9681f } | |
| $a_27 = { 558b81d2974dd373537f8a12e1932450 } | |
| $a_28 = { 558b86cbc39a400b22c884d7b7e02395 } | |
| $a_29 = { 558b3aac2e05c21a087efcdfa8ceb35d } | |
| $a_30 = { 558b6280ccb818ef3db74d7cc08fe77b } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorMSILFynloski_f45ce10220eef4eb1f22d58a167d3ffd0f7917497c644773b0719f3911f298cd { | |
| strings: | |
| $a_2 = { 558bc34110fe4997063f191002c1eb18 } | |
| $a_3 = { 558b0b64481eac1f0214803c41329100 } | |
| $a_4 = { 558bf0c46fb81e10f32b884e83c60481 } | |
| $a_5 = { 558b70fb9ec1e5d35d4a1c9ebdf56529 } | |
| $a_6 = { 558bc705ce91c0b3dfdb07720c050744 } | |
| $a_7 = { 558b5457c657bcbfaa7a2c425a57d523 } | |
| $a_8 = { 558bd8ac1e3006036fb3215f0c17b027 } | |
| $a_9 = { 558bcad038dbfdf77b9cb9e01e2bcb89 } | |
| $a_10 = { 558bec531018e0076894dc654875608b } | |
| $a_11 = { 558b48d31699fe3f533ce4f8664fdab3 } | |
| $a_12 = { 558bfb5482b0924c31a8b868c908d707 } | |
| $a_13 = { 558bfd66a34f1bd5d248398406822f03 } | |
| $a_14 = { 558bc573f5362947216a49be5406ff8e } | |
| $a_15 = { 558bd79514291fb803dbfcb591d18fe3 } | |
| $a_16 = { 558bccc3727422067f02f03b150c6a14 } | |
| condition: | |
| 13 of them | |
| } | |
| rule BackdoorMSILGataspi_32342bb2a1f293c2f3dca2d8da8bb5d36129396987ab61d27357d324cf04b483 { | |
| strings: | |
| $a_2 = { 558bec83c4f8538bda33c05568a01542 } | |
| $a_3 = { 558bf28bd88bc6e8b1c6ffff8bf88bc3 } | |
| $a_4 = { 558bec6a0033c05568da0a410064ff30 } | |
| $a_5 = { 558bec51538bda8945fc8b45fc8b8040 } | |
| $a_6 = { 558bec6a0033c05568f6e0400064ff30 } | |
| $a_7 = { 558bec83c4c053565733c9894df0894d } | |
| $a_8 = { 558bda8be8c64524018b45048b40043b } | |
| $a_9 = { 558bec538bd833c08943248b45088943 } | |
| $a_10 = { 558bf833ed8b87a00100008b70084e85 } | |
| $a_11 = { 558bec83c4e0538945fc8b45fc8b4028 } | |
| $a_12 = { 558bec5153884dff6683786e0074188a } | |
| $a_13 = { 558b2461137603056e4f4279e2b1ab49 } | |
| $a_14 = { 558bec33c0556851dd430064ff306489 } | |
| $a_15 = { 558bec83c4a853565733c9894da88bda } | |
| $a_16 = { 558bec33c0556878ae420064ff306489 } | |
| $a_17 = { 558bec53568b750883c6fc33db8b06ba } | |
| $a_18 = { 558bec33d28ad08b450883c0f8e88e92 } | |
| $a_19 = { 558bec535684d2740883c4f0e85bfaf8 } | |
| $a_20 = { 558bec33c05568e5ff410064ff306489 } | |
| $a_21 = { 558bd38b45ece8568dfbffe8f5faffff } | |
| $a_22 = { 558bec83c4ec535633c08945fc8b5d08 } | |
| $a_23 = { 558bec8b55088b450c8b4d10e8a315f8 } | |
| $a_24 = { 558bfa8bd88b77088b8318010000f7d8 } | |
| $a_25 = { 558bec83c4f853568855fb8945fc8b45 } | |
| $a_26 = { 558b24353a2c2cbf8c80631b495fa3d2 } | |
| $a_27 = { 558b45fc8b4018e86df6ffff59eb0d55 } | |
| $a_28 = { 558bec536a008b5d0853515250e8d2f9 } | |
| $a_29 = { 558bec83c4f853bbfcd64b00e84741fd } | |
| $a_30 = { 558bec6a00538bd833c05568d0024800 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorMSILGeravib_4e22fbd1dc53414b55e26605c611e45723b92ef9b82387b20f88384da11f52a5 { | |
| strings: | |
| $a_2 = { 558b83cef8c08cb66d7a4b19a639b53d } | |
| $a_3 = { 558b0ed3d519193159c793d3b597e89f } | |
| $a_4 = { 558b9d8364e74c62cc8872dc44d422e9 } | |
| $a_5 = { 558b4c5741f201a944b44a4cc9afc27d } | |
| $a_6 = { 558b92f0dea204996b8ac2c862047642 } | |
| $a_7 = { 558be6b6adfe506ac4dc0598552e26ec } | |
| condition: | |
| 6 of them | |
| } | |
| rule BackdoorMSILGetob_8bb00be4e25a15ec2034774875f9c938b9894773b832f4b86f4002a5d824fb08 { | |
| strings: | |
| $a_2 = { 558b3394a7bb1e9c787f04d4f44a6a31 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorMSILMinerbot_b5768140606674793013c4e7326438681e13b0f7b9eac740283dcd20a46faa5f { | |
| strings: | |
| $a_2 = { 558bbf7745c125d3d62fc2691cef5bf3 } | |
| $a_3 = { 558b440f631621fc1c05108e70a8b900 } | |
| $a_4 = { 558b11fd9e8cd76ccac7408f35a257d5 } | |
| $a_5 = { 558b31caece8fef2955dba3177fb862d } | |
| $a_6 = { 558b7edd9c7352c72822049f55043b1b } | |
| $a_7 = { 558b5efdbb4684f832b0194b494ecbef } | |
| $a_8 = { 558b38f861b71ab749e7f73bea283c29 } | |
| $a_9 = { 5589e5505351568b75088b4d0cc1e902 } | |
| $a_10 = { 558bcaaf4abf65abae3323ef4e14c868 } | |
| $a_11 = { 558b4bf18025fd1ebcda45945760cfc1 } | |
| $a_12 = { 558b0155c2745cbbe28b0bdef42e5159 } | |
| $a_13 = { 558bcb32596a39c5ab25fe8e022d3689 } | |
| $a_14 = { 558b434bed04e4842fef331c1fc9f72d } | |
| $a_15 = { 558b4a5c1ee9d5ba0555d19d69798bb5 } | |
| $a_16 = { 558b71ef053a7d1082fd8846487fa9d8 } | |
| $a_17 = { 558b2f080ca0682e3894593b604b82c1 } | |
| $a_18 = { 558bb3591f245b2d1803ebc50ae10522 } | |
| $a_19 = { 558bc856c252090609ecd1a7428b3092 } | |
| $a_20 = { 558bfb50594c9a6190a601e66a05fc5f } | |
| $a_21 = { 558b9059a649f89a954ef7252b3bffe2 } | |
| $a_22 = { 558b717531702dfe66aab5e69116fa21 } | |
| condition: | |
| 18 of them | |
| } | |
| rule BackdoorMSILMinerbot_f3bbf13ccf5b9276d5fe7056b17385bee69862a01cead757b7c35a0dcab4324d { | |
| strings: | |
| $a_2 = { 558bbbbb22228888555bbc88ccbbb222 } | |
| $a_3 = { 558bfc860a8939d32a87582defdc1352 } | |
| $a_4 = { 558bbbbbb555fffbbb2bbb25bbbb8555 } | |
| $a_5 = { 558bbbbb555559999992222555999555 } | |
| $a_6 = { 558b0f0ab3c9af26a026309fe79bb570 } | |
| $a_7 = { 558bdbcce5974645977435c2f22770ed } | |
| $a_8 = { 558bbbbb22225555555bbf8855bbbccc } | |
| $a_9 = { 558bbc22ccc5555555bbbbbccccccccc } | |
| $a_10 = { 558bbbbcccc559999999995588888bbc } | |
| $a_11 = { 558ba594a5252c056279d69152fcad65 } | |
| $a_12 = { 558bbbbb55555522222bbb25bbbb8555 } | |
| $a_13 = { 558bbb2bb88822222bbbbb555bc99922 } | |
| $a_14 = { 558b2d1a54b9ad58c78f5473bb79aa45 } | |
| $a_15 = { 558b74f72d019adb3a4df507352d3000 } | |
| $a_16 = { 558bb22255bbbb2555555fc8cccbc995 } | |
| $a_17 = { 558bbb555558bbbbb98888888899999c } | |
| $a_18 = { 558bbbbbb88228222bbbbb555999999b } | |
| $a_19 = { 558bbbbbbbbf22555bbb299b88b555ff } | |
| $a_20 = { 558b8ef376844c5c6304a37ebf1d83f2 } | |
| $a_21 = { 558b10b0e20771faf3ad1101e63a02ee } | |
| $a_22 = { 558bfffff2225fff555bbf8855bbbccc } | |
| $a_23 = { 558b71d05f1627aa0e7d19785657f36e } | |
| $a_24 = { 558bb0d9ce4977b00eef7ea43a9554d1 } | |
| $a_25 = { 5589e5505351568b75088b4d0cc1e902 } | |
| $a_26 = { 558b6189bcae9c6567b034d1fdaf4114 } | |
| $a_27 = { 558bea0873880bc71cc4c4446b8a4b18 } | |
| $a_28 = { 558b4e59d1473bf2ea59e932f07bf698 } | |
| $a_29 = { 558bbbbbb55cc855bbbbbb59ccc9999b } | |
| $a_30 = { 558b2a4fbcba271a30f7f77212e6e76c } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorMSILNoancooe_5d15b5ad7e0b93272e39747573d5e8c666dd4057c688553e58fb333f74827677 { | |
| strings: | |
| $a_2 = { 558bc5c8e8fe453a5036e7444d698aec } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorMSILNoancooe_cfe04c09e1ff03e9b4320aa78c8b84beb519a67192100db67f1d793919243b5a { | |
| strings: | |
| $a_2 = { 558bc74d2ab33f01e394344d252f368c } | |
| $a_3 = { 558beedf05278896ad728078e410b81e } | |
| $a_4 = { 558bdd588b77d3f44e53793d95ad6e61 } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorMSILOmaneat_dc462ccfc4cccd023f26b8e62b94d44d514dac199c185a0799a749c4759fdc9b { | |
| strings: | |
| $a_2 = { 558b8b2adfa8c30f0ea20254e290da16 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorMSILOrcus_4163e40a0d2dae2fef5183fb4a87597431cc4e6808ce92a6b02f630f32d34c76 { | |
| strings: | |
| $a_2 = { 558be5c8e4f209716b673c592c006659 } | |
| $a_3 = { 558bfdcd99849085df5b1b71e570a011 } | |
| $a_4 = { 558b3a102faf6261ef5ea1038d85267f } | |
| $a_5 = { 558bf7fe2939dd78422c3c02e064ffdd } | |
| $a_6 = { 558bd00f3163cbcb36592d98ee310ec6 } | |
| $a_7 = { 558bb8010079b5f79929c4ade40e56a7 } | |
| $a_8 = { 558b65c94720382b259381eb6c16209f } | |
| $a_9 = { 558b6babb133d4c748f969a90b9ebc67 } | |
| $a_10 = { 558b00a479386f8006f053bf6c805b26 } | |
| $a_11 = { 558b73a65e370b98ea758c82f4ddf5b8 } | |
| $a_12 = { 558b7434a41853ad6284f1e41c67f999 } | |
| $a_13 = { 5589e583ecdc57e8dc2b015f81ef7871 } | |
| $a_14 = { 558bd30e27016158f966ad18b06576a9 } | |
| $a_15 = { 558b616897844cafe44301e76b17cae8 } | |
| $a_16 = { 558b15ce5169fca4ce9e50a0822817b4 } | |
| $a_17 = { 558be41209c2b70ab29af7012abd0330 } | |
| $a_18 = { 558bf9db23c00d81a1ae902829c51734 } | |
| $a_19 = { 558be185a677ee9f628fd220a4151e32 } | |
| $a_20 = { 558bd606d1a0045070921830ec514807 } | |
| $a_21 = { 558b9695281f06ab9cad316355958176 } | |
| $a_22 = { 5589e5505351568b75088b4d0cc1e902 } | |
| $a_23 = { 558be97ca2bccc57a81f95a9d9485416 } | |
| $a_24 = { 558b033668ab9e754e488f5526c6d1cc } | |
| $a_25 = { 5589e581c5ab4ab4082c256c4a04b4e5 } | |
| $a_26 = { 558b0015cec569e04ef4d700fcaf2402 } | |
| condition: | |
| 21 of them | |
| } | |
| rule BackdoorMSILOrcusrot_2b3dfde1dde3ec6f16a75cd7d45b92f5f997c6af4d8982e998c7103e543b6b02 { | |
| strings: | |
| $a_2 = { 558b25c8f7cbb2d943166531f7b59be7 } | |
| $a_3 = { 558b3a3fbcfd2641fc5475a2713fa0ea } | |
| $a_4 = { 558b6be4ee9bc09ca3ceed8a0aa488bc } | |
| $a_5 = { 558bb58eb2ab99bdcf8aca147c43a460 } | |
| $a_6 = { 558bb85d25008d1cd9f3a6d9282ca8e9 } | |
| $a_7 = { 558b7bd7d59e216a372d11cb6f799ffd } | |
| $a_8 = { 558b6b26b5e0176a88a13a5b5543dafc } | |
| $a_9 = { 558b9b8b0e569d9ddcc39075b313f5ed } | |
| condition: | |
| 7 of them | |
| } | |
| rule BackdoorMSILSisbot_0fd09cfe0eddc93bce0182924c5a577f622b048d039b36f42c90f20cd688d1f7 { | |
| strings: | |
| $a_2 = { 558b1c528b1c52ac6a388b1a8e28b172 } | |
| $a_3 = { 558b92916858471f94a91a8e2558b92a } | |
| $a_4 = { 558b1d65584f0f0558c7ad6b30c15626 } | |
| $a_5 = { 558b84a46a381562e12ac6a381562c70 } | |
| $a_6 = { 558b9290c9562e4a43094865690ca522 } | |
| $a_7 = { 558b1c529170956351c058d4702a46a3 } | |
| $a_8 = { 558b92ac58e294860a45c956351c7e50 } | |
| $a_9 = { 558b92ac6b2956264a45c9562e52aae4 } | |
| $a_10 = { 558b1c4a46a382558d4704a46b095635 } | |
| $a_11 = { 558b8f0522e02182ac5c148612917055 } | |
| $a_12 = { 558b9291729562e4ab1638a558b92ac5 } | |
| $a_13 = { 558b1c12ac5c14864a45ca558b92ac58 } | |
| $a_14 = { 558b9290c9562e52ac5c8b1729562e52 } | |
| $a_15 = { 558b1d456b9e57d710956263f0ab0f59 } | |
| $a_16 = { 558b1c7c156351c1162c702ac58e28b1 } | |
| $a_17 = { 558b84ab170522c704ab1638948b94ab } | |
| $a_18 = { 558b94ab173e0a45c148b94ab170522e } | |
| $a_19 = { 558b92ac329562e4ab172522e52b5172 } | |
| $a_20 = { 558b8291a8e02c5c2558d60a778b1c12 } | |
| condition: | |
| 16 of them | |
| } | |
| rule BackdoorMSILSplori_bf03b45106c15f35e95b8f5daff6a258306bef33b69b45b690b2a9dfd3c94386 { | |
| strings: | |
| $a_2 = { 558b929f9bf8cdf392ffc87c750f2f4b } | |
| $a_3 = { 558b3e688d8386d699187749e3e8dc68 } | |
| $a_4 = { 558b7a89d893d738500000007e7d837a } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorMSILSymratek_b3ca1a1da2d0be59d20f0bd3d7475da42f835ab423a865d05791270795356028 { | |
| strings: | |
| $a_2 = { 558b6095ba70ac7fcb21ee96f3d2cfd0 } | |
| $a_3 = { 558b645c3699426fc1532a6a3ab84367 } | |
| $a_4 = { 558be538f4cd008d2be12e72fd343895 } | |
| $a_5 = { 558bebbd3194bf6aa30a7c297b3004b6 } | |
| $a_6 = { 5589e52f1e066a0e869ea1e70d80d1dc } | |
| $a_7 = { 558be667235cfd71518de00138d024b7 } | |
| $a_8 = { 558b2474f08f7774ae46c587b4381cd8 } | |
| condition: | |
| 6 of them | |
| } | |
| rule BackdoorMSILTelebot_d462966166450416d6addd3bfdf48590f8440dd80fc571a389023b7c860ca3ac { | |
| strings: | |
| $a_2 = { 558b020000000100f432020000000100 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorPHPB374kshell_7feab00a6048bd8405008170a3cfb8075dce859b5c820f9ca532555dd259557e { | |
| strings: | |
| $a_2 = { 558b7a54adef9dbe2def6e4b5ae04594 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorVBSQakbot_75dae5f997eee623dae3cb59edd66d7f5ec31f49cbf386f0245d5edab304d3ff { | |
| strings: | |
| $a_2 = { 5589e583e4f883ec10f30f1005304000 } | |
| $a_3 = { 5589e583e4f883ec08e8d2faffff8b40 } | |
| $a_4 = { 5589e583e4f883ec188b450831c98944 } | |
| $a_5 = { 5589e553575683e4f883ec488b450c8b } | |
| $a_6 = { 5589e553575683e4f883ec488d05b02d } | |
| $a_7 = { 5589e553575683e4f881ec880000008d } | |
| $a_8 = { 5589e553575683e4f883ec608b450c8b } | |
| $a_9 = { 5589e553575683e4f881ec880000008b } | |
| $a_10 = { 558b682ceff209110b187c75086198b9 } | |
| $a_11 = { 558bd52e657488c54ef127e9c24b2d0c } | |
| $a_12 = { 5589e55683e4f883ec688b450c8b4d08 } | |
| $a_13 = { 5589e553575683e4f883ec308b45108b } | |
| $a_14 = { 5589e583e4f883ec18c7442414a56915 } | |
| $a_15 = { 5589e553575683e4f881eca80000008b } | |
| $a_16 = { 5589e553575683e4f881eca00000008d } | |
| $a_17 = { 5589e553575683e4f883ec28b8feffff } | |
| $a_18 = { 5589e5575683e4f883ec188b45108b4d } | |
| $a_19 = { 5589e583e4f883ec288b45088b4c241c } | |
| $a_20 = { 5589e553575683e4f881eca00000008b } | |
| $a_21 = { 5589e553575683e4f881ecd000000031 } | |
| condition: | |
| 17 of them | |
| } | |
| rule BackdoorWin32Aebot_f549654c98c1a7783fa3c13176409284d53c749bafcd373351368f3f2bdcf4ee { | |
| strings: | |
| $a_2 = { 558bec515153568b35785d4200578b56 } | |
| $a_3 = { 558bec81ec84000000568b75085733ff } | |
| $a_4 = { 558bec83ec4456576a09be802d420059 } | |
| $a_5 = { 558bec83ec388365fc00c745c8282742 } | |
| $a_6 = { 558bec5356578b7d0857e837610000ff } | |
| $a_7 = { 558bec81ec880000008d45fcc745f880 } | |
| $a_8 = { 558bec81ecdc000000535657bed02742 } | |
| $a_9 = { 558bec81ec1c0100005356578d85e4fe } | |
| $a_10 = { 558bec81ec0008000056beff03000056 } | |
| $a_11 = { 558bec51568b750885f6745aa1540643 } | |
| $a_12 = { 558bec51833dc8f042000053751d8b45 } | |
| $a_13 = { 558bec81ecb80500008b450853565733 } | |
| $a_14 = { 558bec803decf0420000535674278b5d } | |
| $a_15 = { 558b4524890da43942006bc03c034528 } | |
| $a_16 = { 558bec81ec0c0200005357bf00010000 } | |
| $a_17 = { 558becb860120000e8fa5a0000535657 } | |
| $a_18 = { 558bec81ec80030000538b1d18a14100 } | |
| $a_19 = { 558bec83ec0c53568b7508573b352006 } | |
| $a_20 = { 558bec81ec04030000568d85fcfcffff } | |
| $a_21 = { 558bec518365fc005657be80654200bf } | |
| $a_22 = { 558bec81ec000d00008b4508538b1d18 } | |
| $a_23 = { 558bec81ec04050000538b1d78a24100 } | |
| $a_24 = { 558bec81eccc0000008d45f050ff155c } | |
| $a_25 = { 558bec83ec2c56576a05bebc32420059 } | |
| $a_26 = { 558bec81ec20070000535657bedc3342 } | |
| $a_27 = { 558bec5657688c1c4200ff7508e83f63 } | |
| $a_28 = { 558bec5657ff7508e8d52100008bf08d } | |
| $a_29 = { 558bec81ec1802000053565733ff68fa } | |
| $a_30 = { 558bec5153568b355c3d420057837e10 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Afbot_c3bccae52b4c5c96da47f5c8445d21f12498eaba8a884e1998cf5bc99f3da032 { | |
| strings: | |
| $a_2 = { 558bec505156578b750c8b7d088b4d10 } | |
| $a_3 = { 558bec81c4a8f9ffff6853020000ff75 } | |
| $a_4 = { 558bec81c4acf9ffff6853020000ff75 } | |
| $a_5 = { 558bec81c490deffff6801010000ff75 } | |
| $a_6 = { 558bec81c4eceeffff680a010000ff75 } | |
| $a_7 = { 558bec81c4f0feffff52515657686e50 } | |
| $a_8 = { 558bec81c400fcffff52515657687550 } | |
| $a_9 = { 558bec81c454ffffff5053515657688d } | |
| $a_10 = { 558bec56578b45088b7d0c0bc0743883 } | |
| $a_11 = { 558bec81c44cfbffff5251565768a450 } | |
| $a_12 = { 558bec51525657be5a8b400033c9eb37 } | |
| $a_13 = { 558bec50515657b9000000008b750c8b } | |
| $a_14 = { 558bec51525657be5a8b400033c9eb2e } | |
| $a_15 = { 558bec81c440ffffff6a49ff75088d45 } | |
| $a_16 = { 558bec575633c08b750833c933d28a06 } | |
| $a_17 = { 558bec83c4fc505657e8ae27000033c9 } | |
| $a_18 = { 558bec83c4fc50565768000400006864 } | |
| $a_19 = { 558bec81c470ffffff8b451489857bff } | |
| $a_20 = { 558bec83c4dc6a09ff75088d45f750e8 } | |
| $a_21 = { 558bec81c4f8feffff68050100008d85 } | |
| $a_22 = { 558bec81c464ffffff505156576a4fff } | |
| $a_23 = { 558bec81c478ffffff51565768805340 } | |
| $a_24 = { 558bec515657be5a8b400033c9eb3151 } | |
| $a_25 = { 558bec81c404fcffff50525156576a00 } | |
| $a_26 = { 558bec81c4fceeffff5053515657ff75 } | |
| $a_27 = { 558bec81c44cf7ffff6a45ff75088d45 } | |
| $a_28 = { 558bec81c4c0fdffff680e010000ff75 } | |
| $a_29 = { 558bec81c400f8ffff50515657ff7510 } | |
| $a_30 = { 558bec83c4fc5053515256578b7508bf } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Afcore_e6644c7857e43a484eb5dda39e8d23af68f9179f0155438cbabcbed52776f06a { | |
| strings: | |
| $a_2 = { 558bec33c03905c8b901627449ff7508 } | |
| $a_3 = { 558bec538b5d0cff336870e10162e82e } | |
| $a_4 = { 558bec53568b5d0c8b7508ac0ac07406 } | |
| $a_5 = { 558bec518b4d0ce31157b00a8b7d08f2 } | |
| $a_6 = { 558becff750ce804000000c9c20800c8 } | |
| $a_7 = { 558bec5051525356578b4d148b550c8b } | |
| $a_8 = { 558bec8b5d0c687fb2016253ff7508e8 } | |
| $a_9 = { 558bec578b7d08f70700010000751aff } | |
| $a_10 = { 558bec83ec18535657e862a5ffff8945 } | |
| $a_11 = { 558bec538b5d08f70304000000746583 } | |
| $a_12 = { 558bec8b4d0cff71246870e10162e85b } | |
| $a_13 = { 558becfc810d781a0262000008006a00 } | |
| $a_14 = { 558bec8b4d0c8d914404000052ffb124 } | |
| $a_15 = { 558bec5157b00083c9ff8b7d08f2aef7 } | |
| $a_16 = { 558bec538b1d30d801620bdb0f84ad00 } | |
| $a_17 = { 558bec515253578b5d0c8b7d08ff7304 } | |
| $a_18 = { 558bec6a006a006a33ff7508e80b6e01 } | |
| $a_19 = { 558bec6854b20162ff750cff7508e857 } | |
| $a_20 = { 558bec515253578b7d08837d0c000f84 } | |
| $a_21 = { 558bec837d10007465538b5d08f74314 } | |
| $a_22 = { 558bec51568b4d0c8b75080bc9740f53 } | |
| $a_23 = { 558bec5051528b4d0c83e90cff7104ff } | |
| $a_24 = { 558bec538b1de8d801620bdb0f84ca00 } | |
| $a_25 = { 558bec8b0dccbc0162e335578b4508bf } | |
| $a_26 = { 558bec833dacb00162007434515657b9 } | |
| $a_27 = { 558bec5356578b7d08f787c800000000 } | |
| $a_28 = { 558bec5356578b5d0c8b73088d7b0cc6 } | |
| $a_29 = { 558bec515633c08bc88b7508eb0f2c30 } | |
| $a_30 = { 558becfcc705d0c50162000000008b4d } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Aimbot_7d8f5c0e968e5fb49ea9100352a6cbedc4c9d40c853b57494857560868faa26f { | |
| strings: | |
| $a_2 = { 558b120894accd6cb7e866adeb4d2601 } | |
| $a_3 = { 558b4d5823c7d34d1868a971a7488c35 } | |
| $a_4 = { 558bec83e420ec48535529f5348b0dbb } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorWin32AimMaster_49991003f8102eb4de761725625ace309aef656885b659a1b616c839a3097b07 { | |
| strings: | |
| $a_2 = { 558bec515168961b400064a100000000 } | |
| $a_3 = { 558bec83ec1868961b400064a1000000 } | |
| $a_4 = { 558bec51565733ff897dfce85295ffff } | |
| $a_5 = { 558bec83ec0c68961b400064a1000000 } | |
| $a_6 = { 558bec83ec1468961b400064a1000000 } | |
| condition: | |
| 5 of them | |
| } | |
| rule BackdoorWin32Alaveensee_d040efc859a7a4612a819170d06298a045c0e9da1c5026bf90f4ead2e59cd97a { | |
| strings: | |
| $a_2 = { 558bec81ecc4010000a180a64d0033c5 } | |
| $a_3 = { 558bec83e4f86aff68e4fe4b0064a100 } | |
| $a_4 = { 558b6c240885c975058d41015dc33bd1 } | |
| $a_5 = { 558bec833d4495530000568b3508da4d } | |
| $a_6 = { 558bcec6461000e859fdffff8b4e0880 } | |
| $a_7 = { 558bac24ac010000807d200056577407 } | |
| $a_8 = { 558bec83ec14a180a64d0033c58945fc } | |
| $a_9 = { 558bec68e4474c00ff1578224c0085c0 } | |
| $a_10 = { 558bec5151a180a64d0033c58945fca1 } | |
| $a_11 = { 558bec83ec105333db538d4df0e8dd25 } | |
| $a_12 = { 558b6c24105733ffc644241400897c24 } | |
| $a_13 = { 558bcfe889fcffff85c07406ebd08b7c } | |
| $a_14 = { 558bcfffd28b47048818016f048b4704 } | |
| $a_15 = { 558bec83ec10ff75088d4df0e80f19ff } | |
| $a_16 = { 558b6c2414885c2414391df43e53000f } | |
| $a_17 = { 558bec83e4f86aff6818e84b0064a100 } | |
| $a_18 = { 558b4c24308d0c8e894c242c3bf17352 } | |
| $a_19 = { 558bcfffd08b4c24188b570480cb8088 } | |
| $a_20 = { 558bec5de9960200008bff558bec8b45 } | |
| $a_21 = { 558bec8b4508a328e34d005dc38bff55 } | |
| $a_22 = { 558bec565733f6ff750cff7508e8fa9d } | |
| $a_23 = { 558b6c2438568bf18b0dfcc04d00ba01 } | |
| $a_24 = { 558bfbe86f0700008bc55f5e5d5b83c4 } | |
| $a_25 = { 558bec83ec10ff750c8d4df0e856efff } | |
| $a_26 = { 558b6c240c6a3a57e84c4c09008bd88b } | |
| $a_27 = { 558bec8b4508c7404cf8304c008b4d08 } | |
| $a_28 = { 558bec8b450883f8fe7518e8020e0000 } | |
| $a_29 = { 558b6c24088b55083bfa7e09b8feffff } | |
| $a_30 = { 558bec33c0668b4d08663b8848654c00 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Alcobot_81c45600d8171c9b529515d3c6c8a1ff99315817256832d7fbae324112780974 { | |
| strings: | |
| $a_2 = { 5589e551576a0068800000006a026a00 } | |
| $a_3 = { 5589e581ecdc0300005356578dbd9cfe } | |
| $a_4 = { 5589e581ec00040000578d7d1457ff75 } | |
| $a_5 = { 5589e583ec2053565731db8b75086a11 } | |
| $a_6 = { 5589e55657683f000f006a00ff7508e8 } | |
| $a_7 = { 5589e551ff75086a016a00e8587a0000 } | |
| $a_8 = { 5589e581ec7c010000535657c78538ff } | |
| $a_9 = { 5589e583ec2c57c745e810000000e83c } | |
| $a_10 = { 5589e5568b750883fe647c0531c040eb } | |
| $a_11 = { 5589e583ec345356578365d8008b7508 } | |
| $a_12 = { 5589e581ec0807000053565731db895d } | |
| $a_13 = { 5589e583ec0c535657e89564000050e8 } | |
| $a_14 = { 5589e55356578b750831ff89fbc1e307 } | |
| $a_15 = { 5589e5b850010100e8ba250000535657 } | |
| $a_16 = { 5589e5515768f7214400e85d73000089 } | |
| $a_17 = { 5589e581ec00020000578d7d1057ff75 } | |
| $a_18 = { 5589e581ec600800005356578b5d086a } | |
| $a_19 = { 5589e55356578b5d0868e517440053e8 } | |
| $a_20 = { 5589e583ec185356576a146a008d45e8 } | |
| $a_21 = { 5589e556578b7d0809ff745e83ff407d } | |
| $a_22 = { 5589e581eca0000000578b7d08688000 } | |
| $a_23 = { 5589e581ec5c040000576a008d45fc50 } | |
| $a_24 = { 5589e5b810150000e8c5610000535657 } | |
| $a_25 = { 5589e5578b7d0869c7900200008d1405 } | |
| $a_26 = { 5589e581ec1c0400005356578b5d1068 } | |
| $a_27 = { 5589e55156578b75086a006a018d45ff } | |
| $a_28 = { 5589e583ec145356578365fc0031db43 } | |
| $a_29 = { 5589e581ec840900005356578365fc00 } | |
| $a_30 = { 5589e55157e8b200000089c7803f2275 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Alcodor_f862ead5269c7964eff2eef137bdb8ff534c15a2c337736f0f6c659c7e3f251d { | |
| strings: | |
| $a_2 = { 558bec6aff682071400068f84f400064 } | |
| $a_3 = { 558bec83ec588b4508538b5d0c5633f6 } | |
| $a_4 = { 558bec6aff68e074400068f84f400064 } | |
| $a_5 = { 558bec51518b4510530fb6550c8b0856 } | |
| $a_6 = { 558bc18bf1c1f80583e61f8d3c8520eb } | |
| $a_7 = { 558bec83ec24535633db5733f68b7d0c } | |
| $a_8 = { 558bec0fb6450e0fb6550c8b4d088d84 } | |
| $a_9 = { 558bec83ec14a1f8ea40008b15fcea40 } | |
| $a_10 = { 558bec51833d24e6400000535657751d } | |
| $a_11 = { 558bec51515333db391d48fc40005657 } | |
| $a_12 = { 558bec6aff689874400068f84f400064 } | |
| $a_13 = { 558bec83ec34538bd9565780bbe11000 } | |
| $a_14 = { 558bec8b450885c075025dc3833d24e6 } | |
| $a_15 = { 558b2de4704000565733db33f633ff3b } | |
| $a_16 = { 558bec0fb6450f0fb6550d8b4d088d84 } | |
| $a_17 = { 558bec83ec1453565733db6a18895dfc } | |
| $a_18 = { 558bec83ec205356e8be1600008b5d10 } | |
| $a_19 = { 558bec5657ff7508e8bc0e00008bf08d } | |
| $a_20 = { 558bec81eca00100008d8560feffff57 } | |
| $a_21 = { 558bec535657556a006a0068184f4000 } | |
| $a_22 = { 558bec81ec60010000ff151c70400068 } | |
| $a_23 = { 558bec83ec1853568b750857bfff0000 } | |
| $a_24 = { 558bec81ecec03000053568b750857bf } | |
| $a_25 = { 558bec568bf1578b7d08807e03007412 } | |
| $a_26 = { 558bec83ec5453568bd933f68d45d857 } | |
| $a_27 = { 558bec51ff7508e8ec15000085c08945 } | |
| $a_28 = { 558bec83ec1c535657e8850100008bf0 } | |
| condition: | |
| 22 of them | |
| } | |
| rule BackdoorWin32Amitis_b4c2ffccfe807167860d70ea95cde0390f2dc4220992d272497ced04afb97edd { | |
| strings: | |
| $a_2 = { 558bec81c48cfeffff33d289958cfeff } | |
| $a_3 = { 558bec8b45088b40f4e8b20d0000a168 } | |
| $a_4 = { 558bec81c498feffff5333c9898d98fe } | |
| $a_5 = { 558bec83c4f4a118b84a00e8540affff } | |
| $a_6 = { 558bec51535684d2740883c4f0e83a99 } | |
| $a_7 = { 558bec6a006a005333c05568a9a74a00 } | |
| $a_8 = { 558bec33c055683b2d470064ff306489 } | |
| $a_9 = { 558bd6a110ec4a00e824320000e8532f } | |
| $a_10 = { 558bec33c055686d80490064ff306489 } | |
| $a_11 = { 558bec6a0053568bd833c05568e34a43 } | |
| $a_12 = { 558bec53568bf18bd866a180ed440066 } | |
| $a_13 = { 558bec83c4f053568955fc8bf033c089 } | |
| $a_14 = { 558bec51538bd868ffff00008bcaa160 } | |
| $a_15 = { 558bec53565733c05568b89c410064ff } | |
| $a_16 = { 558bec83c4f8e8fd6afaff8855fb8945 } | |
| $a_17 = { 558bec83c4f8538945fc8b45fce8feee } | |
| $a_18 = { 558bec83c4f853bb0cec4a00e847cffa } | |
| $a_19 = { 558bec33c05568dfa44a0064ff306489 } | |
| $a_20 = { 558bec33c055688cb1460064ff306489 } | |
| $a_21 = { 558bec51538bd86864ea4a00e8bb48fe } | |
| $a_22 = { 558bec83c4c88d45c850a16cb84a00e8 } | |
| $a_23 = { 558b45f88b40048bd6e8e8c4feffe81b } | |
| $a_24 = { 558bec83c4ec8955f88945fc8b45fce8 } | |
| $a_25 = { 558bec51538945fc8b45fce8fc90f8ff } | |
| $a_26 = { 558bec33c9515151515333c0556837d3 } | |
| $a_27 = { 558bec33c055685d79400064ff306489 } | |
| $a_28 = { 558bec83c4f48955f88945fca1e8e94a } | |
| $a_29 = { 558bd98bf28bf88bcb8bd68bc7e80f6d } | |
| $a_30 = { 558bec53568b5d088d430450e867aeff } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Ananlog_60b1984340119ce5d002ef877700be9e3cc621591e0d141fbfa7a69119da0281 { | |
| strings: | |
| $a_2 = { 558bd9dfc2a9e9a2b047e885d1f6f3c8 } | |
| $a_3 = { 558bec81c4f4fbffff5657536a00e804 } | |
| $a_4 = { 558bea332185b5b7c37fe1934c3ffb90 } | |
| $a_5 = { 558bec5657538b75088bfe8b5d108b4d } | |
| $a_6 = { 558bec83c4f86a0068800000006a026a } | |
| condition: | |
| 5 of them | |
| } | |
| rule BackdoorWin32Androm_b7af2c969947bbebb0851ca3277060d1aa22f1cc6d4d66e22141abc6f08826a1 { | |
| strings: | |
| $a_2 = { 558b1b2915acee7b8738035fb359a0ca } | |
| $a_3 = { 558bd11bdc015acefa75e05550400720 } | |
| $a_4 = { 558b851009c782cb6d38e9442f4a5080 } | |
| $a_5 = { 558ba89211194347b975e0c2aeccb305 } | |
| $a_6 = { 558b4c0edfa22b070f9d8a95a19691b0 } | |
| $a_7 = { 558bf0cdb4e7db4b589a867585078d2c } | |
| $a_8 = { 558bdba64c70c19a95ebd5d478d08d9b } | |
| $a_9 = { 558b9707c1bbf1d5de088dcb557b216f } | |
| condition: | |
| 7 of them | |
| } | |
| rule BackdoorWin32Antilam_ba13136405d3b64cef0594aaa89339434b582f41f8b4db48e20765c0320ba708 { | |
| strings: | |
| $a_2 = { 558bec33c05568c517450064ff306489 } | |
| $a_3 = { 558bec33c05568c1c9410064ff306489 } | |
| $a_4 = { 558bec538b550833db891a33d2e80600 } | |
| $a_5 = { 558bec6a00538bd833c0556829314300 } | |
| $a_6 = { 558bec535657a128b64500e8a4a7ffff } | |
| $a_7 = { 558bec83c4f853bbccb74500e85f27fc } | |
| $a_8 = { 558bec8b80800000008b55088950788b } | |
| $a_9 = { 558bec6a0033c05568c0b0400064ff30 } | |
| $a_10 = { 558bec8b80800000008b55088950708b } | |
| $a_11 = { 558bec833d24b7450000741a8b451450 } | |
| $a_12 = { 558bec83c4e453568bda8bf0c745fc04 } | |
| $a_13 = { 558bec83c4f85356578bda33c055680f } | |
| $a_14 = { 558bec5356578b7d10803de3b6450000 } | |
| $a_15 = { 558bec53803d2cb44500000f84cc0000 } | |
| $a_16 = { 558bec33c05568a2d2400064ff306489 } | |
| $a_17 = { 558bec83c4e45356578bf0a120b64500 } | |
| $a_18 = { 558bec51832dc4b7450001734fb83ca3 } | |
| $a_19 = { 558be868007f00006a00e8ee38fcff89 } | |
| $a_20 = { 558bec515356578bd833c0a330b44500 } | |
| $a_21 = { 558bec83c4f4b8cc864500e8e4dafaff } | |
| $a_22 = { 558bec538bd866833db4b5450012753a } | |
| $a_23 = { 558bec81c4d4fbffff5333c9898dd8fb } | |
| $a_24 = { 558bec51535684d2740883c4f0e8f6dd } | |
| $a_25 = { 558bec83c4f88955fc8945f855e832ff } | |
| $a_26 = { 558bec51535684d2740883c4f0e8720f } | |
| $a_27 = { 558bec6a006a0053568bf033c055681b } | |
| $a_28 = { 558bec33c0556814b7440064ff306489 } | |
| $a_29 = { 558bec51535684d2740883c4f0e8920a } | |
| $a_30 = { 558bec6a006a00568bf033c055681fed } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Ares_1a0e0215377d7173a479f3b54961687f71b1f1d8599f627c7d3a2b6b682187b7 { | |
| strings: | |
| $a_2 = { 558bec837d0c10750c6a00ff7508e855 } | |
| $a_3 = { 558bec837d0c10750c6a00ff7508e81f } | |
| $a_4 = { 558bec83c4b0c745d030000000c745d4 } | |
| $a_5 = { 558bec837d0c10750c6a00ff7508e894 } | |
| $a_6 = { 558bec837d0c10753bc605874e400030 } | |
| $a_7 = { 558bec837d0c10750c6a00ff7508e8d3 } | |
| $a_8 = { 558bec837d0c107511e8c21400006a00 } | |
| $a_9 = { 558bec837d0c10750c6a00ff7508e8d7 } | |
| condition: | |
| 7 of them | |
| } | |
| rule BackdoorWin32Assasin_c4e8e7b0d0a4f6d2e042d663766914c009358e3b498d85319dc527fa0d0e4d40 { | |
| strings: | |
| $a_2 = { 558bd9b3e860dfd8efc74304606a044f } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Atadommoc_7938f79d9a89b978a8d8f6ab2b5f0f6c2df1e742b57286a759d7d7e89ceb0c19 { | |
| strings: | |
| $a_2 = { 558bec83ec08837d1001751aa19cb140 } | |
| $a_3 = { 558bec51c745fc7c000000c745fc7c00 } | |
| $a_4 = { 558bec83ec088b45088945f88b4df889 } | |
| $a_5 = { 558bec8b4508c6000b5dc3cccccccccc } | |
| $a_6 = { 558bec83ec08c745fc00000000c70574 } | |
| $a_7 = { 558b8382ec5804d08a75dfb2bf57321c } | |
| $a_8 = { 558bec8b45088b40fc5dc3cccccccccc } | |
| $a_9 = { 558bec81ec50020000c785d4fdffff33 } | |
| $a_10 = { 558bec51c745fc040000008b45fc050c } | |
| $a_11 = { 558bec51c745fc2b020000c745fc2b02 } | |
| $a_12 = { 558bec83ec10c745f804000000c745fc } | |
| $a_13 = { 558b126c8a5e4ff2c203000000000000 } | |
| $a_14 = { 558bec81ec5c040000535657c785b0fb } | |
| $a_15 = { 558bec8b45088b4d080348048bc15dc3 } | |
| $a_16 = { 558bec81ec1c010000c785ecfeffff7c } | |
| $a_17 = { 558bec83ec088b45088378040074558b } | |
| $a_18 = { 558bec837d0c017508a184b140008945 } | |
| condition: | |
| 14 of them | |
| } | |
| rule BackdoorWin32Avosim_6e55e161dc9ace3076640a36ef4a8819bb85c6d5e88d8e852088478f79cf3b7c { | |
| strings: | |
| $a_2 = { 558beca1144042005685c07547394508 } | |
| $a_3 = { 558bec807d0800752756be4842420083 } | |
| $a_4 = { 558bec83ec20a10430420033c58945fc } | |
| $a_5 = { 558becb810140000e8097f0000a10430 } | |
| $a_6 = { 558beca1143d4200565783f8057c7c8b } | |
| $a_7 = { 558bec83ec18a10430420033c58945fc } | |
| $a_8 = { 558bec5151568bf1578b068b3857e858 } | |
| $a_9 = { 558beca11440420085c074106a00ff75 } | |
| $a_10 = { 558bec83ec10ff750c8d4df0e8bb01ff } | |
| $a_11 = { 558bec83ec446a448d45bc6a0050e850 } | |
| $a_12 = { 558bec566854b341006850b341006854 } | |
| $a_13 = { 558bec6b45083805803042005dc38bff } | |
| $a_14 = { 558bec51a10430420033c58945fc5668 } | |
| $a_15 = { 558becb818100000e8394e0100a10430 } | |
| $a_16 = { 558bec566880b34100687cb341006880 } | |
| $a_17 = { 558bec81ec98000000a10430420033c5 } | |
| $a_18 = { 558bec83ec1c8d4de453ff7510e8e153 } | |
| $a_19 = { 558bec51a10430420033c58945fc578b } | |
| $a_20 = { 558bec518b45088b0881f9a0c7410074 } | |
| $a_21 = { 558bec51568b750856e8982f00005985 } | |
| $a_22 = { 558bec83ec0cdd7dfcdbe2833d143d42 } | |
| $a_23 = { 558bec837d08007507c605043d420001 } | |
| $a_24 = { 558bec8b4508a30c4042005dc36a016a } | |
| $a_25 = { 558bec5151568b750885f67514e8bf6c } | |
| $a_26 = { 558bec5151a10430420033c58945fc83 } | |
| $a_27 = { 558bec83ec30a10430420033c58945fc } | |
| $a_28 = { 558bec568b750c8b063b052843420074 } | |
| $a_29 = { 558bec8b450883c02050ff15d0b04100 } | |
| $a_30 = { 558bec5de935020000566a02e81a9e00 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32AXO_40c9cd2b546a1175fbb5360e93cc0a799488b4b4daacc8fb0255d0123802073a { | |
| strings: | |
| $a_2 = { 558bec6a005333c05568feeffa4464ff } | |
| $a_3 = { 558bec51535684d2740883c4f0e87af3 } | |
| $a_4 = { 558bec6a0053565733c05568bf450245 } | |
| $a_5 = { 558bec51535684d2740883c4f0e8aa3d } | |
| $a_6 = { 558bec83c4f853bb587b0245e853fefb } | |
| $a_7 = { 558bec33c055685932004564ff306489 } | |
| $a_8 = { 558bec6a00538bd833c055685a08fb44 } | |
| $a_9 = { 558bec83c4f8535633c08945fca1f478 } | |
| $a_10 = { 558bec33c95151515133c05568bfc7fb } | |
| $a_11 = { 558bec6a00538bd833c05568c5d4fb44 } | |
| $a_12 = { 558bec33c05568d8b1fc4464ff306489 } | |
| $a_13 = { 558bec515356578945fc33c0556886f8 } | |
| $a_14 = { 558b45d4e862fbffff5984c0744ca118 } | |
| $a_15 = { 558bec33c0556881bafd4464ff306489 } | |
| $a_16 = { 558bec51538955fc8bd88b45fce88ec6 } | |
| $a_17 = { 558bec6a005356578bf833c05568849c } | |
| $a_18 = { 558bec33c05568cd03014564ff306489 } | |
| $a_19 = { 558bec33c05568f506014564ff306489 } | |
| $a_20 = { 558bec6a00538bd833c05568e7950145 } | |
| $a_21 = { 558b43045081c700bc00005755e8a1bc } | |
| $a_22 = { 558bec6a0033c055680e27fc4464ff30 } | |
| $a_23 = { 558bec6a00538bd833c055686588fd44 } | |
| $a_24 = { 558bec33c05568c924014564ff306489 } | |
| $a_25 = { 558bec515356578945fc833d74780245 } | |
| $a_26 = { 558bec6a00538bd88b4514e8e44cf8ff } | |
| $a_27 = { 558bec81c4a8f6ffff538945fc8b45fc } | |
| $a_28 = { 558bec83c4f85356578bd8803dc47502 } | |
| $a_29 = { 558bec33c05568b6c8fd4464ff306489 } | |
| $a_30 = { 558bec6a00538bd88b4514e8984df8ff } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Aybo_429fda1c1d2385b45ceefe83a5d36969e0656cdd29ade754598289c376fc7d97 { | |
| strings: | |
| $a_2 = { 558bec83c4e8538bd88d45e850e8d6be } | |
| $a_3 = { 558bec83c4f8538945fc8b45fce802e5 } | |
| $a_4 = { 558bec33c0556899f0400064ff306489 } | |
| $a_5 = { 558bec6a005333c05568f50f460064ff } | |
| $a_6 = { 558bec33c05568d9df420064ff306489 } | |
| $a_7 = { 558bec83c4f8535657bf386646008b47 } | |
| $a_8 = { 558bec83c4f88945fc8b45fce80beeff } | |
| $a_9 = { 558bec33c05568d300440064ff306489 } | |
| $a_10 = { 558bec33c05568d184400064ff306489 } | |
| $a_11 = { 558bec51535657894dfc8bfa8bf0e8e9 } | |
| $a_12 = { 558bec33c0556861f0400064ff306489 } | |
| $a_13 = { 558bec83c4ec538bd8803dc465460000 } | |
| $a_14 = { 558bec53568b45088b40fce864940000 } | |
| $a_15 = { 558bec5153568bf06a006a006a076800 } | |
| $a_16 = { 558bec6a00538bda33d25568a2ae4500 } | |
| $a_17 = { 558b45f88b40048bd6e80ca10100e81b } | |
| $a_18 = { 558bec833d106c460000740e8b450850 } | |
| $a_19 = { 558bec5666bed2ffe8ef6afbff5e5dc2 } | |
| $a_20 = { 558bec5153568bd88bc3e8bdebfaff8d } | |
| $a_21 = { 558bec83c49c5356578bd86a0ee88aea } | |
| $a_22 = { 558bec8b45088b400450e80d2100005d } | |
| $a_23 = { 558bec51535657894dfc8bfa8bf0e891 } | |
| $a_24 = { 558bea8bf08bc6e89992fdff8bf833db } | |
| $a_25 = { 558bec33c05568f50d430064ff306489 } | |
| $a_26 = { 558bec6a00538bd833c05568ea414100 } | |
| $a_27 = { 558bec538bd88bc3e8d7e8feff506a00 } | |
| $a_28 = { 558bec33c05568dd01410064ff306489 } | |
| $a_29 = { 558bec5331db89c1dd4508d88ba04146 } | |
| $a_30 = { 558beca1e46c4600e8abffffff33c055 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Babmote_13dd775879e41ce9541675d81909cf72368a952b912cd063e22025c20f5e1847 { | |
| strings: | |
| $a_2 = { 558bec81ec280000006808000000e8ff } | |
| $a_3 = { 558b6c240c56576aff8b45008bb59c01 } | |
| $a_4 = { 558bec83ec185356576a19e889350000 } | |
| $a_5 = { 558b6c247456578b45008b5d088b7504 } | |
| $a_6 = { 558b2d44d6490056578b7c24148bf157 } | |
| $a_7 = { 558bec83ec6053568bf1578975f8e854 } | |
| $a_8 = { 558bec81ec0c000000689c104a008b5d } | |
| $a_9 = { 558bec5333db391d1c444d005657750f } | |
| $a_10 = { 558bec81ec48000000c745fc00000000 } | |
| $a_11 = { 558bcee8ee62feff8b6c2414892f8b0b } | |
| $a_12 = { 558bec81ec100000006808000000e8a2 } | |
| $a_13 = { 558bec81ec200000006818000000e89b } | |
| $a_14 = { 558bec6aff68d89a4a0068ac2b480064 } | |
| $a_15 = { 558bcee86a5402005f5e5d5b83c41cc2 } | |
| $a_16 = { 558bcee817fdffff8b5e1c8bcee8cfba } | |
| $a_17 = { 558bec5151568bf1578b3d34d149008b } | |
| $a_18 = { 558bec5153568bf1578b4e688d86d800 } | |
| $a_19 = { 558bec81ec24000000c745fc00000000 } | |
| $a_20 = { 558bec81ec5c000000c745fc00000000 } | |
| $a_21 = { 558bcbe807ffffff5e5d5bc204008b4b } | |
| $a_22 = { 558bac24940100008b88c80100005657 } | |
| $a_23 = { 558bec6aff68b0b6490064a100000000 } | |
| $a_24 = { 558b6c240c56578b7c241c8b450481ff } | |
| $a_25 = { 558bec81ec0c000000837d08010f8c11 } | |
| $a_26 = { 558bc8ff929000000085c075953b7424 } | |
| $a_27 = { 558bec81ec28000000837d10000f8508 } | |
| $a_28 = { 558bcee83078ffff8b4c24248b542420 } | |
| $a_29 = { 558bec6aff6860a24a0068ac2b480064 } | |
| $a_30 = { 558bec81ec08000000685a164a008b5d } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Bafruz_611cb1f2b67293faebdedf0595fa7229ca1f23c25d8a1bcc0e4d2b1c579188da { | |
| strings: | |
| $a_2 = { 558bec81c4c4feffff535633c9898dc4 } | |
| $a_3 = { 558bec83c4f8535633c08945fca118a9 } | |
| $a_4 = { 558bec5356578bf98bf28bd8a0b02c45 } | |
| $a_5 = { 558bec33c055684179420064ff306489 } | |
| $a_6 = { 558becba4c414500a148804800e8defa } | |
| $a_7 = { 558bd6a114ab4800e84e330000e84d30 } | |
| $a_8 = { 558bec33c055689978420064ff306489 } | |
| $a_9 = { 558bec83c4f48955f88945fca144a848 } | |
| $a_10 = { 558becba50564500a148804800e8e2e5 } | |
| $a_11 = { 558bec81c434ffffff5356578bf18955 } | |
| $a_12 = { 558b45fce862e3feffe8f1feffff5988 } | |
| $a_13 = { 558bec53565784d2740883c4f0e8a6c5 } | |
| $a_14 = { 558bec6a0033d25568d9e3460064ff32 } | |
| $a_15 = { 558bec51538d5dfca13c7c48008b5508 } | |
| $a_16 = { 558bec33c055688759480064ff306489 } | |
| $a_17 = { 558bec83c4f0538bd88bc38b10ff1252 } | |
| $a_18 = { 558bec33c95151515133c05568dba741 } | |
| $a_19 = { 558bc3e87eabffff84c07426a1d89648 } | |
| $a_20 = { 558be833db668b7d0e668b750c662bf7 } | |
| $a_21 = { 558becbac0444500a148804800e86ef7 } | |
| $a_22 = { 558bec6a0033c05568fe89460064ff30 } | |
| $a_23 = { 558bec33c055685928410064ff306489 } | |
| $a_24 = { 558bec6a005333c055685b9f460064ff } | |
| $a_25 = { 558bec5153568bf28bd88bceb201a108 } | |
| $a_26 = { 558bec83c4f85356578945fca1407048 } | |
| $a_27 = { 558becba1c3f4500a148804800e816fd } | |
| $a_28 = { 558be8a114ab4800e8506a00008bf04e } | |
| $a_29 = { 558becba88514500a148804800e8a6ea } | |
| $a_30 = { 558becba505a4500a148804800e8dee1 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Bancodor_f29262f3a4a7bb2d3decc74703973ffe706334fa6a8b755d858ed42ffde0336e { | |
| strings: | |
| $a_2 = { 558bec33c055685d5e460064ff306489 } | |
| $a_3 = { 558bec515356578945fc33c05568f6ad } | |
| $a_4 = { 558bec33c0556875d9410064ff306489 } | |
| $a_5 = { 558bc3e8aeabffff84c07426a148c746 } | |
| $a_6 = { 558bec51538d5dfca178a946008b5508 } | |
| $a_7 = { 558bec535684d2740883c4f0e8afc8fe } | |
| $a_8 = { 558bec51535684d2740883c4f0e8d6ee } | |
| $a_9 = { 558b55f88b45fc8b4df4e866faffff59 } | |
| $a_10 = { 558bec53568bf28bd88b53708bc6e809 } | |
| $a_11 = { 558bec33c055682ae9450064ff306489 } | |
| $a_12 = { 558bec33c055681536460064ff306489 } | |
| $a_13 = { 558bec33c0556834b9440064ff306489 } | |
| $a_14 = { 558bec6a0053568bd833c055687b0043 } | |
| $a_15 = { 558bec518945fc8b45fce8cdaafdff8b } | |
| $a_16 = { 558b55f88b45fc8b4df4e835faffff59 } | |
| $a_17 = { 558bec83c4f433c08945f433c05568a3 } | |
| $a_18 = { 558b55f88b45fc8b4df4e8fafbffff59 } | |
| $a_19 = { 558bd38b8698010000e89492fdffe8cb } | |
| $a_20 = { 558bec6a006a00568bf033c0556817f3 } | |
| $a_21 = { 558bec515356578bf98bf28945fc6860 } | |
| $a_22 = { 558bd6a130dc4600e8a2320000e8d12f } | |
| $a_23 = { 558bec33c05568f687420064ff306489 } | |
| $a_24 = { 558bec6a005333c0556827ff450064ff } | |
| $a_25 = { 558bec53568b5d088d430450e877b2ff } | |
| $a_26 = { 558bec535657a1f4d94600e8787affff } | |
| $a_27 = { 558bec535657833d2cdc460000743c33 } | |
| $a_28 = { 558b43045081c700bc00005755e871b6 } | |
| $a_29 = { 558bec5356578b5d0833c0556882d041 } | |
| $a_30 = { 558bfa8bf033db8b06e81f5affff8bd0 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Bandok_7e395446d4b37c93adc2e24c6598db483874089db85a05cf971931137c0ec24a { | |
| strings: | |
| $a_2 = { 558bec6a0168e0631f13e83ffbffff83 } | |
| $a_3 = { 558bec6880e01e13ff15a8301513a36c } | |
| $a_4 = { 558bec6880e61e13e83ed6ffff83c404 } | |
| $a_5 = { 558bec51683057151368fcdd1613e87b } | |
| $a_6 = { 558bec81ec9401000053565768806d15 } | |
| $a_7 = { 558bec83ec0c8b451c8945f88b4d148b } | |
| $a_8 = { 558bec51685057151368fcdd1613e899 } | |
| $a_9 = { 558bec81ec60060000c745fcffffffff } | |
| $a_10 = { 558bec81ec440100008d85bcfeffff50 } | |
| $a_11 = { 558becb828bf0200e8098900006860ea } | |
| $a_12 = { 558bec516a646a00684ced1b13e8568e } | |
| $a_13 = { 558bec81ec2c0100006a006a02e81343 } | |
| $a_14 = { 558becb828bf0200e8d17f00006860ea } | |
| $a_15 = { 558bec83ec306854fd1a13ff15a03015 } | |
| $a_16 = { 558bec83ec086a006a0068407f1f136a } | |
| $a_17 = { 558becc605ca7d1f1301682059151368 } | |
| $a_18 = { 558bec81ec140100008b450c508d8df8 } | |
| $a_19 = { 558bec81ecd000000068b46c151368c8 } | |
| $a_20 = { 558bec81ec04020000c785fcfeffff00 } | |
| $a_21 = { 558bec83ec086a008d45f8506a00683f } | |
| $a_22 = { 558bec83ec188b451050e86c96000083 } | |
| $a_23 = { 558bec33c0a0ce7d1f1385c075186a00 } | |
| $a_24 = { 558bec68000100006a006800d91613e8 } | |
| $a_25 = { 558bec6880e11e13e8f766ffff83c404 } | |
| $a_26 = { 558bec83ec188b451083b88800000000 } | |
| $a_27 = { 558bec68a8d31e13e8b0d7ffff83c404 } | |
| $a_28 = { 558becc605cb7d1f1301686059151368 } | |
| $a_29 = { 558bec68bc6e15136844011f13e8250e } | |
| $a_30 = { 558bec33c0a0ce7d1f1383f801752668 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Banito_7e8050cf928fa8267b5e195db09fd43cd56d2135596ccb3b71cd18870bd1dd63 { | |
| strings: | |
| $a_2 = { 558bec33c055684192420064ff306489 } | |
| $a_3 = { 558bec6a00538bd833c05568e0ef4800 } | |
| $a_4 = { 558becff750cff7508ff15a09649005d } | |
| $a_5 = { 558bec33c055686924400064ff306489 } | |
| $a_6 = { 558bec51568bf06a208bcaa100274100 } | |
| $a_7 = { 558bec535684d2740883c4f0e87758fa } | |
| $a_8 = { 558bec33c055685401460064ff306489 } | |
| $a_9 = { 558bec6a005356578bd833c05568239a } | |
| $a_10 = { 558bf18bfa8bd8837e6400740aa1f88b } | |
| $a_11 = { 558bec538b5d083b1d447c4900744aa1 } | |
| $a_12 = { 558bec33c055682519470064ff306489 } | |
| $a_13 = { 558bf0bf10964900bd149649008b1d08 } | |
| $a_14 = { 558bec6a005356578bd833c055687f19 } | |
| $a_15 = { 558bec33c05568f346480064ff306489 } | |
| $a_16 = { 558be8a1089c4900e8ac6900008bf04e } | |
| $a_17 = { 558bea8bf08bd6b860904000e868ffff } | |
| $a_18 = { 558bec33c05568d518470064ff306489 } | |
| $a_19 = { 558bec53568bf28bd88b53708bc6e811 } | |
| $a_20 = { 558bec83c4f0b8fc5f4900e8c809f7ff } | |
| $a_21 = { 558bec53bb7898490033c05568fa0841 } | |
| $a_22 = { 558bec6a0033c055683e2e470064ff30 } | |
| $a_23 = { 558bec33c95151515133c055689cbb41 } | |
| $a_24 = { 558bec83c4d85356576a0ea148894900 } | |
| $a_25 = { 558bec6a0053568bd833c05568143949 } | |
| $a_26 = { 558bec6a00538bd833c055687f9d4800 } | |
| $a_27 = { 558becff7508e89efeffff85c074188b } | |
| $a_28 = { 558becb92e0000006a006a004975f951 } | |
| $a_29 = { 558bec33c055685d6c400064ff306489 } | |
| $a_30 = { 558bec81c404f0ffff5083c4d4535633 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Bdaejec_17a906fe3f13a602c4d0c3ec21f15086c18354af7e1ce1d657934cd5e2002e45 { | |
| strings: | |
| $a_2 = { 558b08e9b9a8019030ebdd7ba028de42 } | |
| $a_3 = { 558b678b7c7ac6e077e7df36783c45de } | |
| $a_4 = { 558b8001e67b1c79f03835c59462adb0 } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorWin32Beastdoor_39b1878ad637d4606870e7025a64db56f32aa9c383f74c1172a7059f9fbd8fb7 { | |
| strings: | |
| $a_2 = { 558b4917cc1ab93c5b6c30a8d9a9d3b9 } | |
| $a_3 = { 558b3221af017821c5040dd4b643f994 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Bedep_e7f8018121c96addda245a13547fb1614b11393684fb6ec1ee687966781bebb2 { | |
| strings: | |
| $a_2 = { 558bec83ec348b0d7c6c011081e945ac } | |
| $a_3 = { 558bec83ec208b15786c011081eabd7a } | |
| $a_4 = { 558b1c6929c94d4fea4b46491bd33072 } | |
| $a_5 = { 558bec83ec408b157c6c011081eaf67d } | |
| $a_6 = { 558bec83ec18a17c6c01102d08f88fe4 } | |
| $a_7 = { 558bec83ec188b0d786c011081e9f024 } | |
| $a_8 = { 558bd016487d006554274c506a732f06 } | |
| $a_9 = { 558bec83ec708b0d786c011081e91c89 } | |
| $a_10 = { 558bec81ec2c020000a17c6c01102d8d } | |
| $a_11 = { 558bec83ec208b0d786c011081e9acb3 } | |
| $a_12 = { 558bec83ec30c745f8c57f58520fb745 } | |
| $a_13 = { 558bec83ec2ca1786c01102d624733dc } | |
| $a_14 = { 558bec83ec248b15786c011081ead137 } | |
| $a_15 = { 558bec83ec2cb8a8b34e5a8945fc8b0d } | |
| $a_16 = { 558bec83ec288b0d7c6c011081e9e900 } | |
| $a_17 = { 558bec83ec30b92f009f32894df866c7 } | |
| $a_18 = { 558bec81ec5c0200008b0d786c011081 } | |
| $a_19 = { 558bec83ec2c51b80a8f170b8945e866 } | |
| $a_20 = { 558bec83ec208b0d7c6c011081e9b702 } | |
| $a_21 = { 558bec83ec30b9845339fe894df88b55 } | |
| $a_22 = { 558bec83ec2c8b0d7c6c011081e94776 } | |
| $a_23 = { 558becff751c59ff75145cff75185dff } | |
| $a_24 = { 558bec83ec30a1786c01102d0922647f } | |
| $a_25 = { 558bec83ec188b0d7c6c011081e97140 } | |
| $a_26 = { 558bec83ec1c8b0d786c011081e959f1 } | |
| $a_27 = { 558bec83ec3ca1786c01102d38745221 } | |
| $a_28 = { 558bec83ec208b157c6c011081ea62df } | |
| $a_29 = { 558bec83ec1c8b0d7c6c011081e99707 } | |
| $a_30 = { 558bec83ec74a17c6c01102d9f1b95ce } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Begman_3cb14e505e07e5365f2e4a4ea5073f257a2b60934572a825bd66f9dbd3639d9b { | |
| strings: | |
| $a_2 = { 558becff7508e8a1fdffff5dc2040090 } | |
| $a_3 = { 558bec33c055682f27141364ff306489 } | |
| $a_4 = { 558bec33c055681b98141364ff306489 } | |
| $a_5 = { 558bec33c05568cc54141364ff306489 } | |
| $a_6 = { 558b191991c3fdec9c43302d7e2c66d7 } | |
| $a_7 = { 558bec33c055682180141364ff306489 } | |
| $a_8 = { 558bec83c4c4b824981413e86090ffff } | |
| $a_9 = { 558bb7bbb3198d8feb2d8e6229d0cc14 } | |
| $a_10 = { 558bec33c05568312a141364ff306489 } | |
| $a_11 = { 558b6a0883c105e88effffffffd15d5f } | |
| $a_12 = { 558bec33c05568d889141364ff306489 } | |
| $a_13 = { 558bec33c055688929141364ff306489 } | |
| $a_14 = { 558bec83c4e88d45e850e8f1fdffff0f } | |
| $a_15 = { 558bec83c4f853568b75108b5d0c2b5d } | |
| $a_16 = { 558bec53568bf28a108bd9c1eb0832d3 } | |
| $a_17 = { 558bec52508b450850516a006a00e825 } | |
| $a_18 = { 558bec33c055685129141364ff306489 } | |
| $a_19 = { 558bec33c05568c397141364ff306489 } | |
| condition: | |
| 15 of them | |
| } | |
| rule BackdoorWin32Beksnoc_be71a98f673d21f75756f23ea893131f4c740d69b8515dbd9a793b700059f305 { | |
| strings: | |
| $a_2 = { 558bec83ec4068001507f168001915b3 } | |
| $a_3 = { 558bec83ec386a3f6a4068000d2ed168 } | |
| $a_4 = { 558bec83ec3868008af48b68006e1f93 } | |
| $a_5 = { 558bec83ec3833d2b81c0000008955e8 } | |
| $a_6 = { 558bec83ec346a436abfe81e01000083 } | |
| $a_7 = { 558bec83ec3c6800720c0ce829140000 } | |
| $a_8 = { 558bec83ec40e8a90d000068001d0631 } | |
| $a_9 = { 558bec83ec50b969000000894dd86aad } | |
| $a_10 = { 558bec83ec3c6a3fe8e909000083c404 } | |
| $a_11 = { 558bec83ec386ab56800114f7c6800a7 } | |
| $a_12 = { 558b45e883f91e754d3175e82bd32955 } | |
| $a_13 = { 558b3f6b478c786e11dd7b7377900385 } | |
| $a_14 = { 558bec83ec3833c0b96f0000006ab0e8 } | |
| $a_15 = { 558bec83ec18b8250000008b156c2041 } | |
| condition: | |
| 12 of them | |
| } | |
| rule BackdoorWin32Berbew_0bf049ee62df1298fdbef1a6b2fa9fe0b75c3edf1076a9da839b0c93e16c0db8 { | |
| strings: | |
| $a_2 = { 558bec81ec04010000b86c0000008985 } | |
| $a_3 = { 558b32e521f103dc8350d1d31f5b03ff } | |
| $a_4 = { 558b66e723f103dc5d0bf2de9e0e201a } | |
| $a_5 = { 558b4ae521f103dc57b342e521f189a7 } | |
| $a_6 = { 558bec83ec50b8540000008945d0538b } | |
| $a_7 = { 558b3ae522f103d9518b6ae522f1dabb } | |
| $a_8 = { 558b06e522f103d9578b2ae522f1da91 } | |
| $a_9 = { 558b22f723f103c2edd603d934db861a } | |
| $a_10 = { 558bec81ec980000008b0d6860400089 } | |
| $a_11 = { 558bec83ec3cb971000000894de4538b } | |
| $a_12 = { 558b45d40fbe0885c975158b55dc8b45 } | |
| $a_13 = { 558bfee723f175af7cf375e5340bb21a } | |
| $a_14 = { 558b6ae723f1019f3cf375e555c9e018 } | |
| $a_15 = { 558b2ef423f183daa81adaf24a1f8a1a } | |
| $a_16 = { 558bec83ec30ba840000008955d85383 } | |
| $a_17 = { 558bec83ec44b8aa00000083e8f18945 } | |
| $a_18 = { 558b56ed23f1613c578b56ed23f10aa6 } | |
| $a_19 = { 558bec83ec30c745fcbf000000837d08 } | |
| $a_20 = { 558b4ae521f103dc344bc81adcb7801a } | |
| $a_21 = { 558bec83ec68b8de0000008945ac5305 } | |
| $a_22 = { 558b76e423f103dc5dc8c209dc0ee280 } | |
| $a_23 = { 558bec83ec34ba2aab00008955d8538b } | |
| $a_24 = { 558b4ae521f103dc34fbb71adcb7801a } | |
| $a_25 = { 558b52e522f103d95dfde10bdc0ee2e5 } | |
| $a_26 = { 558b7d9c03c03b0568604000744883fe } | |
| $a_27 = { 558bec83ec588b450c8945ecc745e423 } | |
| $a_28 = { 558bec83ec2cb8de0000008945f85383 } | |
| $a_29 = { 558bec83ec2cc745fc8c0000008b45fc } | |
| $a_30 = { 558bec83ec64b8e10000008945fc538b } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Bergat_9e7e1a2a2b804c163c83ebaace5c680db7c3ad2c65c0cb446017eeabb01e0824 { | |
| strings: | |
| $a_2 = { 558bec83ec08687615400064a1000000 } | |
| $a_3 = { 558bba1783cb74cb889356c69b9ceac9 } | |
| $a_4 = { 558b84134fe2a17c74bc988d4d9bcd65 } | |
| $a_5 = { 558b6ff9527bce0e2fc8468be44cbdab } | |
| $a_6 = { 558bec83ec0c687615400064a1000000 } | |
| condition: | |
| 5 of them | |
| } | |
| rule BackdoorWin32Bezigate_4db0ea8d376417e7be02792907d8c24f0676358adf68d77ce69b89cd85bec63b { | |
| strings: | |
| $a_2 = { 558bec33c05568dd40400064ff306489 } | |
| $a_3 = { 558bec33c055681146400064ff306489 } | |
| $a_4 = { 558bec33c055689d70400064ff306489 } | |
| $a_5 = { 558bec33c055680967400064ff306489 } | |
| $a_6 = { 558bec83c4f453c645ff0068dc2a4000 } | |
| $a_7 = { 558bec33c055689516400064ff306489 } | |
| $a_8 = { 558bec83c4e05356578b7d0c8b5d0833 } | |
| $a_9 = { 558bec33c055685516400064ff306489 } | |
| $a_10 = { 558bec33c055686515400064ff306489 } | |
| $a_11 = { 558bec33c05568c95f400064ff306489 } | |
| $a_12 = { 558bec518b45088b008b550c8d44d078 } | |
| $a_13 = { 558bec33c05568fd2c400064ff306489 } | |
| $a_14 = { 558bec33c055686542400064ff306489 } | |
| $a_15 = { 558bec33c055683563400064ff306489 } | |
| $a_16 = { 558b1d6c8040008b35c48040008b3de8 } | |
| $a_17 = { 558bec83c4b053568bd833c08945fc68 } | |
| $a_18 = { 558bec33c055681521400064ff306489 } | |
| $a_19 = { 558bec83c4f8e839bfffff8945f8837d } | |
| $a_20 = { 558bec83c4f45356578b5d108d7df48b } | |
| $a_21 = { 558bec33c055681969400064ff306489 } | |
| $a_22 = { 558bec33c055681966400064ff306489 } | |
| $a_23 = { 558bec83c4f85356578d7dfc8b45088b } | |
| $a_24 = { 558bec81c458faffff538b5d0885db75 } | |
| $a_25 = { 558bec5356578bf98bf28bd8e883fcff } | |
| $a_26 = { 558bec83c4f0b810714000e8dc9effff } | |
| $a_27 = { 558bec33c055680771400064ff306489 } | |
| $a_28 = { 558bec33c05568ed15400064ff306489 } | |
| $a_29 = { 558bec33c05568bd62400064ff306489 } | |
| $a_30 = { 558bec53568bf28bd833c08a45083d8d } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Bezigate_facffb96005a78c6a570f04693ce7f2d9712fd7e433856eeee0c035641b46ccb { | |
| strings: | |
| $a_2 = { 558bec83ec0c680615400064a1000000 } | |
| $a_3 = { 558bec83ec14680615400064a1000000 } | |
| $a_4 = { 558bec83ec18680615400064a1000000 } | |
| $a_5 = { 558bec6a1858e8e890f0ff668b450c66 } | |
| condition: | |
| 4 of them | |
| } | |
| rule BackdoorWin32Bifrose_26d8703bad3949ca1417c81612705ca9decf9d6fd32b22acc0c4b187f7d69d25 { | |
| strings: | |
| $a_2 = { 558bec33c05568591c400064ff306489 } | |
| $a_3 = { 558bec33c055683b24400064ff306489 } | |
| $a_4 = { 558b6a0883c105e8aeffffffffd15d5f } | |
| $a_5 = { 558bec33c05568b71a400064ff306489 } | |
| $a_6 = { 558bec83c4f88945fc8b45fce8abf9ff } | |
| $a_7 = { 558b6a4afb04d57b6ea72a2c78b33a4f } | |
| $a_8 = { 558b8e97fa5eeb1688614632643fd34c } | |
| $a_9 = { 558b552d3a6d871d6921baaf93457001 } | |
| $a_10 = { 558bf98bea8bf0b8e81340003b051830 } | |
| $a_11 = { 558bec33c05568211d400064ff306489 } | |
| $a_12 = { 558bec33c05568911c400064ff306489 } | |
| $a_13 = { 558bec33c05568611d400064ff306489 } | |
| $a_14 = { 558bec83c4ec33c08945ecb844244000 } | |
| $a_15 = { 558b9501dfd90654979cc06a338d09f8 } | |
| $a_16 = { 558b3578d0711d32f8bd27b10ee8477d } | |
| condition: | |
| 13 of them | |
| } | |
| rule BackdoorWin32Bifrose_704fec3efc202aaf8a649ca660f58b99ec793a7fa0a48bd79eda005551e44d1a { | |
| strings: | |
| $a_2 = { 558bd2e18419ffb6b37680c0097e6b0d } | |
| $a_3 = { 558bec83c85456ec75fbe7ab10d3fab7 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Binanen_a324f787c893b8a52639d9ff5dd73de05f184804507f79dce4428db3143857ff { | |
| strings: | |
| $a_2 = { 558b94796fb4fb20e04400c01b878cfb } | |
| $a_3 = { 558bd039608b24ae6444500584703fb7 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Bisar_c895678770d4839b702c0963cae3b5d8d010c9455be01b655fd54e69016306dc { | |
| strings: | |
| $a_2 = { 558bec83ec185333db395838750f6a02 } | |
| $a_3 = { 558bec8b45080bc0740e6681384a4375 } | |
| $a_4 = { 558becb88001000081ecb00200003945 } | |
| $a_5 = { 558bec515657e881f6ffffe9ff7508ff } | |
| $a_6 = { 558bec5151538b5d10568bf1578b7e04 } | |
| $a_7 = { 558bec83ec0c837d08025673138b450c } | |
| $a_8 = { 558b16035604ff45fc8b45088b4dfc83 } | |
| $a_9 = { 558bec81ec38030000535657e81af6ff } | |
| $a_10 = { 558bec83ec105356578b7d088b473c8d } | |
| $a_11 = { 558bec83c4f4fc5357568b7424208b7c } | |
| $a_12 = { 558bec518b4d148bc12b45108945fc74 } | |
| $a_13 = { 558bec51e8a3ffffffe98b450885c074 } | |
| $a_14 = { 558bec81ec90080000e8a7040000e983 } | |
| $a_15 = { 558bec81ec18020000535657e8c5feff } | |
| condition: | |
| 12 of them | |
| } | |
| rule BackdoorWin32Bits_78b775564657f01745f5861c395817726b3c3a1f63c00668bdbd7210b8e79a43 { | |
| strings: | |
| $a_2 = { 558bec6aff680881b140d00864a15064 } | |
| $a_3 = { 558b72615860411c501850453b1b2d51 } | |
| $a_4 = { 558bec83c4fc461c98bd5b81ebe7138b } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorWin32Bittaru_5fe75b35ef4db4a057c59eebf62844bda4c334576f12d89ae6359eadff1c1fff { | |
| strings: | |
| $a_2 = { 558bec83c4f8ff7508e8c60400008945 } | |
| $a_3 = { 558bec81c4ecddffff68002000008d85 } | |
| $a_4 = { 558bec81c4ecfeffff681a51400068ba } | |
| $a_5 = { 558bec81c4c8feffff683951400068c7 } | |
| $a_6 = { 558bec83c4dc60687751400068ba5040 } | |
| condition: | |
| 5 of them | |
| } | |
| rule BackdoorWin32BlackAngel_ee0b16b04e0ceee4a770e93a8734b9bd52062fe50ae3506762e94204e15ec02d { | |
| strings: | |
| $a_2 = { 558b3a54893a5286394e83384b80374b } | |
| $a_3 = { 558b0c84279e5d51d6c3111b288d95ec } | |
| $a_4 = { 558b512b43783aa99b70194238fc5981 } | |
| $a_5 = { 558b8448c4a9e6b0e6349189452c0e68 } | |
| $a_6 = { 558bec83ec0c684464a1f6ff3b4f2964 } | |
| $a_7 = { 558b9d5936f430807d81d126f017b4b5 } | |
| $a_8 = { 558bc0568ec2598ec35c8fc45e8cc260 } | |
| $a_9 = { 558b653a53873c54883d558a3d568b3f } | |
| $a_10 = { 558bce8493a688542a21e7211a616562 } | |
| $a_11 = { 558bf4ea202c184c55f7b1d6d2562f77 } | |
| $a_12 = { 558b4b5d60a2a388b886f0df12ada594 } | |
| $a_13 = { 558b1c084b88758f129d81dd80154076 } | |
| $a_14 = { 558b3fac010d6969795ec208698d7969 } | |
| condition: | |
| 11 of them | |
| } | |
| rule BackdoorWin32Blackhole_92f36bcc35a1cf2bfbf8d5f918fc22f4e35709be2ed1f049cc7e8f8e595a80dd { | |
| strings: | |
| $a_2 = { 558bec83c4f8538bd8c645ff01683f00 } | |
| $a_3 = { 558bec6a005333d255682dc8420064ff } | |
| $a_4 = { 558bec83c4f8e829e3feff8855fb8945 } | |
| $a_5 = { 558bec6a0033c05568674c440064ff30 } | |
| $a_6 = { 558bec33c05568f165400064ff306489 } | |
| $a_7 = { 558b45f4e8f2feffff595f5e5b8be55d } | |
| $a_8 = { 558bec53568bda8bf033c05568ac7043 } | |
| $a_9 = { 558beca1a0f3440050a1002f450050e8 } | |
| $a_10 = { 558bec83c4e0535633d28955fc8bd88d } | |
| $a_11 = { 558becff7508e89dfdffff5dc2040090 } | |
| $a_12 = { 558bec33c055685d10410064ff306489 } | |
| $a_13 = { 558bec33c05568452b410064ff306489 } | |
| $a_14 = { 558bec33c055684875430064ff306489 } | |
| $a_15 = { 558bec81c438ffffff5356578bf98955 } | |
| $a_16 = { 558bec33c05568bdfe420064ff306489 } | |
| $a_17 = { 558bec51568bf06a208bcaa15c654100 } | |
| $a_18 = { 558bec51535657894dfc8bfa8bf0e895 } | |
| $a_19 = { 558bec51535657894dfc8bf28bf88b47 } | |
| $a_20 = { 558bec33c05568e5de420064ff306489 } | |
| $a_21 = { 558bec33c0556849cb420064ff306489 } | |
| $a_22 = { 558bec33c05568f97e400064ff306489 } | |
| $a_23 = { 558bec81c4e8fbffff5356578955fc8b } | |
| $a_24 = { 558bec515356578bd833c0a3c0054500 } | |
| $a_25 = { 558bec5333db8b450c83e810743a2d00 } | |
| $a_26 = { 558bec33c055688930420064ff306489 } | |
| $a_27 = { 558bec8b55088b450c8b4d10e8bbe4fd } | |
| $a_28 = { 558bec33c055681165430064ff306489 } | |
| $a_29 = { 558bec535657a18c2a4500e84cd3ffff } | |
| $a_30 = { 558bce2bcb418bd38bc7e8602effff5d } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Blazgel_6808ab8983caf53ff9e0a9c98395f2a6ec4885e1c656992dbc612dbfc83c7c1e { | |
| strings: | |
| $a_2 = { 558b2d5040400033f6a1a85340006880 } | |
| $a_3 = { 558bec83ec4456ff15784040008bf08a } | |
| $a_4 = { 558bac24ec020000565785ed75228b94 } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorWin32Blohi_8763f6e16954c27cffdb506e00385990ea5dd3baa6e7adde797228be20346d58 { | |
| strings: | |
| $a_2 = { 558b157c49e0ce38a25138ff008308a8 } | |
| $a_3 = { 558bec83ec0868762c400064a1000000 } | |
| $a_4 = { 558bec83ec1468762c400064a1000000 } | |
| $a_5 = { 558b638b46b4b8ca6f5810a47b481032 } | |
| $a_6 = { 558b6c2430396c241c75298b54241852 } | |
| $a_7 = { 558bec83ec1868762c400064a1000000 } | |
| $a_8 = { 558bf81e550b49f03b29538587dac5d3 } | |
| $a_9 = { 558bec83ec0c68762c400064a1000000 } | |
| $a_10 = { 558b45ac66833801754c8b4dd46bc910 } | |
| $a_11 = { 558b157c4a1e9e93d96d7887044a5438 } | |
| $a_12 = { 558b157c5be99701f4b9af3a12ea2f6b } | |
| $a_13 = { 558b2300c92253d52b2221c58e2a4a9d } | |
| $a_14 = { 558b157c45508537d895e030e2254f04 } | |
| condition: | |
| 11 of them | |
| } | |
| rule BackdoorWin32Blohi_b86ef1da08b710976c0484efb60aef477e7c2075471b682777dbcf3718ebb923 { | |
| strings: | |
| $a_2 = { 558b638b46b4b8ca6f5810a47b481032 } | |
| $a_3 = { 558bf81e550b49f03b29538587dac5d3 } | |
| $a_4 = { 558b30feffff1c8a2f3b2afbaa2dfbbc } | |
| $a_5 = { 558b157c4a3293d96d7887044a54383a } | |
| $a_6 = { 558b2300c92253d52b2221c58e2a4a9d } | |
| $a_7 = { 558b57f004d11ab35b689a889a75073a } | |
| $a_8 = { 558bec83ec0c68de008f411464a1e950 } | |
| condition: | |
| 6 of them | |
| } | |
| rule BackdoorWin32BlueFire_4dc88bd5cda55023de0a75a91be0104d5697314968c2d2e5ce59325c7d16dc50 { | |
| strings: | |
| $a_2 = { 558bec81c450ffffff33c9898d50ffff } | |
| $a_3 = { 558bec83c4f88955f88945fcb2018b45 } | |
| $a_4 = { 558bec33c055683d1a420064ff306489 } | |
| $a_5 = { 558bec83c4f48945fcb8010000008b55 } | |
| $a_6 = { 558bec33c0556887b9470064ff306489 } | |
| $a_7 = { 558bec81c4f4fbffff535657668955fa } | |
| $a_8 = { 558bec83c4f88945fc8b45fc8b403080 } | |
| $a_9 = { 558bc7e837ddffff50e875cefeff83c4 } | |
| $a_10 = { 558bec83c4d05333d28955d08955fc89 } | |
| $a_11 = { 558bec5356578b5d0833c055681d4741 } | |
| $a_12 = { 558bec518945fc8b45fc8b00e8afc5fa } | |
| $a_13 = { 558bec6a00535633c05568ada5400064 } | |
| $a_14 = { 558bec83c4f484d2740883c4f0e8f2c6 } | |
| $a_15 = { 558bf18bfa8bd8837e5800740aa1e8d7 } | |
| $a_16 = { 558bec51538bda8945fc8bc38b1514dd } | |
| $a_17 = { 558bec83c4f45657894df48955f88945 } | |
| $a_18 = { 558bec83c4f88955f88945fc8b45fc66 } | |
| $a_19 = { 558bec51538bd86a008bcaa1d0e24000 } | |
| $a_20 = { 558b065053576a006a00e876caffff81 } | |
| $a_21 = { 558bec6a005633c0556857a6400064ff } | |
| $a_22 = { 558bec33c055682b45470064ff306489 } | |
| $a_23 = { 558bec83c4e0538945fc8b45fc83b850 } | |
| $a_24 = { 558bec83c4f453668955fa8945fc8b45 } | |
| $a_25 = { 558bce2bcb418bd38bc7e8f0bdffff5d } | |
| $a_26 = { 558bec83c4f88945fc833d90e8470000 } | |
| $a_27 = { 558bec83c4e45356578bf0a120e64700 } | |
| $a_28 = { 558bec83c4f4538bd852e8c1a8ffff89 } | |
| $a_29 = { 558b342485f6742f8bc666bbdbffe878 } | |
| $a_30 = { 558bec33c0556871e3410064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Boomie_b57dc72f89d3066b4d042f043ebd110248aa3b2041c1a1636be5304088850431 { | |
| strings: | |
| $a_2 = { 558bec51515333db391dc89d40005657 } | |
| $a_3 = { 558bec6aff68c0614000684c27400064 } | |
| $a_4 = { 558bec6aff68b0614000684c27400064 } | |
| $a_5 = { 558bec51833d3c9a40000053751d8b45 } | |
| $a_6 = { 558becb82c120000e8c91000008d8568 } | |
| $a_7 = { 558bec51568b750885f6745aa1ac9c40 } | |
| $a_8 = { 558bec6aff6880614000684c27400064 } | |
| $a_9 = { 558bec6aff6808654000684c27400064 } | |
| $a_10 = { 558bec6aff6850654000684c27400064 } | |
| $a_11 = { 558bec6aff68d0614000684c27400064 } | |
| $a_12 = { 558bec6aff6870614000684c27400064 } | |
| $a_13 = { 558bec6aff6860614000684c27400064 } | |
| $a_14 = { 558bec6aff68a0614000684c27400064 } | |
| $a_15 = { 558bec535657556a006a00686c264000 } | |
| $a_16 = { 558bec515153568b3540974000578b56 } | |
| $a_17 = { 558b2dd8604000565733db33f633ff3b } | |
| $a_18 = { 558bec6aff6890614000684c27400064 } | |
| $a_19 = { 558bec5153568b352477400057837e10 } | |
| $a_20 = { 558bec6aff6850614000684c27400064 } | |
| $a_21 = { 558bec6aff6840614000684c27400064 } | |
| $a_22 = { 558bec83ec14a1709a40008b15749a40 } | |
| condition: | |
| 18 of them | |
| } | |
| rule BackdoorWin32Botgor_2a315bf70748c1c4fb2c0bc9253ec3e0262ce2ea83c85998849abc9fc2f695c4 { | |
| strings: | |
| $a_2 = { 558bec83ec3c8b4508837804007509c7 } | |
| $a_3 = { 558bec83ec60894da08b45a08b480489 } | |
| $a_4 = { 558bec83ec145657894dec8b45ec8b48 } | |
| $a_5 = { 558bec81ec340800005657e840ffffff } | |
| $a_6 = { 558bec83ec245657894de08b45088a08 } | |
| $a_7 = { 558bec83ec34894dcc8b45cc83c06489 } | |
| $a_8 = { 558bec83ec18894de88b45e88945f08b } | |
| $a_9 = { 558bec83ec0c894df8eb128b450c83e8 } | |
| $a_10 = { 558bec83ec44894dbc8b45bc8b480c89 } | |
| $a_11 = { 558bec51894dfceb128b450c83e80189 } | |
| $a_12 = { 558bec81ec0404000053565733c085c0 } | |
| $a_13 = { 558bec83ec1c894de48b45088a088b55 } | |
| $a_14 = { 558bec51894dfc8b4dfce801b1ffff8b } | |
| $a_15 = { 558bec83ec0c894dfc8b450c83780400 } | |
| $a_16 = { 558bec8b4508c1e81d8b0485bc154000 } | |
| $a_17 = { 558bec83ec14894dec8b45ec8b088379 } | |
| $a_18 = { 558bec83ec1c894de48b45088945fceb } | |
| $a_19 = { 558bec6aff687207410064a100000000 } | |
| $a_20 = { 558bec83ec705657eb098b450883c010 } | |
| $a_21 = { 558bec83ec0c894df8eb128b451083c0 } | |
| $a_22 = { 558bec6aff689e06410064a100000000 } | |
| $a_23 = { 558bec83ec0c5657894df8eb128b450c } | |
| $a_24 = { 558bec83ec48894dc88b45c88b480489 } | |
| $a_25 = { 558bec83ec7c894d988b45988b48048b } | |
| $a_26 = { 558bec83ec50894db08b45088a088b55 } | |
| $a_27 = { 558bec8b4508c1e81025ffff000025ff } | |
| $a_28 = { 558bec6aff689107410064a100000000 } | |
| $a_29 = { 558bec51894dfceb098b450883c00489 } | |
| $a_30 = { 558bec81ec7803000053565768901540 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Brabot_f78164feac66648e217952c2b2e99bc6e1d21b7b292a680065b16d20c2e24a33 { | |
| strings: | |
| $a_2 = { 558bec81ec900100005657e808f9ffff } | |
| $a_3 = { 558bec81ec88010000837d0c00535657 } | |
| $a_4 = { 558bec53ff750ae8727800008b4d208b } | |
| $a_5 = { 558bec81ec80000000535733ff33db39 } | |
| $a_6 = { 558bec515156be182018225756ff15c8 } | |
| $a_7 = { 558bec83ec0c53568b750c8bd985f67d } | |
| $a_8 = { 558bec538b1da8101722568b7510ff75 } | |
| $a_9 = { 558bec515156578d79508bcfe80fc5ff } | |
| $a_10 = { 558b6c240c568bf1578bfd8d5e048bcb } | |
| $a_11 = { 558bec515153568b750c33db57538b06 } | |
| $a_12 = { 558bec81ec8c01000053568b75085733 } | |
| $a_13 = { 558bec83ec08684615400064a1000000 } | |
| $a_14 = { 558bec8b450856578b484885c9752c83 } | |
| $a_15 = { 558bec81ec1c020000c745fc00000000 } | |
| $a_16 = { 558bec83ec28c745e00000000066c745 } | |
| $a_17 = { 558bec81ec4c0200005766c785f8fdff } | |
| $a_18 = { 558bec83ec18668b4510668945f4c745 } | |
| $a_19 = { 558beca19ca0400083c04050ff1590a0 } | |
| $a_20 = { 558bec8b450c2d100100007420487517 } | |
| $a_21 = { 558b6c240c568b74240c578bd18b063d } | |
| $a_22 = { 558bec518b4508563b414c5775508d71 } | |
| $a_23 = { 558bec83ec18535657ff7508ff15c012 } | |
| $a_24 = { 558bec83ec20535657be6c6917228d7d } | |
| $a_25 = { 558bec8b450c2d130100000f84784600 } | |
| $a_26 = { 558b860801000085c0755aff35302018 } | |
| $a_27 = { 558bec538b5d0c56be18201822832300 } | |
| $a_28 = { 558bec51a19ca0400083c02039450875 } | |
| $a_29 = { 558bec81ecdc07000057a19ca0400083 } | |
| $a_30 = { 558bec81ec04010000ff750c8d85fcfe } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Buhtrap_ceefcc4db696c0dfc87c983388e2be66ed782e9c9eb259651cb174a40985cfdf { | |
| strings: | |
| $a_2 = { 558bec33c05568715d410064ff306489 } | |
| $a_3 = { 558bec53803dc4954100000f84cc0000 } | |
| $a_4 = { 558bec515356578bf28bd8803dc49541 } | |
| $a_5 = { 558bec33c055683961410064ff306489 } | |
| $a_6 = { 558bec33c05568c15e410064ff306489 } | |
| $a_7 = { 558bec6a00535633c05568259b400064 } | |
| $a_8 = { 558bec81c468feffff535657c7054097 } | |
| $a_9 = { 558bec53565768987a410068a07a4100 } | |
| $a_10 = { 558bec535684d2740883c4f0e87be5fe } | |
| $a_11 = { 558bec536810694100e85ef1feff8bd8 } | |
| $a_12 = { 558bec83c4f853568bf18bdae8ebffff } | |
| $a_13 = { 558bec5356e8a6effeff8bda8bf033c0 } | |
| $a_14 = { 558bec33c05568c960410064ff306489 } | |
| $a_15 = { 558bec538bd88bc3e88f3affff506a00 } | |
| $a_16 = { 558bec33c05568415f410064ff306489 } | |
| $a_17 = { 558bec53568bf06a008bc68b18ff5364 } | |
| $a_18 = { 558bec51538bda8945fc8b45fce8c6c6 } | |
| $a_19 = { 558bec33c05568b961410064ff306489 } | |
| $a_20 = { 558bec81c400ffffff53568bda8bf085 } | |
| $a_21 = { 558bec5153568bf28bd88d55ffb90100 } | |
| $a_22 = { 558bec6a00538bd833c0556826d94000 } | |
| $a_23 = { 558bec33c05568015d410064ff306489 } | |
| $a_24 = { 558bec33c05568c964410064ff306489 } | |
| $a_25 = { 558bec83c4f8e82914ffff8855fb8945 } | |
| $a_26 = { 558becb201e816ffffff5dc3558bec33 } | |
| $a_27 = { 558bec33c05568c95c410064ff306489 } | |
| $a_28 = { 558bec535684d2740883c4f0e8affffe } | |
| $a_29 = { 558bec33c05568395d410064ff306489 } | |
| $a_30 = { 558bec53565784d2740883c4f0e8d603 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Bulord_3f06cabf3acfb8fb358a0cbdfc2aeca27712da6eb24f9b24bf751aaebd1d5115 { | |
| strings: | |
| $a_2 = { 558bec535657bfd8184400833f00756c } | |
| $a_3 = { 558bec81c498feffff8945fc8b45fce8 } | |
| $a_4 = { 558bec33c05568d580410064ff306489 } | |
| $a_5 = { 558bf28bd833ff8bc3e8a784ffff508b } | |
| $a_6 = { 558b45a0e8dfa9fcff508d45a0e82eac } | |
| $a_7 = { 558bec33c055680195430064ff306489 } | |
| $a_8 = { 558bec535657bf301644008b470885c0 } | |
| $a_9 = { 558bec33d25568961a400064ff326489 } | |
| $a_10 = { 558bec5356578bf033c0556836ac4300 } | |
| $a_11 = { 558bec538bd8a158184400e888ffffff } | |
| $a_12 = { 558bec33c05568790a410064ff306489 } | |
| $a_13 = { 558bec33c055684069410064ff306489 } | |
| $a_14 = { 558bec33c05568e544430064ff306489 } | |
| $a_15 = { 558bec33c05568f85c410064ff306489 } | |
| $a_16 = { 558bec33c05568d60b410064ff306489 } | |
| $a_17 = { 558bec81c4a8faffff5356578955f889 } | |
| $a_18 = { 558bec53803dbc154400000f84cc0000 } | |
| $a_19 = { 558bec33c055680188410064ff306489 } | |
| $a_20 = { 558bce2bcb418bd38bc7e800cbffff5d } | |
| $a_21 = { 558bec538bd8833d3c17440012753a83 } | |
| $a_22 = { 558bec81c4dcfeffff5356578945fc8b } | |
| $a_23 = { 558bec538b5d085368b1d7000068302e } | |
| $a_24 = { 558bec83c4f48d55f4e876d0ffff8945 } | |
| $a_25 = { 558bec33c055682973430064ff306489 } | |
| $a_26 = { 558bece8d8f2ffff5531c96830424000 } | |
| $a_27 = { 558bec6a0053568bf18bda33c0556880 } | |
| $a_28 = { 558bec51568bf06a208bcaa1d4154100 } | |
| $a_29 = { 558bec33c05568c581430064ff306489 } | |
| $a_30 = { 558bec33c05568d966430064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Buskill_6133ede4f1f0d0050d1ef1b7a5d6b533b4638902b182ee565df81f9e4bbf737a { | |
| strings: | |
| $a_2 = { 558beca010c04200a2c0c541005dc3cc } | |
| $a_3 = { 558bece811120000c705043041000000 } | |
| $a_4 = { 558bec535657556a006a0068d8f34000 } | |
| $a_5 = { 558bec51518d45f850ff15fcc142008b } | |
| $a_6 = { 558bec83ec185356ff750c8d4de8e847 } | |
| $a_7 = { 558bec83ec10ff75088d4df0e8e545ff } | |
| $a_8 = { 558bec83ec10ff750c8d4df0e8798aff } | |
| $a_9 = { 558bec51568d45fc33f6508975fce8e2 } | |
| $a_10 = { 558bec83ec30a16034410033c58945fc } | |
| $a_11 = { 558bec83ec088b45088945f88be55dc3 } | |
| $a_12 = { 558bec83ec10ff75088d4df0e8cd55ff } | |
| $a_13 = { 558bec8b450850e8830e000083c4045d } | |
| $a_14 = { 558bec8b4508ff34c560374100ff1524 } | |
| $a_15 = { 558bec5151a16034410033c58945fca1 } | |
| $a_16 = { 558bec8b450c508b4d0851e8500a0000 } | |
| $a_17 = { 558bec5151535633f6578b3ddcc84100 } | |
| $a_18 = { 558becff3588c64100e81418000085c0 } | |
| $a_19 = { 558bec51568b750c56e8d4a8ffff8945 } | |
| $a_20 = { 558bec83ec0c5333db391d2cd2410056 } | |
| $a_21 = { 558bec33c039053ccd410050ff7510ff } | |
| $a_22 = { 558bec83ec1056ff750c8d4df0e85ee8 } | |
| $a_23 = { 558bec83ec0ca16034410033c58945fc } | |
| $a_24 = { 558bec83e4f081ec84000000a1603441 } | |
| $a_25 = { 558bec83ec10ff75088d4df0e8ea43ff } | |
| $a_26 = { 558bec5356576a006a00681baa400051 } | |
| $a_27 = { 558bec83ec145657ff75088d4dece834 } | |
| $a_28 = { 558bec81ec28030000a378ce4100890d } | |
| $a_29 = { 558bec83ec14a16034410033c58945fc } | |
| $a_30 = { 558bec83ec1056ff750c8d4df0e8ede7 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Bustem_d08f463577ff5e3e2a64ad66589d688709ed74c2a5b6632c433349da750b6427 { | |
| strings: | |
| $a_2 = { 558bec83ec10ff75088d4df0e8eae8ff } | |
| $a_3 = { 558bec56ff75088bf1e83c84ffffc706 } | |
| $a_4 = { 558bec6afe685872410068e0bb400064 } | |
| $a_5 = { 558bec8b450c568b75088906e86a3800 } | |
| $a_6 = { 558bec83ec2c894de4e9000000008b45 } | |
| $a_7 = { 558bec81ec1c010000898de4feffffe9 } | |
| $a_8 = { 558bec83e4f86aff68281d410064a100 } | |
| $a_9 = { 558becff7508ff15682041005dc38bff } | |
| $a_10 = { 558bec8b45088b0d5c8e410056395004 } | |
| $a_11 = { 558bec83ec0ce9000000008b45088945 } | |
| $a_12 = { 558bec8b45085633f63bc6751de8f7c7 } | |
| $a_13 = { 558bec8b4508a3a89c4100a3ac9c4100 } | |
| $a_14 = { 558bec83ec5057894db0e9000000008b } | |
| $a_15 = { 558bec83e4f86aff68861c410064a100 } | |
| $a_16 = { 558bec51894dfce9000000008b45fc50 } | |
| $a_17 = { 558bec53568b3560204100578b7d0857 } | |
| $a_18 = { 558b8d14f5ffff83c101898d14f5ffff } | |
| $a_19 = { 558bec83ec08894df8e9000000008b45 } | |
| $a_20 = { 558b3783c70489bddcfdffffe81adbff } | |
| $a_21 = { 558bec833d5c9341000075108b45088d } | |
| $a_22 = { 558bec565733f6ff7508e8abe2ffff8b } | |
| $a_23 = { 558bec83ec08e9000000008b450c8d4c } | |
| $a_24 = { 558bec8b4508a3d49c41005dc38bff55 } | |
| $a_25 = { 558bec6a0a6a00ff7508e83d02000083 } | |
| $a_26 = { 558bec8b4508a32c9b41005dc38bff55 } | |
| $a_27 = { 558bec83ec38894df8e900000000837d } | |
| $a_28 = { 558bec535657556a006a0068fc164100 } | |
| $a_29 = { 558becb8e41a0000e8ba3b0000a1e880 } | |
| $a_30 = { 558bec56e81f3800008b75083bb09800 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Buterat_be34b4069be3b4a92da44e9614a25b094dae4818fd76eb3e7931d952dc5342f0 { | |
| strings: | |
| $a_2 = { 558bec6aff68f9e24b0064a100000000 } | |
| $a_3 = { 558bec6aff68b7be4b0064a100000000 } | |
| $a_4 = { 558bec6aff68d8db4b0064a100000000 } | |
| $a_5 = { 558bec8b450885c07e1b69c0e8030000 } | |
| $a_6 = { 558bec51568b75086a00686c204d0056 } | |
| $a_7 = { 558bec6aff6830724c0064a100000000 } | |
| $a_8 = { 558bec6aff683da14b0064a100000000 } | |
| $a_9 = { 558bec81ec84000000a190794f0033c5 } | |
| $a_10 = { 558bec6aff68335f4c0064a100000000 } | |
| $a_11 = { 558bec6aff68e0cb4b0064a100000000 } | |
| $a_12 = { 558bec5de9abf8ffff558bec5de95bfa } | |
| $a_13 = { 558becff7508ff35d47b4f00ff15d491 } | |
| $a_14 = { 558bec6aff68e3a94b0064a100000000 } | |
| $a_15 = { 558bec8b45088b400c85c074188b5514 } | |
| $a_16 = { 558bec6aff6810344c0064a100000000 } | |
| $a_17 = { 558bec5151a134a94f008a0084c0750c } | |
| $a_18 = { 558bec568bf18b460850c7063c6f4d00 } | |
| $a_19 = { 558bec538b5d083b5d0c747856578b7d } | |
| $a_20 = { 558bec6aff68f8124c0064a100000000 } | |
| $a_21 = { 558bec568b7508578bf98d4f5085f675 } | |
| $a_22 = { 558bec6aff68fd004c0064a100000000 } | |
| $a_23 = { 558bec0fb6450883c1085150e8886703 } | |
| $a_24 = { 558bec5153568b7508578d450c508d55 } | |
| $a_25 = { 558bec6aff687e364c0064a100000000 } | |
| $a_26 = { 558bec51a190794f0033c58945fc8b55 } | |
| $a_27 = { 558bec6aff6819bd4b0064a100000000 } | |
| $a_28 = { 558bec56ff75088bf1e8e89bffffc706 } | |
| $a_29 = { 558becff7508ff1598904c005dc38bff } | |
| $a_30 = { 558bec6aff6878d84b0064a100000000 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Buzus_7fdf36f46adac244370be36b737c38e31d2e29f9f873ca586fc5624b6c0c6791 { | |
| strings: | |
| $a_2 = { 558b61de14a1672d0472e07451ffdad0 } | |
| $a_3 = { 558b83a21d925a2500dccb9d12dad1c9 } | |
| $a_4 = { 558bea4db492ce5acad5f40d2bad0972 } | |
| $a_5 = { 558bc22066b284640052b26680ea17f6 } | |
| $a_6 = { 558b3438ae19391f24883559c44865c1 } | |
| $a_7 = { 558bea15f79ab3a0344960080571f62d } | |
| $a_8 = { 558b78325ac8eaed004ba2e2bf93a03d } | |
| $a_9 = { 5589e5f5c544232406bbece3128b0cef } | |
| $a_10 = { 558b4a2feaa074ec18b8b700617fd7f5 } | |
| $a_11 = { 558b56e6ad6a93008a816a6b78be0845 } | |
| $a_12 = { 558b805e582c51c017cf90e003e6a909 } | |
| $a_13 = { 558bfa5ef3eff6436a40e8d228a12bc1 } | |
| $a_14 = { 558b82a2ddc3652b4993712c8526fd7a } | |
| $a_15 = { 558bcc9fe9321efd0a25ee3299495114 } | |
| $a_16 = { 558b3b866805942225145027963aff90 } | |
| $a_17 = { 558bb6d53c9d2de97080e108c258f639 } | |
| $a_18 = { 558bec83c456d8ee025a81ea9135008b } | |
| $a_19 = { 558be9669af8cd0acb8e25fc674ec1ed } | |
| condition: | |
| 15 of them | |
| } | |
| rule BackdoorWin32Cakl_7aa7e40339d37d5553a3f3ad78190d00a503576d2b8b6d23bf22899db751b28a { | |
| strings: | |
| $a_2 = { 558bec6a006a005356578b5d2c8b750c } | |
| $a_3 = { 558bec51538bda8945fc8b45fce86adb } | |
| $a_4 = { 558bec83c4f48b45088b108955f48b50 } | |
| $a_5 = { 558bec83c4ac538d45bc33c9ba440000 } | |
| $a_6 = { 558bec6a0033c055687050400064ff30 } | |
| $a_7 = { 558bec33c055683f26400064ff306489 } | |
| $a_8 = { 558bec6a006a005356578b5d308b751c } | |
| $a_9 = { 558bec83c4b4b8fc504000e85cd3ffff } | |
| $a_10 = { 558bec538b5d0868f44d400053e866d9 } | |
| $a_11 = { 558bec33c05568f350400064ff306489 } | |
| $a_12 = { 558bec538b4d088b890cffffff8b5d08 } | |
| $a_13 = { 558bce2bcb418bd38bc7e8fceaffff5d } | |
| $a_14 = { 558bec56578b4508c640ff008b4508c6 } | |
| $a_15 = { 558bea8bf88bc7e831e9ffff8bf0bb01 } | |
| $a_16 = { 558bf98bea8bf0b8041940003b050c60 } | |
| $a_17 = { 558bec5153568b750883c6c4ff068b06 } | |
| $a_18 = { 558bec6a006a0053568b5d0833c05568 } | |
| $a_19 = { 558bec6a006a0053568b5d0c33c05568 } | |
| $a_20 = { 558bec6a006a005356578b5d308b7510 } | |
| $a_21 = { 558bec83c4f053568955fc8bf08b45fc } | |
| $a_22 = { 558b9500ffffff8b85fcfeffffe896fe } | |
| $a_23 = { 558bec81c4fcfeffff5356898d08ffff } | |
| $a_24 = { 558bec538b4d0883b90cffffff007505 } | |
| $a_25 = { 558b065053576a006a00e81aeeffff81 } | |
| $a_26 = { 558bec5356578bd88b45088b40d88b55 } | |
| $a_27 = { 558bec83c4c45356894dd48955cc8bf0 } | |
| $a_28 = { 558bec6a006a005356578b5d0c8b7508 } | |
| $a_29 = { 558bec6a006a005356578b5d1833c055 } | |
| $a_30 = { 558bec33c055689d2c400064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Caphaw_f6abc629553ca3262f366d49b0fa3bfb70353bd23b065cfb797a17ea0709d1ff { | |
| strings: | |
| $a_2 = { 558bec83ec10a150c2420053bb90c442 } | |
| $a_3 = { 558bec5633f646393514cc4200577510 } | |
| $a_4 = { 558bec83ec44c745f800000000c745c8 } | |
| $a_5 = { 558bec5151833dc8cd420000538b5d08 } | |
| $a_6 = { 558bec83ec30a150c242008945fc8b45 } | |
| $a_7 = { 558bec83ec2033c08be55dc21000cccc } | |
| $a_8 = { 558bec8b450803450c8a005dc3cccccc } | |
| $a_9 = { 558bec83ec28a150c24200538b5d0c89 } | |
| $a_10 = { 558bec83ec10a150c2420085c074073d } | |
| $a_11 = { 558bec83ec14a150c24200538b5d1033 } | |
| $a_12 = { 558bec83e4f081ec84000000a150c242 } | |
| $a_13 = { 558bec53568b750857ff7604ff36e8bd } | |
| $a_14 = { 558bec83ec38c745e000000000c745ec } | |
| $a_15 = { 558bec83ec1c53c745f800000000c645 } | |
| $a_16 = { 558bec5151dd0540b14000dd4508dae9 } | |
| $a_17 = { 558bec83ec105333db391d58cd420056 } | |
| $a_18 = { 558bec803dbccb42000053565774278b } | |
| $a_19 = { 558bec83ec10a150c242008945fc5657 } | |
| $a_20 = { 558bec83ec18dd05c0b14000dd5df8dd } | |
| $a_21 = { 558bec81ec18050000a150c242008945 } | |
| $a_22 = { 558bec83ec0ca150c242006a068945fc } | |
| $a_23 = { 558bec518b45088a4d0c880832c08be5 } | |
| $a_24 = { 558bec83ec1ca150c2420053568b7508 } | |
| $a_25 = { 558b78db1c8b71e4fa16ea4d11e52e86 } | |
| $a_26 = { 558bec83ec148b4d08a124d042008b15 } | |
| $a_27 = { 558bec83ec4c5356576a0458e8dec0ff } | |
| $a_28 = { 558bec83ec448b45d88be55dc21000cc } | |
| $a_29 = { 558bec8b5508a1e0c1420053b960c142 } | |
| $a_30 = { 558bec83ec5ca150c242008945fc538d } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Carrotime_fcb7caf3c07dd2d297f8b6a2f7b685b71baf96a2b4a39bf307afaf9f3fdd0f3a { | |
| strings: | |
| $a_2 = { 558bec833d8c534200017505e8be1a00 } | |
| $a_3 = { 558bec83ec1856a108534200e9cc0000 } | |
| $a_4 = { 558bec51833db8514200fe7505e89d06 } | |
| $a_5 = { 558bece8e8ffffffb8010000005dc3cc } | |
| $a_6 = { 558bec81ec880100005356578955c889 } | |
| $a_7 = { 558bec568b750885f67515e89fd5ffff } | |
| $a_8 = { 558bec83ec10a1204042008365f80083 } | |
| $a_9 = { 558bec83ec10ff75088d4df0e8fcb6ff } | |
| $a_10 = { 558beca1084042008b0d0c4042005dc3 } | |
| $a_11 = { 558bec81ec28030000a3a0544200890d } | |
| $a_12 = { 558bec83ec10ff75088d4df0e8119fff } | |
| $a_13 = { 558bec83ec0c5333db5657391d0c6142 } | |
| $a_14 = { 558bec565733f6ff750cff7508e8b02a } | |
| $a_15 = { 558bec5153568b353810420057ff3508 } | |
| $a_16 = { 558bec81ec7401000056894df4dd0520 } | |
| $a_17 = { 558bec81ec9000000056b91e000000e8 } | |
| $a_18 = { 558bec83ec088955f8894dfc8b45f88b } | |
| $a_19 = { 558bec83ec10a12040420033c58945fc } | |
| $a_20 = { 558bec81ecc8010000a12040420033c5 } | |
| $a_21 = { 558bec83ec2456894df4837df4007507 } | |
| $a_22 = { 558bec8b4508b9304042003bc1721f3d } | |
| $a_23 = { 558bece868090000b8010000005dc3cc } | |
| $a_24 = { 558bec83ec20568855f8884dfc0fb645 } | |
| $a_25 = { 558bec837d08007515e8a873ffffc700 } | |
| $a_26 = { 558bec83ec2056894df8c745fc000000 } | |
| $a_27 = { 558bec8b4508a3945342005dc38bff55 } | |
| $a_28 = { 558bec568b75085756e85d0300005983 } | |
| $a_29 = { 558bec83ec30b970364100e860260100 } | |
| $a_30 = { 558bec8b4508a3c05f42005dc38bff55 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Ceckno_d4761220e6cbbb1358a790799b5197a5d1afc7c07ce655319b4e441c9aafed60 { | |
| strings: | |
| $a_2 = { 558bec6a00538bd833c055684b684000 } | |
| $a_3 = { 558bec83c4f48b45088b108955f48b50 } | |
| $a_4 = { 558bf0bf00a64000bd04a640008b1df8 } | |
| $a_5 = { 558bec83c4f85356578945fca12c9040 } | |
| $a_6 = { 558bec83c4f853568945fc8b45fc8b55 } | |
| $a_7 = { 558bec83c4f05356578bda85db78078b } | |
| $a_8 = { 558bec33c055686946400064ff306489 } | |
| $a_9 = { 558bf28bd8eb0853e874eaffff8bd88a } | |
| $a_10 = { 558bec33c055680944400064ff306489 } | |
| $a_11 = { 558bec83c4f88945fc8b45fce857edff } | |
| $a_12 = { 558bec33c05568c641400064ff306489 } | |
| $a_13 = { 558bec33c05568d143400064ff306489 } | |
| $a_14 = { 558bec33c05568a14a400064ff306489 } | |
| $a_15 = { 558bec515356578945fc8b45fce842bf } | |
| $a_16 = { 558bec33c05568c94b400064ff306489 } | |
| $a_17 = { 558bec83c4f40fb705189040008945f8 } | |
| $a_18 = { 558bec83c4ec56578b45088bf08d7dec } | |
| $a_19 = { 558bec6a006a0053565733c055689078 } | |
| $a_20 = { 558bec515356578bf28bd8803daca540 } | |
| $a_21 = { 558becff7508e8e9feffff5dc2040090 } | |
| $a_22 = { 558bec83c4f833c08945f833c0556808 } | |
| $a_23 = { 558bec33c05568d94a400064ff306489 } | |
| $a_24 = { 558bec33c05568d14c400064ff306489 } | |
| $a_25 = { 558bec8b450883f8050f8739010000ff } | |
| $a_26 = { 558bec83c4c8535657894dd88bda8945 } | |
| $a_27 = { 558bec6a006a0053565733c055689a79 } | |
| $a_28 = { 558bec83c4f45333d28955f48945fc8b } | |
| $a_29 = { 558bec33c9515151515356be10a74000 } | |
| $a_30 = { 558bec83c4f0b8088d4000e8a8b5ffff } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Cinasquel_9eb906fb32788f5fb9c77c1c610d35b948a63c4c38c6fa5829fac7de49fb4c33 { | |
| strings: | |
| $a_2 = { 558b1bb0eedefd3783e804743e48740e } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Cmjspy_4be85d41f680380d6378adc52bdda7906e6f07752cfe4f72b9a7c85eebbbc1bd { | |
| strings: | |
| $a_2 = { 558bec83c4d4e8ca7813008855d78945 } | |
| $a_3 = { 558bec83c4f08855fb8945fc8b45fce8 } | |
| $a_4 = { 558bec83c4dcb8e8de5500e8448f0e00 } | |
| $a_5 = { 558bec83c4f88855fb8945fc8b45fc83 } | |
| $a_6 = { 558bec83c49433c05356578b5d08c645 } | |
| $a_7 = { 558bec8a450c5dc3558bec518b45088a } | |
| $a_8 = { 558bec83c4dcb8f8e05500e8d8880e00 } | |
| $a_9 = { 558bec83c4d85356576a0ea170245700 } | |
| $a_10 = { 558bec53565784d2740883c4f0e82ab3 } | |
| $a_11 = { 558bec83c4ccb894e45600e8ac8bfeff } | |
| $a_12 = { 558bec83c4985389559c8945a0b8e08b } | |
| $a_13 = { 558bec81c46cffffffb8fcdc5500e84d } | |
| $a_14 = { 558bec83c4c88955cc8945d0b8d0bc55 } | |
| $a_15 = { 558bece8a43d0e0033d28910ff750cff } | |
| $a_16 = { 558bec83c4c0b86c765500e8788f0f00 } | |
| $a_17 = { 558bec83c4f88b4508ff7010e837b90d } | |
| $a_18 = { 558bec33c055687158470064ff306489 } | |
| $a_19 = { 558bec83c4f8e8e52805008855fb8945 } | |
| $a_20 = { 558bec5153568bf28945fc837dfc0074 } | |
| $a_21 = { 558bec83c4c4894df48955f88945fc8b } | |
| $a_22 = { 558bec83c4ec8955f88845ffc745f4ff } | |
| $a_23 = { 558bec83c4f0884dfa8855fb8945fc8b } | |
| $a_24 = { 558bec81c454ffffffb8a0f556005356 } | |
| $a_25 = { 558bec83c4f48945fc8b45fc8b1538a3 } | |
| $a_26 = { 558bec83c4c45356578955c48945c8b8 } | |
| $a_27 = { 558bec83c4f88945fc8b45fce833e409 } | |
| $a_28 = { 558bec518945fc8b45fc8b8024020000 } | |
| $a_29 = { 558bec83c4e4538945fcb201a138ff4b } | |
| $a_30 = { 558bec83c4f88b45088b108b4a084989 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Comfoo_db25d2b99ea457a0fb0a2872ced7419f4315801bc57bfe2fa5c7da6cfd6749b2 { | |
| strings: | |
| $a_2 = { 558bec6aff68d8120110681807011064 } | |
| $a_3 = { 558bec6aff6888130110681807011064 } | |
| $a_4 = { 558bec83ec20568bf1576898300110c7 } | |
| $a_5 = { 558bec6aff684b0a011064a100000000 } | |
| $a_6 = { 558bec6aff6818130110681807011064 } | |
| $a_7 = { 558b6c240c568bd1578db3160100008b } | |
| $a_8 = { 558b2d60100110568b352c100110578b } | |
| $a_9 = { 558bac24100100008bd985ed750d5d33 } | |
| $a_10 = { 558bf0ff15141201106a018bd8ff1514 } | |
| $a_11 = { 558bac242401000056578bbc24200100 } | |
| $a_12 = { 558be956578b85201500008d9d201500 } | |
| $a_13 = { 558b2dc811011033c98bfb8a8c069401 } | |
| $a_14 = { 558b6c240c56578b7c241c33f68bc76a } | |
| $a_15 = { 558b2d9810011056576a406800100000 } | |
| $a_16 = { 558bac241001000056578bfdf2aef7d1 } | |
| $a_17 = { 558bec6aff68c8120110681807011064 } | |
| $a_18 = { 558b2d701001108d9424400100008d84 } | |
| $a_19 = { 558bac24c0010000565755536a596800 } | |
| $a_20 = { 558b6c24145685ed578bd9b801000000 } | |
| $a_21 = { 558bec6aff68c8130110681807011064 } | |
| $a_22 = { 558bec6aff685031400068102f400064 } | |
| $a_23 = { 558bec6aff6888120110681807011064 } | |
| $a_24 = { 558bec6aff6898130110681807011064 } | |
| $a_25 = { 558bec6aff6838130110681807011064 } | |
| $a_26 = { 558bec6aff688031400068102f400064 } | |
| $a_27 = { 558bec6aff68600b011064a100000000 } | |
| $a_28 = { 558bec6aff6848130110681807011064 } | |
| $a_29 = { 558bec6aff68b8120110681807011064 } | |
| $a_30 = { 558bec6aff6868130110681807011064 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Coolvidoor_ae40d3ef44fe0f4b18be67af7aebd41798430cd83ee838ec387360c439adfecd { | |
| strings: | |
| $a_2 = { 558bec33c98a4d0c8b45088b5510e8b9 } | |
| $a_3 = { 558bec81c430feffff53565733d28955 } | |
| $a_4 = { 558bec51538945fc8b45fce82c1bfbff } | |
| $a_5 = { 558bec515356578bf28bd8803dc49546 } | |
| $a_6 = { 558bec33c0556898f3410064ff306489 } | |
| $a_7 = { 558bec33c951515151538845ff33c055 } | |
| $a_8 = { 558bec53565733c05568009a410064ff } | |
| $a_9 = { 558bec6a006a0053565733c055688a3f } | |
| $a_10 = { 558bec33c055681d5f440064ff306489 } | |
| $a_11 = { 558bec81c468feffff535657c7054097 } | |
| $a_12 = { 558bec53568b5d088d430450e827aeff } | |
| $a_13 = { 558bec33c055689146410064ff306489 } | |
| $a_14 = { 558bec6a006a00538bd833c05568663b } | |
| $a_15 = { 558bec538bd88bc3e82b27ffff506a00 } | |
| $a_16 = { 558bec33c05568c181440064ff306489 } | |
| $a_17 = { 558bec33c0556838e2400064ff306489 } | |
| $a_18 = { 558bec8b45088078fe0075548b450880 } | |
| $a_19 = { 558bec81c4ecfdffff53565733d28995 } | |
| $a_20 = { 558bec535657bf88984600833f00756c } | |
| $a_21 = { 558bec515356578bd88bc3e89cd3faff } | |
| $a_22 = { 558bea8bf88bc7e89dc5ffff8bf0bb01 } | |
| $a_23 = { 558bec33c05568a4c8410064ff306489 } | |
| $a_24 = { 558bec83c4f8538bd8c645ff00e86201 } | |
| $a_25 = { 558bec83c4bc53565733c9894dd48855 } | |
| $a_26 = { 558bec33c055682d6c400064ff306489 } | |
| $a_27 = { 558bec5153568bd98955fc8b45fce815 } | |
| $a_28 = { 558bec83c4d853a168964600a3344446 } | |
| $a_29 = { 558bec6a0033c05568329f420064ff30 } | |
| $a_30 = { 558bec5331db89c1dd4508d88ba04146 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32CosmicDuke_98ada71f27db039a6f7532a8d35832397428bf4e24dc2f4ba6b658bfa10d500e { | |
| strings: | |
| $a_2 = { 558bec33c08a88b8ba45003a4d087409 } | |
| $a_3 = { 558bec5de9c01c00008bff558bece815 } | |
| $a_4 = { 558bec5633f6393574794e007422e813 } | |
| $a_5 = { 558bec53568b35a4704500578b7d0857 } | |
| $a_6 = { 558bec51894dfce8842500008b4dfc66 } | |
| $a_7 = { 558bec6aff687049450064a100000000 } | |
| $a_8 = { 558bec83ec105356ff75108d4df0e8f1 } | |
| $a_9 = { 558bec6aff68d45f450064a100000000 } | |
| $a_10 = { 558bec8d450c506a00ff7508e811da00 } | |
| $a_11 = { 558bec83ec4c568d45b450ff15d87045 } | |
| $a_12 = { 558bec83ec308365dc008365e000568b } | |
| $a_13 = { 558bec833d584146000075065de91880 } | |
| $a_14 = { 558bec33c03905ec684e007527394508 } | |
| $a_15 = { 558bec6aff685856450064a100000000 } | |
| $a_16 = { 558bec6aff68d85c450064a100000000 } | |
| $a_17 = { 558bec51894dfc8b4dfc83c104e81a9e } | |
| $a_18 = { 558bec51894dfc8b45fc833800751768 } | |
| $a_19 = { 558bec83ec10a10c47460033c58945fc } | |
| $a_20 = { 558bec568bf085f6745b837e38007455 } | |
| $a_21 = { 558bec8b4d0885c97515e886bdffffc7 } | |
| $a_22 = { 558becff750c6a0a6a00ff7508e88329 } | |
| $a_23 = { 558bec6aff68005a450064a100000000 } | |
| $a_24 = { 558bec83ec105753e8130e02008365f8 } | |
| $a_25 = { 558bec51894dfc8b4dfce8912800008b } | |
| $a_26 = { 558bec83ec10a188764e0033d253568b } | |
| $a_27 = { 558becff35a0734e00ff15bc70450085 } | |
| $a_28 = { 558bec83ec08894df88b4d08e82faeff } | |
| $a_29 = { 558bec51894dfc8b45fcc70004ad4500 } | |
| $a_30 = { 558becf745080001000056578bf0747a } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Cyspetel_45ed7d8b5f4248745056636020ff0c3fc561490f56c92b7e872f50fafb9b120c { | |
| strings: | |
| $a_2 = { 558bec83ec34a15452460033c58945fc } | |
| $a_3 = { 558bec6aff68bb2f450064a100000000 } | |
| $a_4 = { 558bec6aff68502e450064a100000000 } | |
| $a_5 = { 558bec83ec0c56894df48d4dfc3bca75 } | |
| $a_6 = { 558b6c24182bc1555003ca51e8b03b00 } | |
| $a_7 = { 558bec83ec10ff75088d4df0e82319ff } | |
| $a_8 = { 558bec6aff680b30450064a100000000 } | |
| $a_9 = { 558bec83ec305356ff75088d4dd0e88a } | |
| $a_10 = { 558bec5383f800730a5053505b5833d8 } | |
| $a_11 = { 558bec83ec18565733ff68445445008d } | |
| $a_12 = { 558bec83ec10a1545246008365f80083 } | |
| $a_13 = { 558bec6aff685936450064a100000000 } | |
| $a_14 = { 558b6c2408568bf08bc5e8b1fdffff8b } | |
| $a_15 = { 558b6c2410396b1456578bf17305e81e } | |
| $a_16 = { 558bec83ec0c53894df433c0e81ffcff } | |
| $a_17 = { 558bec83ec18dd0538144600dd5df0dd } | |
| $a_18 = { 558bec83ec1053ff75148d4df0e839d6 } | |
| $a_19 = { 558bec6aff68f83c450064a100000000 } | |
| $a_20 = { 558bec5633f63935b86f460075393975 } | |
| $a_21 = { 558bec6aff68102e450064a100000000 } | |
| $a_22 = { 558bc62bc73b442428c606000f825102 } | |
| $a_23 = { 558bec6aff685133450064a100000000 } | |
| $a_24 = { 558bec51518d45f850ff15bc5145008b } | |
| $a_25 = { 558bcee83e0700008b7e043b7e087605 } | |
| $a_26 = { 558be98b85483500005683e81057c745 } | |
| $a_27 = { 558bec6aff682f3e450064a100000000 } | |
| $a_28 = { 558bec535657556a006a0068e4d44100 } | |
| $a_29 = { 558b6c24345633f6578974240c8d7c24 } | |
| $a_30 = { 558bec83e4f883ec0c538bd98b4b0485 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Damatak_69448f5af54c4c1193e750ea2558c0c410682ee5a4a1123a61fb686b6085f7ae { | |
| strings: | |
| $a_2 = { 558bec83ec108b45085356578b483c33 } | |
| $a_3 = { 558bec83ec1c57ff750cff7508e87e00 } | |
| $a_4 = { 558bec83ec108b4d085356578b793c03 } | |
| $a_5 = { 558bec68bc424000ff7508e880ffffff } | |
| $a_6 = { 558bec8b45088bc881e1ff0f00002bc1 } | |
| $a_7 = { 558bec83ec18538b5d0833d2565733f6 } | |
| condition: | |
| 6 of them | |
| } | |
| rule BackdoorWin32Darkddoser_87bf24454baeaeb2c337799af718f6e4eb48d6c75b7847d69dd242ea1da701fc { | |
| strings: | |
| $a_2 = { 558b9ff4e0d4001e7d10a400c9231f22 } | |
| $a_3 = { 558be88db5bb444e83c60481e6826db1 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Darkddoser_8cd8efcc2d3a05c53d93c3493e1605ec719a9c6e96875a55ae4111fdcc784273 { | |
| strings: | |
| $a_2 = { 558bec6a00538bd833c05568be384100 } | |
| $a_3 = { 558bec81c490f9ffff53565733c08945 } | |
| $a_4 = { 558bec6a005633c055683300410064ff } | |
| $a_5 = { 558bec33c05568beaa400064ff306489 } | |
| $a_6 = { 558bec83c4ec535657bef0154200c706 } | |
| $a_7 = { 558bec33c0556807ad400064ff306489 } | |
| $a_8 = { 558bec6a0033c05568c62c410064ff30 } | |
| $a_9 = { 558bec518945fc33d25568f85e400064 } | |
| $a_10 = { 558bec6a00538bd833c0556872384100 } | |
| $a_11 = { 558bc3e81df8ffff59eb0c55b860f340 } | |
| $a_12 = { 558bec6a0033c055682231410064ff30 } | |
| $a_13 = { 558bec5356578bf98bda8bf08bc6e8e1 } | |
| $a_14 = { 558bec538bd88bc3e86fe9feff506a00 } | |
| $a_15 = { 558bec6a00535633c0556889ff400064 } | |
| $a_16 = { 558bec51535657a1d007420085c07451 } | |
| $a_17 = { 558bec6a0033c05568b62d410064ff30 } | |
| $a_18 = { 558bec33c05568441d410064ff306489 } | |
| $a_19 = { 558bec83c4f85356578945fca138d041 } | |
| $a_20 = { 558bec33c055681590410064ff306489 } | |
| $a_21 = { 558bec6a0033c05568d62b410064ff30 } | |
| $a_22 = { 558bec6a006a00538bd833c055688599 } | |
| $a_23 = { 558bec515356578945fc33d25568ef3b } | |
| $a_24 = { 558bec33c055685baf410064ff306489 } | |
| $a_25 = { 558be98bda8bc5e855a0feff8bc3e8ba } | |
| $a_26 = { 558bec33c055685dc2400064ff306489 } | |
| $a_27 = { 558bec5356beb836420068bc364200e8 } | |
| $a_28 = { 558bec33c05568af7e410064ff306489 } | |
| $a_29 = { 558bec83c4f85356578bda85db780ac1 } | |
| $a_30 = { 558bec33c05568bb63400064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32DarkView_af549aaeb006eb38b759046e7ac977dd0f7a541b621124ded929f20cd0de6e76 { | |
| strings: | |
| $a_2 = { 5589e5ff75146a006a00ff7510ff750c } | |
| $a_3 = { 5589e5515356578b451c8945fc8b550c } | |
| $a_4 = { 5589e583ec0c57a1888f01108b158c8f } | |
| $a_5 = { 5589e583ec405356578b7d08c745c007 } | |
| $a_6 = { 5589e5578b7d08ff37e85cefffff837f } | |
| $a_7 = { 5589e583ec0452a10474011050ff152c } | |
| $a_8 = { 5589e583ec04538b5d0831c985db7455 } | |
| $a_9 = { 5589e5ff750cff7508e88afaffff83c4 } | |
| $a_10 = { 5589e553578b7d08578b1fff530857e8 } | |
| $a_11 = { 5589e551505356578b45142b45108945 } | |
| $a_12 = { 5589e55150535657ff3574af0110e84f } | |
| $a_13 = { 5589e55157ff7508ff354caf0110e85e } | |
| $a_14 = { 5589e553578b7d088b07c74014360000 } | |
| $a_15 = { 5589e5515057833d34900110007568e8 } | |
| $a_16 = { 5589e583ec045356578b5d0ca1047401 } | |
| $a_17 = { 5589e55356578b750831db6858af0110 } | |
| $a_18 = { 5589e583ec0c5356578b7d088bb75c01 } | |
| $a_19 = { 5589e557ff35f4af0110e8ea01000089 } | |
| $a_20 = { 5589e5515356578b45088b308b7e1431 } | |
| $a_21 = { 5589e583ec1c57ff3578af0110e8b737 } | |
| $a_22 = { 5589e556578b750868d800000056e8b3 } | |
| $a_23 = { 5589e556578b7d088bb74c01000068d8 } | |
| $a_24 = { 5589e583ec04538b5d0c85db743689da } | |
| $a_25 = { 5589e56a01ff750cff7508e8b4feffff } | |
| $a_26 = { 5589e583ec205356578b7d0c8b470889 } | |
| $a_27 = { 5589e56aff8b4508ff30e875efffff5d } | |
| $a_28 = { 5589e5515056578365fc008365f800ff } | |
| $a_29 = { 558b45f88378040074106a018d45ff50 } | |
| $a_30 = { 5589e58b4508ff700c6a00ff35fca601 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Daromec_61c75644f85769564ac086c838c7dc66f98eb7b402a6ad289adf6628aec3d25a { | |
| strings: | |
| $a_2 = { 558b736120653a9b382c3ae1bd61c2c5 } | |
| $a_3 = { 558bb243ec9af933712d6c3d5099233b } | |
| $a_4 = { 558b941031eec165a4778b9d788fe617 } | |
| $a_5 = { 558b914e9b9ae8b2916bc46c98c84e06 } | |
| $a_6 = { 558bd58bd98bdc8abb17bb17b921b62f } | |
| $a_7 = { 558bff005a7cfd006f69fe00dbdaf100 } | |
| $a_8 = { 558ba5466fbe07c5b972a2da87e3af96 } | |
| $a_9 = { 558b04b1a0e7d8cc6aea5fbe8c2469a7 } | |
| $a_10 = { 558b53504acd261d9d1bd68299718b42 } | |
| $a_11 = { 558b35b8fdc5e32656f29080a7a3603d } | |
| $a_12 = { 558ba5fdb795fc9debb8e4ed0ab523dc } | |
| $a_13 = { 558b2d7c2fd210e0854f6c013f699fc4 } | |
| $a_14 = { 558b885beb5eb7d677baade1f5abc6d7 } | |
| $a_15 = { 558b4fd9ecc5d03e5c3f8dd15d7a6b5a } | |
| $a_16 = { 558bc7ebbf2a692128c0f78574f9fb15 } | |
| $a_17 = { 558b69ae1d04ebc45df35633bc3e8ead } | |
| $a_18 = { 558bbde6b96cf23b24d88df02936796a } | |
| $a_19 = { 558bb90ea0093748249ffa48f76c8d2b } | |
| $a_20 = { 558bcf6547f49edb868d516a6b0fd178 } | |
| $a_21 = { 558b2edba0384af24a8c9078be4f73ca } | |
| condition: | |
| 17 of them | |
| } | |
| rule BackdoorWin32Daserf_a51e4d5810182b75374e467c844141672ffb5a54a3fea781cc5aa58086cf7f07 { | |
| strings: | |
| $a_2 = { 558bec81ec000400005633f6680d2d66 } | |
| $a_3 = { 558bec81ec040400005356be787f6632 } | |
| $a_4 = { 558bec51834dfcff8d45fc56506a20ff } | |
| $a_5 = { 558bec81ec000900008b450c568b352c } | |
| $a_6 = { 558bec6aff68f851663268404d663264 } | |
| $a_7 = { 558bec51518b4514568b750c33d28910 } | |
| $a_8 = { 558bec578b7d1485ff7e1f8a4510b103 } | |
| $a_9 = { 558becb898640000e8e0050000535657 } | |
| $a_10 = { 558bec81ec700400005356576a0f59be } | |
| $a_11 = { 558becb810110000e8661e0000535657 } | |
| $a_12 = { 558bec83ec148b451053568b750c85c0 } | |
| $a_13 = { 558becb814280000e8e12300005333db } | |
| $a_14 = { 558bec8b45105633d28b483c8b70208b } | |
| $a_15 = { 558bec81ecfc05000053568d8524ffff } | |
| $a_16 = { 558bec51578b7d0885ff750733c0e99a } | |
| $a_17 = { 558bec81ec240100008b4d1053568b75 } | |
| $a_18 = { 558bec83ec2c8d45f4684460663250ff } | |
| $a_19 = { 558bec81ec0c08000053565768f40100 } | |
| $a_20 = { 558bec81ecb8060000568b75085756c7 } | |
| $a_21 = { 558bec81ec6001000056578d45a46844 } | |
| $a_22 = { 558bec83ec545633f66a448d45ac5650 } | |
| $a_23 = { 558bec83ec105633f6837d1001c745f0 } | |
| $a_24 = { 558becb86c130000e8512d0000535657 } | |
| $a_25 = { 558becb804380000e8a61f0000535657 } | |
| $a_26 = { 558becb814280000e80c2200005333db } | |
| $a_27 = { 558bec8b4d0833c03945107e10803c08 } | |
| $a_28 = { 558bec83ec10568b35ec5066328d45f0 } | |
| $a_29 = { 558bec81ec880200005356be04010000 } | |
| $a_30 = { 558bec8b450833d2f7750c8b450885d2 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Death_51544109d63a2b531b399e4e9bcb4c38a35acd121c66f48d8c4c209cc1695465 { | |
| strings: | |
| $a_2 = { 558bd9662d0449bdc06a04a31dd89b9f } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Defsel_8188cbd87d8f427a0ce2ef93087d7532980fc23a718bef36a54c863997d1cd1e { | |
| strings: | |
| $a_2 = { 558bec33c05568e5d2141364ff306489 } | |
| $a_3 = { 558bce2bcb418bd38bc7e874e2ffff5d } | |
| $a_4 = { 558bec51538945fc8b45fce8bc5dffff } | |
| $a_5 = { 558bec81c4ccfeffff535633d28995cc } | |
| $a_6 = { 558bece8a0f7ffff5531c96874271413 } | |
| $a_7 = { 558bec51535684d2740883c4f0e872a4 } | |
| $a_8 = { 558bec538b5d085368b1d70000686419 } | |
| $a_9 = { 558bec53568bda8bf08bc3ba8c041513 } | |
| $a_10 = { 558bec33c05568fb07151364ff306489 } | |
| $a_11 = { 558bec51538945fc8b45fce88cecffff } | |
| $a_12 = { 558bec6a0053565733c055680c121513 } | |
| $a_13 = { 558bec33c05568cdbd141364ff306489 } | |
| $a_14 = { 558bec33c05568c105151364ff306489 } | |
| $a_15 = { 558bf28bd88bc6e8f5eaffff8bf88bc3 } | |
| $a_16 = { 558bec33c055687939141364ff306489 } | |
| $a_17 = { 558bec81c484feffff5333db899d84fe } | |
| $a_18 = { 558bec51538bda8945fc8b45fce83a75 } | |
| $a_19 = { 558bec51538945fc8b45fce85c73ffff } | |
| $a_20 = { 558bec83c4f853568855fb8945fc8b45 } | |
| $a_21 = { 558bec538bd18a4d088b18ff135b5dc2 } | |
| $a_22 = { 558bec51538bd86a208bcaa150561413 } | |
| $a_23 = { 558bec33c05568854f141364ff306489 } | |
| $a_24 = { 558bec33c055682d5f141364ff306489 } | |
| $a_25 = { 558bec83c4e053568bd86a006a006a00 } | |
| $a_26 = { 558bec33c05568413f141364ff306489 } | |
| $a_27 = { 558bec83c4f8538bd8c645ff006a64e8 } | |
| $a_28 = { 558bec5153568b45088b40fc668b400a } | |
| $a_29 = { 558bec33c05568236e151364ff306489 } | |
| $a_30 = { 558bec33c05568996e151364ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Degrub_1aeacd8b53d335bc3294db905581a37e2233ec615ebaf0cbc360fafdbee30f79 { | |
| strings: | |
| $a_2 = { 558bec6a00538bd833c0556809204500 } | |
| $a_3 = { 558bec81c444fdffff535633c9898d64 } | |
| $a_4 = { 558bec33c0556841a1420064ff306489 } | |
| $a_5 = { 558bec535657833decfb490000743c33 } | |
| $a_6 = { 558bec33c05568e512430064ff306489 } | |
| $a_7 = { 558bec33c0556823bc490064ff306489 } | |
| $a_8 = { 558bec83c4f8538945fc8b45fce8b652 } | |
| $a_9 = { 558bec8b4508e8ed2cf9ff5dc38d4000 } | |
| $a_10 = { 558bec83c4f8e875e7feff8855fb8945 } | |
| $a_11 = { 558bec33c0556875ee430064ff306489 } | |
| $a_12 = { 558bec33c05568b1c7420064ff306489 } | |
| $a_13 = { 558bec8b4508508b450c505152a110e4 } | |
| $a_14 = { 558bec515356578945fc33c055681ef5 } | |
| $a_15 = { 558bec8b4508508b450c505152a1ece4 } | |
| $a_16 = { 558bec535657ff750833c055687f7648 } | |
| $a_17 = { 558bec515356578945fc33c05568628e } | |
| $a_18 = { 558bec81c468feffff535657c70544f7 } | |
| $a_19 = { 558bec6a0033c055680fa3460064ff30 } | |
| $a_20 = { 558bec33c05568352e480064ff306489 } | |
| $a_21 = { 558bec6a005333c05568e2e4400064ff } | |
| $a_22 = { 558b1c2485db742f8bc366bed6ffe8ac } | |
| $a_23 = { 558bec33c05568b5ca460064ff306489 } | |
| $a_24 = { 558bec33c05568494d490064ff306489 } | |
| $a_25 = { 558bec5356578bf8a168f84900e85ac8 } | |
| $a_26 = { 558bec6a0033c0556856f1400064ff30 } | |
| $a_27 = { 558bec6a0033c05568ce0e470064ff30 } | |
| $a_28 = { 558bec5356a16cfb4900837804000f95 } | |
| $a_29 = { 558bec535657bf38f649008b470885c0 } | |
| $a_30 = { 558bec5356578b7d10803d33f9490000 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Dekara_c95e5a9b1d31ba0585abc075172a608338874af76b942b33dbd6877c3b14b3f9 { | |
| strings: | |
| $a_2 = { 558bec5356578bd98bfa8bf08bc3e851 } | |
| $a_3 = { 558becbae0ad4800b898ba4500e862f3 } | |
| $a_4 = { 558bec53565784d2740883c4f0e8eec9 } | |
| $a_5 = { 558becba58ae4800b8d4c24500e82eeb } | |
| $a_6 = { 558bec83c4f85356578945fca1403048 } | |
| $a_7 = { 558be98bda8bf88bc7e8ff28f9ff8bf0 } | |
| $a_8 = { 558becbaccad4800b860b94500e896f4 } | |
| $a_9 = { 558bec6a006a005333c0556863b74700 } | |
| $a_10 = { 558bec53568bf28bd8a1bca94800e801 } | |
| $a_11 = { 558becbaa4ae4800b81cc84500e8dae5 } | |
| $a_12 = { 558b45fce862e3feffe8f1feffff5988 } | |
| $a_13 = { 558bec51568bf06a208bcaa1703b4100 } | |
| $a_14 = { 558bec5153bb50ab4800a158ab4800e8 } | |
| $a_15 = { 558beca178554800e8cfbdffff5dc204 } | |
| $a_16 = { 558becba18ae4800b868be4500e892ef } | |
| $a_17 = { 558becba5cad4800b85cb24500e8aafb } | |
| $a_18 = { 558bea33db33ff8bc5e85b47faff8bf0 } | |
| $a_19 = { 558bec6a00538bda33c05568f0734600 } | |
| $a_20 = { 558becbad4ad4800b8dcb94500e816f4 } | |
| $a_21 = { 558be833db8b7d108b750c2bf77f174e } | |
| $a_22 = { 558becbabcad4800b840b84500e8c2f5 } | |
| $a_23 = { 558bec6a0033c055687129480064ff30 } | |
| $a_24 = { 558bec83c4f48d55f4e8eec9ffff8945 } | |
| $a_25 = { 558becba28ad4800b880af4500e87afe } | |
| $a_26 = { 558becba70ae4800b88cc44500e86ee9 } | |
| $a_27 = { 558becba7cae4800b870c54500e88ee8 } | |
| $a_28 = { 558bec6a0053568bda33d25568ad5646 } | |
| $a_29 = { 558bec84d2740883c4f0e819ecfeff89 } | |
| $a_30 = { 558bec518945fc8b45fc80781800745d } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Delf_ba96134c6b34993b07c658c5d0859fd8dd7d00454480f096e7b95b9c6815cf45 { | |
| strings: | |
| $a_2 = { 558b27f9a94557b8e4a32ba99aae5a02 } | |
| $a_3 = { 558b8e4ed6d907a3f553c39d302bdd62 } | |
| $a_4 = { 558bce686dcf44338dff5462a5766ffb } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorWin32Deppeels_28d2f5a7f3e93056d7cf6a955a042d4a0af45335cc80e548627079bf221be4d5 { | |
| strings: | |
| $a_2 = { 558bec83ec0c894dfc837d080074538b } | |
| $a_3 = { 558bec83ec34a15c43420033c58945fc } | |
| $a_4 = { 558bec56ff75088bf1e8afd9ffffc706 } | |
| $a_5 = { 558bec5151535633f6578b3d30504200 } | |
| $a_6 = { 558becff7508ff1500f1410085c07506 } | |
| $a_7 = { 558bec5153568bf033db3bf3751ee84c } | |
| $a_8 = { 558bec535657556a006a0068dce64000 } | |
| $a_9 = { 558bec5356578b7d08837f2000bb184c } | |
| $a_10 = { 558bec6aff68a061001068b658001064 } | |
| $a_11 = { 558bec5151a15c43420033c58945fca1 } | |
| $a_12 = { 558bec81ec1c02000053565733db33c0 } | |
| $a_13 = { 558bec83ec4ca15c43420033c58945fc } | |
| $a_14 = { 558bec686cfa4100ff1500f1410085c0 } | |
| $a_15 = { 558bec51535657ff3508b80010e8e5ca } | |
| $a_16 = { 558bec8b45088b0d4c44420056395004 } | |
| $a_17 = { 558bec81eccc0000008b45088945fc8b } | |
| $a_18 = { 558bec8b450c8a008b4d0888015dc38b } | |
| $a_19 = { 558bece87e2c00008b8098000000eb0a } | |
| $a_20 = { 558bec515156e887ecffff8bf085f60f } | |
| $a_21 = { 558bece83a2c0000ff7508e8872a0000 } | |
| $a_22 = { 558bec833d10b800100074196810b800 } | |
| $a_23 = { 558bec568d4508508bf1e8af0c0000c7 } | |
| $a_24 = { 558bec83ec10ff750c8d4df0e8e832ff } | |
| $a_25 = { 558bec8b4508a3b04142005dc3a1b041 } | |
| $a_26 = { 558bec83ec18a15c4342008365e8008d } | |
| $a_27 = { 558beca15c5a42008a008b4d0884c074 } | |
| $a_28 = { 558bec81ec8c020000c645fb006a006a } | |
| $a_29 = { 558bec6803010000ff7508e8d3120000 } | |
| $a_30 = { 558bec83ec0cc645fb00c745fc000000 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Dervec_368b4d4c72b08c42734c6e7d8528a83f53a711bd62be1d8b4b2f9c5e2be0b46b { | |
| strings: | |
| $a_2 = { 558bec837d08007515e8e4beffffc700 } | |
| $a_3 = { 558bec83ec10ff750c8d4df0e8ef73ff } | |
| $a_4 = { 558bec568bf1c706a44c0110e88fffff } | |
| $a_5 = { 558bec6afe68607f011068b088001064 } | |
| $a_6 = { 558bec83ec1056ff750c8d4df0e81882 } | |
| $a_7 = { 558bec568b75085756e8eee6ffff5983 } | |
| $a_8 = { 558bec8b450883f8fe7518e89d9bffff } | |
| $a_9 = { 558bec81ec8c060000a14090011033c5 } | |
| $a_10 = { 558bec51a198b2011053568945fce8cd } | |
| $a_11 = { 558bec837d0800750bff750ce84192ff } | |
| $a_12 = { 558bec6afe68b87c011068b088001064 } | |
| $a_13 = { 558bec8b450885c07515e829d9ffffc7 } | |
| $a_14 = { 558bec833dd8910110ff744b837d0800 } | |
| $a_15 = { 558bec83ec10a14090011033c58945fc } | |
| $a_16 = { 558bec51518d45f850ff15204101108b } | |
| $a_17 = { 558bec8b450833c93b04cd4890011074 } | |
| $a_18 = { 558bec568b750856e80c1d000050e8b0 } | |
| $a_19 = { 558bec56e87f240000e87424000050e8 } | |
| $a_20 = { 558bec56ff75088bf1e845140000c706 } | |
| $a_21 = { 558bec8b4508a3acae01105dc38bff55 } | |
| $a_22 = { 558bec83ec7ca14090011033c58945fc } | |
| $a_23 = { 558bec83ec38a14090011033c58945fc } | |
| $a_24 = { 558bec8b4508ff34c550950110ff157c } | |
| $a_25 = { 558bec81ec28010000a14090011033c5 } | |
| $a_26 = { 558bec6afe68607e011068b088001064 } | |
| $a_27 = { 558bec83ec1853ff75108d4de8e879a7 } | |
| $a_28 = { 558bec8b45088b0d444e011056395004 } | |
| $a_29 = { 558becb84d5a000083ec106639067406 } | |
| $a_30 = { 558bec83ec1c568bf0a198b201108b48 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Dervec_4eb3f3aaadcbd3cba67324b2a153474984c4833e9c7188e3c7e8a1a2373dc122 { | |
| strings: | |
| $a_2 = { 558becff750cff7508ff35f8f24000ff } | |
| $a_3 = { 558bec56e821190000e81619000050e8 } | |
| $a_4 = { 558bec8b4508ff34c580ec4000ff1508 } | |
| $a_5 = { 558bec833dd80d410000741968d80d41 } | |
| $a_6 = { 558bec565733f6ff750cff7508e86039 } | |
| $a_7 = { 558bec833d40e24000ff744b837d0800 } | |
| $a_8 = { 558bec33c08b4d083b0cc550ac400074 } | |
| $a_9 = { 558bec8b4508a3fcfb4000a300fc4000 } | |
| $a_10 = { 558bec83ec10ff75088d4df0e8029bff } | |
| $a_11 = { 558bec8b450833c93b04cdc0e0400074 } | |
| $a_12 = { 558bec8b45088b0dcca3400056395004 } | |
| $a_13 = { 558bec568b7508b850e240003bf07222 } | |
| $a_14 = { 558bec56e85ff9ffff8bf085f60f8432 } | |
| $a_15 = { 558bec83ec10ff750c8d4df0e822b6ff } | |
| $a_16 = { 558bec6afe6828c74000685041400064 } | |
| $a_17 = { 558bec6afe6808c74000685041400064 } | |
| $a_18 = { 558bec8b4508e895ffffff68c8000000 } | |
| $a_19 = { 558bec8b4508568d34c580ec4000833e } | |
| $a_20 = { 558bec8b4508b950e240003bc1721f3d } | |
| $a_21 = { 558bec8b450883f8fe7518e85c95ffff } | |
| $a_22 = { 558bece8c4070000ff7508e80d060000 } | |
| $a_23 = { 558b3383c304899dd8fdffffe8d6adff } | |
| $a_24 = { 558bec8b4508a310fc40005dc38bff55 } | |
| $a_25 = { 558bec8b4508a334f240005dc38bff55 } | |
| $a_26 = { 558bece8c41a000085c0740750e87c1c } | |
| $a_27 = { 558becff3534f24000ff1544a1400085 } | |
| $a_28 = { 558bec837d08007515e8cea2ffffc700 } | |
| $a_29 = { 558bec51833dd0ee4000fe7505e80b06 } | |
| $a_30 = { 558becb8e41a0000e834330000a104e0 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Deselia_fc27db025e1a6acc79f7227888b2f5cd35f0d2363873db2dace96753968c34bc { | |
| strings: | |
| $a_2 = { 558bec81ec28030000a3a8450010890d } | |
| $a_3 = { 558bec51538bda8bc18945fc85db7446 } | |
| $a_4 = { 558bec81ec1405000033c06806020000 } | |
| $a_5 = { 558bec81ec30010000578bfa894dfc83 } | |
| $a_6 = { 558bec33c039450c750e3905a0440010 } | |
| $a_7 = { 558bec8b5508535633f63bd65774078b } | |
| $a_8 = { 558bec83e4f881ec28020000535633c0 } | |
| $a_9 = { 558bec51b97b0100008da42400000000 } | |
| $a_10 = { 558becff4d0c75088b4508a3c4470010 } | |
| $a_11 = { 558bec837d0c017505e81a0300005de9 } | |
| $a_12 = { 558bec81eca404000033c06806020000 } | |
| $a_13 = { 558bb94d7f52612f1c2c1893a7784ca1 } | |
| $a_14 = { 558bec5356576a006a0068cf13001051 } | |
| condition: | |
| 11 of them | |
| } | |
| rule BackdoorWin32Detarmal_7e20cdec9c6eab8975a20a34b8441c1aa2a6f7af6ebcbc752f586a01afdf40ca { | |
| strings: | |
| $a_2 = { 558b6c2428565785ed895c2428750a5f } | |
| $a_3 = { 558bec83ec10566a066a016a02e84230 } | |
| $a_4 = { 558bec6aff6840b340006838a9400064 } | |
| $a_5 = { 558bec83ec108a450c68002000008845 } | |
| $a_6 = { 558bec83ec0c538a5d0c84db750d6a04 } | |
| $a_7 = { 558bec5633f65656565656568d450856 } | |
| $a_8 = { 558becb80c200000e8147100005333db } | |
| $a_9 = { 558bec53568b750c5732dbff366a0068 } | |
| $a_10 = { 558bec81ec5001000053568b750883cb } | |
| $a_11 = { 558bec83ec148d45fc56508d45ec50c7 } | |
| $a_12 = { 558bec5153568b750c5783c9ff33c08d } | |
| $a_13 = { 558bec51568b750c807e0400752e8d45 } | |
| $a_14 = { 558b6c240c568bd9578b45048b750089 } | |
| $a_15 = { 558bec568b7508ff7604ff36ff760cff } | |
| $a_16 = { 558bec81ec08010000833d88dd400000 } | |
| $a_17 = { 558beca1dcde4000538b5d0c5657a3e0 } | |
| $a_18 = { 558bec5633f6ff157cb140003d000000 } | |
| $a_19 = { 558bec83ec288065ff00535657ff7508 } | |
| $a_20 = { 558bec83ec448b450853568b353cb240 } | |
| $a_21 = { 558bec81ec80010000837d0800538b5d } | |
| $a_22 = { 558bec83ec0c568b7514833e000f8482 } | |
| $a_23 = { 558bec0fb6450883e800742848741e48 } | |
| $a_24 = { 558bec83ec0c538365fc0056578b7d14 } | |
| $a_25 = { 558bec5166833d7cdd400000740966ff } | |
| $a_26 = { 558bec81ec08010000a1dcde4000568b } | |
| $a_27 = { 558bcee8a4feffff8b6804578bcee899 } | |
| $a_28 = { 558bec5356578b7d108d34bd84e44000 } | |
| $a_29 = { 558bec83ec2c5332dbff7508ff1588b0 } | |
| $a_30 = { 558bec83ec345356578b7d1083c9ff33 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Dodiw_1ba51ad3000d73770720245b50688837579f05e2d555d7bda790adef40d20d44 { | |
| strings: | |
| $a_2 = { 558b88ab4d5808d2104663a1bd6a2d2c } | |
| $a_3 = { 558b4a8e2af92ffe2ae43ef35cf53f8d } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Dokstormac_5a2da25adf30dde4b775ab0ccd11e0cef3a48ce8dfca4c995a3426191f14ac37 { | |
| strings: | |
| $a_2 = { 558bec83ec28538b5d0856578bf9895d } | |
| $a_3 = { 558bec515356e868f5ffff8bf0ff7650 } | |
| $a_4 = { 558bec566a1068e0da0202ff750ce8ba } | |
| $a_5 = { 558bf521378625070b58398e9c3745f9 } | |
| $a_6 = { 558bec83ec1c56bef8ca02028b066a02 } | |
| $a_7 = { 558bec6aff6890d2020268101c010264 } | |
| $a_8 = { 558bec6aff6860d2020268101c010264 } | |
| $a_9 = { 558bec6aff68f0d2020268101c010264 } | |
| $a_10 = { 558bec5151568bf1578b3d34a002028b } | |
| $a_11 = { 558bec83ec34e84c4100008945fc8b40 } | |
| $a_12 = { 558b1acc1221d360e5d040fe5801147f } | |
| $a_13 = { 558b8fb98a70ae7e6685b2be918cf8f6 } | |
| $a_14 = { 558bec5151538365fc00568bf157518b } | |
| $a_15 = { 558bec5151568bf1578b3d28a002028b } | |
| $a_16 = { 558b13d6e5c6ac462f00f0a63734334d } | |
| $a_17 = { 558bdabe9791f3a236a4be8315766ddf } | |
| $a_18 = { 558bec515153568b3510940302578b56 } | |
| $a_19 = { 558bec5657ff75088b3de8a20202ffd7 } | |
| $a_20 = { 558bec6aff6878d2020268101c010264 } | |
| $a_21 = { 558bec51833d04c6030200535657751d } | |
| $a_22 = { 558bec6aff68b8d2020268101c010264 } | |
| $a_23 = { 558bc435e55aac07f20ae01e2a0a85e1 } | |
| $a_24 = { 558becb82c120000e8c2b2ffff8d8568 } | |
| $a_25 = { 558bec5151568bf1578b3d74a002028b } | |
| $a_26 = { 558bec83ec4053568b3580a00202576a } | |
| $a_27 = { 558bec6aff68b8d0020268101c010264 } | |
| $a_28 = { 558bec6aff6878d8020268101c010264 } | |
| $a_29 = { 558bec83ec10681b430202b940be0302 } | |
| $a_30 = { 558bec83ec2c5356578bf1e89ee0ffff } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Dorbop_ce3653e7a818ba0c58a49c3019bbc0543dac1745c6f35d0c48c1bfd42a70a6c9 { | |
| strings: | |
| $a_2 = { 558bec5157ff15c45145008bf833c085 } | |
| $a_3 = { 558bec5657e8425cfeff8db09c000000 } | |
| $a_4 = { 558bec81ec0c010000a12878460033c5 } | |
| $a_5 = { 558bec83ec48894df88b4df883c154e8 } | |
| $a_6 = { 558bec8b4508c701b87845008b008941 } | |
| $a_7 = { 558becff7514a11ccf46003305287846 } | |
| $a_8 = { 558becb940a44600e86327fbff5dc3cc } | |
| $a_9 = { 558bec83ec1c894dfc8b45fc83781400 } | |
| $a_10 = { 558bec68e857450068a8574500ff1594 } | |
| $a_11 = { 558bec68f86f450068a8574500ff1594 } | |
| $a_12 = { 558becb938a44600e87340fbff68504e } | |
| $a_13 = { 558bec51518b4d0c568b018b7508683c } | |
| $a_14 = { 558bec6aff685629450064a100000000 } | |
| $a_15 = { 558bec8d450c50ff7508e8307c000059 } | |
| $a_16 = { 558bec51894dfc8b450c50e820030000 } | |
| $a_17 = { 558bec518b45088338027502eb466a01 } | |
| $a_18 = { 558bec568bf1c706b8784500e8770000 } | |
| $a_19 = { 558bec6aff68182d450064a100000000 } | |
| $a_20 = { 558bec680858450068a8574500ff1594 } | |
| $a_21 = { 558bec83ec0c56894dfc8b4dfce82efd } | |
| $a_22 = { 558bec83ec0c6a008d45f8506a00683f } | |
| $a_23 = { 558becff750c6a0a6a00ff7508e89688 } | |
| $a_24 = { 558bec6afe687052460068b0c9410064 } | |
| $a_25 = { 558bec51a12878460033c58945fc8b4d } | |
| $a_26 = { 558beca1fcce46003305287846007408 } | |
| $a_27 = { 558bec6aff68f825450064a100000000 } | |
| $a_28 = { 558bec83ec0c894dfc8b4dfce8eff9ff } | |
| $a_29 = { 558bec83ec10ff75088d4df0e86af6fe } | |
| $a_30 = { 558bec81ec200d0000a12878460033c5 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Dougat_e5a33efb3f9a55cd2dbe7ce506c6214eae4e37cc41e3d06a570b10099d4046f3 { | |
| strings: | |
| $a_2 = { 558bec81ec0401000056578b7d0c8d85 } | |
| $a_3 = { 558bec81ec1402000053566a01e897fe } | |
| $a_4 = { 558bec81ec680100005356576a1033db } | |
| $a_5 = { 558bec81ec4c03000053568d85f8feff } | |
| $a_6 = { 558bec83ec1c56576a018d45fc5f8bf1 } | |
| $a_7 = { 558bec81ec9c050000a1f84040005356 } | |
| $a_8 = { 558bec81ec7807000057b9a700000033 } | |
| $a_9 = { 558bec81ec6c050000566828414000ff } | |
| $a_10 = { 558becff750cff15603040008b4d0880 } | |
| $a_11 = { 558bec81ecac060000568b750c85f60f } | |
| $a_12 = { 558bec83ec145356578bf168e8404000 } | |
| $a_13 = { 558bec81ec8c04000053566814414000 } | |
| $a_14 = { 558bec81ec48020000565780a5b8fdff } | |
| $a_15 = { 558bec51837d08005356570f84260100 } | |
| $a_16 = { 558bec81ec3c02000056576a0cbe7041 } | |
| $a_17 = { 558bec81ec6c050000536824414000ff } | |
| $a_18 = { 558bec83ec0c568bf16a088d460c50e8 } | |
| $a_19 = { 558bec6aff68d031400068e22e400064 } | |
| $a_20 = { 558bec81ec20020000538d45fc565033 } | |
| condition: | |
| 16 of them | |
| } | |
| rule BackdoorWin32Doumol_1c2b06da812090333b40e2b4f168b69f8727d09f0c622787e849449689bf7322 { | |
| strings: | |
| $a_2 = { 558bec538b5d083b1df0ca4700743653 } | |
| $a_3 = { 558bec51535684d2740883c4f0e896bc } | |
| $a_4 = { 558bec6a00538bd833c055683fef4100 } | |
| $a_5 = { 558bec33c05568b1ec420064ff306489 } | |
| $a_6 = { 558bf28bd833ff8bc3e8f707ffff508b } | |
| $a_7 = { 558bec8b450883c00450e8a9b5ffff5d } | |
| $a_8 = { 558bec83c4f85356578945fca1388047 } | |
| $a_9 = { 558bec5633f6f6c21074195150e8fab2 } | |
| $a_10 = { 558bec33c0556835f0460064ff306489 } | |
| $a_11 = { 558bec83c4f4a1840e4800e8984dfeff } | |
| $a_12 = { 558bec6a006a00538bd833c055687c3f } | |
| $a_13 = { 558bec83c4f4535657a1740b48008b10 } | |
| $a_14 = { 558bec538b5d14b201a154e74400e891 } | |
| $a_15 = { 558bec51568bf06a208bcaa17c9e4100 } | |
| $a_16 = { 558bec83c4f8538945fc8b45fcc64010 } | |
| $a_17 = { 558bec33c05568e71e430064ff306489 } | |
| $a_18 = { 558bec33c0556889ee420064ff306489 } | |
| $a_19 = { 558bec83c4f4538955fce8e94dfeff8b } | |
| $a_20 = { 558bec33c055684a91410064ff306489 } | |
| $a_21 = { 558bec538b5d083b1df0ca4700744aa1 } | |
| $a_22 = { 558bec33c0556811dd460064ff306489 } | |
| $a_23 = { 558bec6a00538bd833c0556877764300 } | |
| $a_24 = { 558bec6a0033c055685e60420064ff30 } | |
| $a_25 = { 558bc3e821f8ffff59eb0c55b8802441 } | |
| $a_26 = { 558bec33c055681532420064ff306489 } | |
| $a_27 = { 558bc7e8b2d9ffff50e8a8e7fdff83c4 } | |
| $a_28 = { 558be8a1d80e4800e8506a00008bf04e } | |
| $a_29 = { 558bec33c055680596450064ff306489 } | |
| $a_30 = { 558bec33c055688dce460064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Drateam_d1403cec010a4064769b9b7712301a1090d5860f7f823831d9c270a9544acd0b { | |
| strings: | |
| $a_2 = { 558bec33c055689d59400064ff306489 } | |
| $a_3 = { 558bec81c4ecfdffff53565733d28995 } | |
| $a_4 = { 558bec83c4f8e859caffff8855fb8945 } | |
| $a_5 = { 558bec518945fc8b45fce84d24ffff33 } | |
| $a_6 = { 558bec5356578bd833c0556803014100 } | |
| $a_7 = { 558bec33c055687166400064ff306489 } | |
| $a_8 = { 558bec33c055681897400064ff306489 } | |
| $a_9 = { 558bec33c05568a13d410064ff306489 } | |
| $a_10 = { 558bec515356578bd8c645ff0033c055 } | |
| $a_11 = { 558bec33c055682994400064ff306489 } | |
| $a_12 = { 558b533452e8ccf8ffff897368897358 } | |
| $a_13 = { 558bec8b55088b450c8b4d10e89f65ff } | |
| $a_14 = { 558bec53565733c05568d516410064ff } | |
| $a_15 = { 558bec5153568945fc8b45fc83782800 } | |
| $a_16 = { 558bec52508b450850516a00a1ac6541 } | |
| $a_17 = { 558bec83c4f0538bd833c0a3b4654100 } | |
| $a_18 = { 558bec33c05568ed79400064ff306489 } | |
| $a_19 = { 558bec33c055680dbd400064ff306489 } | |
| $a_20 = { 558bec68b8674100e843e2ffff33c055 } | |
| $a_21 = { 558bec518945fc8b45fce8f588ffff33 } | |
| $a_22 = { 558bec83c4f8535657be246641008b46 } | |
| $a_23 = { 558bec33c055686906410064ff306489 } | |
| $a_24 = { 558bec33c055680693400064ff306489 } | |
| $a_25 = { 558bec6a006a00538bd833c05568ecab } | |
| $a_26 = { 558bec53565733db33d2556889404100 } | |
| $a_27 = { 558bec33c05568f568400064ff306489 } | |
| $a_28 = { 558bec538b5d085368b2d7000068bc2f } | |
| $a_29 = { 558bec33c055683106410064ff306489 } | |
| $a_30 = { 558bec83c4f40fb705105041008945f8 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Dridex_10eb9f06a1fa57d2af6bbb958f6a05406e4a84fceb138f19b3a17f03784fd8b5 { | |
| strings: | |
| $a_2 = { 558b3c51f5e61320aebba8397841915c } | |
| $a_3 = { 558bac2dfa62b6ea0955a1e1aa706d4e } | |
| $a_4 = { 558b81bb08f6d6759ac3af361301b193 } | |
| $a_5 = { 558b1a3b046ba5d68a8b4ac13c407461 } | |
| $a_6 = { 558b092a9c0afb7bf4a6cc35ceaf9ffb } | |
| $a_7 = { 558b3c3c894d27fc2e5d2653c584f3e5 } | |
| condition: | |
| 6 of them | |
| } | |
| rule BackdoorWin32Drixed_3c3b653443adf8b1b1cda39d54c0c57a330a34820022a002a76982796e02fe33 { | |
| strings: | |
| $a_2 = { 558bca545250666fa6cbb0d4cba836b4 } | |
| $a_3 = { 558b4c19945f088b4a5473c09cc781ea } | |
| $a_4 = { 558b83bfc248dfedeed1b8d4a0934b2d } | |
| $a_5 = { 558bff196d1dd07b75a8834791472e78 } | |
| $a_6 = { 558bcb545250636fa6cbacd4cba832b4 } | |
| $a_7 = { 558bc7545220e26fa67829d4bc543324 } | |
| $a_8 = { 558b2de048c2548279a76f764a78d6b3 } | |
| condition: | |
| 6 of them | |
| } | |
| rule BackdoorWin32Dropegg_5ab10dda548cb821d7c15ebcd0a9f1ec6ef1a14abcc8ad4056944d060c49535a { | |
| strings: | |
| $a_2 = { 5589e551578b7d08897d08c745fcffff } | |
| $a_3 = { 5589e557e81282000083f800750ab8ff } | |
| $a_4 = { 5589e5578b7d08897d08ff750ce83fcc } | |
| $a_5 = { 5589e55150535657c745fc00000000ff } | |
| $a_6 = { 5589e5515657c745fc00000000eb328b } | |
| $a_7 = { 5589e551535657c745fc00000000eb18 } | |
| $a_8 = { 5589e581ec54020000576a026a006a00 } | |
| $a_9 = { 5589e581ec0c01000057c745f4000000 } | |
| $a_10 = { 5589e55153578b7d08897d08ff750ce8 } | |
| $a_11 = { 5589e581ec8c00000056578b7d08897d } | |
| $a_12 = { 5589e581ec8809000057c7857cf6ffff } | |
| $a_13 = { 5589e56aff681ce04000689a10400050 } | |
| $a_14 = { 5589e581ec2c0600005356578dbde5fb } | |
| $a_15 = { 5589e583ec305657c745fc00000000eb } | |
| $a_16 = { 5589e581ec1403000057c785ecfdffff } | |
| $a_17 = { 5589e5576a016829ec4000e878b3ffff } | |
| $a_18 = { 5589e551505357c745fc00000000ff75 } | |
| $a_19 = { 5589e581ec4001000053578dbdc0feff } | |
| $a_20 = { 5589e583ec58535657c745b800000000 } | |
| $a_21 = { 5589e581ec9001000056578b7d14897d } | |
| $a_22 = { 5589e581ec4401000057c785bcfeffff } | |
| $a_23 = { 5589e581ec80000000578b7d08897d08 } | |
| $a_24 = { 5589e583ec305657c745d000000000c7 } | |
| $a_25 = { 5589e557c70500cc400030000000c705 } | |
| $a_26 = { 5589e581ec8004000056578b7d08897d } | |
| $a_27 = { 5589e581ec0801000057c7857cffffff } | |
| $a_28 = { 5589e583ec10578b7d08897df08d3dfe } | |
| $a_29 = { 5589e55150535657ff7508e890920000 } | |
| $a_30 = { 5589e581ec4401000057c745fc000000 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Duetag_35c42c173c4b150ad28e61dc39fe965ce38d058ce3c298ad49e24093add20ad0 { | |
| strings: | |
| $a_2 = { 558bce31077c0706bc59d39cece42c09 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Dumador_53998bfa06272154584fd0ef0b14a8e7ab5b2fa992714140fc9cd4e5b76a688d { | |
| strings: | |
| $a_2 = { 558bec6a136800000000c3c804000081 } | |
| $a_3 = { 558bec83ec246800000000c3e858f1ff } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Dunsenr_cfb5b242016a70e1c92a5929553fecb63a27614e1f8a51f7dc8b58c7462da106 { | |
| strings: | |
| $a_2 = { 558bf12b08c35850baa4c98dba7e0b43 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Dusenr_f9d17ec9f1f4c0184db85c41a45ac8c90c4fa9a208b34116b08f2d9f22f73024 { | |
| strings: | |
| $a_2 = { 558bec21451c53d85d18a0a6f7f3a0be } | |
| $a_3 = { 558b057f1d52a99722f8741cc2822a3e } | |
| $a_4 = { 558b5d9b14aab9af522f90688e578f36 } | |
| $a_5 = { 558b596730c71dd325cfa802fec7c01d } | |
| $a_6 = { 558b137500194da4452800af3dd5249c } | |
| condition: | |
| 5 of them | |
| } | |
| rule BackdoorWin32Dvbkd_d923d37e5729674712f0633fdc5b22d58e235e1e173e7d5baac430edb791054c { | |
| strings: | |
| $a_2 = { 5589e553565768ba82400068bc824000 } | |
| $a_3 = { 5589e583ec605356578b45088945a0b9 } | |
| $a_4 = { 5589e581ec88000000535657c7857cff } | |
| $a_5 = { 5589e5578b7d086a0368b583400057e8 } | |
| $a_6 = { 5589e551505356578b75088b5d0c31ff } | |
| $a_7 = { 5589e583ec105356578b450c6689450c } | |
| $a_8 = { 5589e55356578b5d08e8ae1a000050e8 } | |
| $a_9 = { 5589e581ec080400005356578b5d08b9 } | |
| $a_10 = { 5589e581ecd0000000535657c78540ff } | |
| $a_11 = { 5589e581ec8400000053565731dbc745 } | |
| $a_12 = { 5589e55356578b5d088b750c39f37501 } | |
| $a_13 = { 5589e551568b7508c645ff6109f67507 } | |
| $a_14 = { 5589e581ec04040000535657c785fcfb } | |
| $a_15 = { 5589e581ecf0090000535657837d0800 } | |
| $a_16 = { 5589e581ec980000005356578b5d088b } | |
| $a_17 = { 5589e583ec145356578b450c8d0883c8 } | |
| $a_18 = { 5589e55356578b7d0831f66a3aff750c } | |
| $a_19 = { 5589e5578b7d08688b83400057e83d19 } | |
| $a_20 = { 5589e556578b75088b3eeb038b7f7c8b } | |
| $a_21 = { 5589e583ec54578b7d08803f00750431 } | |
| $a_22 = { 5589e56aff6814804000689a10400050 } | |
| $a_23 = { 5589e581ecb80100005356578d7df28d } | |
| $a_24 = { 5589e583ec485356578b75088b7d0c8b } | |
| $a_25 = { 5589e583ec0c5356578b75088b5d0c31 } | |
| $a_26 = { 5589e5578b7d0868b80b0000e8402800 } | |
| $a_27 = { 5589e551505356578d7dfd8d35308040 } | |
| $a_28 = { 5589e581ece00f0000535657c785f4fb } | |
| $a_29 = { 5589e581ec04040000535657b9000100 } | |
| $a_30 = { 5589e583ec2c5356578b450c8d0883c8 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Easydor_8c9ec7c9f216c39bde3baf99307264c14fd2b3e641532c50194ff6f4166c96a4 { | |
| strings: | |
| $a_2 = { 5589e55150535657e88c790000394508 } | |
| $a_3 = { 558b5d0c8b4508a38ce04d00891d90e0 } | |
| $a_4 = { 5589e55157e8aa00000089c7803f2275 } | |
| $a_5 = { 5589e5b818000400e820550000535657 } | |
| $a_6 = { 5589e551505356578b750c8365f80083 } | |
| $a_7 = { 5589e583ec0c578b7d08807f4004752e } | |
| $a_8 = { 5589e5518b450866894508833db8f34d } | |
| $a_9 = { 5589e583ec285356578b5d0c8b451466 } | |
| condition: | |
| 7 of them | |
| } | |
| rule BackdoorWin32Ecltys_4c7f0b7e9c1525553cf8abbeca8f3ed5630f6c9c9353f740bd17e28c456bfdde { | |
| strings: | |
| $a_2 = { 558bec51568b750c56e84bf0ffff8945 } | |
| $a_3 = { 558bec8b450883f8fe7518e87996ffff } | |
| $a_4 = { 558bec83ec0ca14070420033c58945fc } | |
| $a_5 = { 558bec6aff683515420064a100000000 } | |
| $a_6 = { 558b6c240c894424048944240c3be875 } | |
| $a_7 = { 558becff7508ff35fc784200ff154021 } | |
| $a_8 = { 558bec535657e8a49bffff83b80c0200 } | |
| $a_9 = { 558bec5151a14070420033c58945fca1 } | |
| $a_10 = { 558bec56ff75088bf1e8f84cffffc706 } | |
| $a_11 = { 558bec83ec10a14070420033c58945fc } | |
| $a_12 = { 558bec83ec74a14070420033c58945fc } | |
| $a_13 = { 558bec5356576a006a00680754410051 } | |
| $a_14 = { 558bec8b45085633f63bc6751de806ed } | |
| $a_15 = { 558bec83ec0c5333db5657391d54fb42 } | |
| $a_16 = { 558bec5de92f0e00008bff558bec568b } | |
| $a_17 = { 558b6c241056578bf1396b147305e882 } | |
| $a_18 = { 558bec515156e87befffff8bf085f60f } | |
| $a_19 = { 558bec5de9701b0000ccff25e4214200 } | |
| $a_20 = { 558bec83ec10ff75088d4df0e832f9fe } | |
| $a_21 = { 558bec568b3544cf4200eb215750ff75 } | |
| $a_22 = { 558bec83ec1053ff75108d4df0e87ce3 } | |
| $a_23 = { 558bec538b5d08568bf1c706d8224200 } | |
| $a_24 = { 558bec833dfcce42000075148b45088b } | |
| $a_25 = { 558bec8b45085633f63bc6751de8480f } | |
| $a_26 = { 558bec8b45085633f63bc6751ce80e27 } | |
| $a_27 = { 558bece8e4480000ff7508e831470000 } | |
| $a_28 = { 558beca108d5420083ec0c53568b3590 } | |
| $a_29 = { 558bec83ec10a148d542005333db568b } | |
| $a_30 = { 558bec568b7508b8207942003bf07222 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32EHDoor_0210148467196b6060cda96cc931703c790319ef37dcfa96d40e1434162226f4 { | |
| strings: | |
| $a_2 = { 558bec83e4f883ec4ca10490400033c4 } | |
| $a_3 = { 558bec33c08b4d083b0cc5206a400074 } | |
| $a_4 = { 558bec5356576a005268464d400051e8 } | |
| $a_5 = { 558bec83ec10ff75088d4df0e808efff } | |
| $a_6 = { 558becff35549e4000ff157460400085 } | |
| $a_7 = { 558bec8b4508ff34c5d0914000ff1548 } | |
| $a_8 = { 558bec8b45088b0d2c6c400056395004 } | |
| $a_9 = { 558bec8b4508a344a840005dc38bff55 } | |
| $a_10 = { 558bec5153568b7508578b3d14614000 } | |
| $a_11 = { 558bec8b4508a34ca840005dc38bff55 } | |
| $a_12 = { 558bec535657556a006a0068d8594000 } | |
| $a_13 = { 558bec8b4508a330a84000a334a84000 } | |
| $a_14 = { 558bec833d90ab40000074196890ab40 } | |
| $a_15 = { 558bec833d289b4000017505e8920900 } | |
| $a_16 = { 558becb808180000e8e3480000a10490 } | |
| $a_17 = { 558bec6afe687085400068f02f400064 } | |
| $a_18 = { 558bec515668187a4000ff15c0a84000 } | |
| $a_19 = { 558bec6884614000ff157860400085c0 } | |
| $a_20 = { 558bec83ec10ff75088d4df0e8dbedff } | |
| $a_21 = { 558bec83ec4c568d45b450ff15586040 } | |
| $a_22 = { 558bec53568b35b4604000578b7d0857 } | |
| $a_23 = { 558bec565733f6ff7508e8a21100008b } | |
| $a_24 = { 558bec5153568b357460400057ff3588 } | |
| $a_25 = { 558bec8b450c2d10010000742648750f } | |
| $a_26 = { 558bec565733f6ff750cff7508e82412 } | |
| $a_27 = { 558bec837d08007515e8b6cfffffc700 } | |
| $a_28 = { 558bec83ec30568b35106140006a6b50 } | |
| condition: | |
| 22 of them | |
| } | |
| rule BackdoorWin32EliteSpyz_18aea439753add5da2e93e338d0ac57f77d13eb0240065c3c115e8e24ab83076 { | |
| strings: | |
| $a_2 = { 558b08286829a211c312fb90c112c680 } | |
| $a_3 = { 558b886105e573b42af526b6fc3fa22e } | |
| $a_4 = { 558bec83ec08680624400064a1000000 } | |
| $a_5 = { 558b31c50059813907b77340161f6aa9 } | |
| $a_6 = { 558bef786f9306cd34966c80c773a723 } | |
| $a_7 = { 558b0b67205fedc9465329365a07e507 } | |
| $a_8 = { 558b40d890920f01bfc6a68e42003d7b } | |
| $a_9 = { 558b607253d1c54985d3c734d36112bc } | |
| $a_10 = { 558bec83ec14680624400064a1000000 } | |
| $a_11 = { 558b3b8f2b469e3538766dbf81ff0026 } | |
| $a_12 = { 558bec83ec18680624400064a1000000 } | |
| $a_13 = { 558b240232d81b9bafd29264e4f1c575 } | |
| $a_14 = { 558bd1342beb069af8c34e7d5299e23c } | |
| $a_15 = { 558b74c7d41cf353c14b8ee2189d4491 } | |
| $a_16 = { 558b448ebe7703e78a240b468c2c400f } | |
| $a_17 = { 558bec83ec0c64a10000000068062440 } | |
| $a_18 = { 558bec83ec0c680624400064a1000000 } | |
| condition: | |
| 14 of them | |
| } | |
| rule BackdoorWin32Escad_8a16418d2d8a350fd75b3ee3e6516147286b388975e5dd3dc1e4685dbec42719 { | |
| strings: | |
| $a_2 = { 558bec6afe684823031068e061011064 } | |
| $a_3 = { 558bec81ecfc010000a15041031033c5 } | |
| $a_4 = { 558bec56fc8b750c8b4e0833cee864eb } | |
| $a_5 = { 558bec81ec5c020000a15041031033c5 } | |
| $a_6 = { 558bec8b450857bf90785634c7017856 } | |
| $a_7 = { 558bec8b4508ff34c5b04e0310ff1554 } | |
| $a_8 = { 558b6b1c55e8111b00008b45148b4b10 } | |
| $a_9 = { 558bec8b450833c93bc1763783f80276 } | |
| $a_10 = { 558bec51568b750c56e8bd6d00008945 } | |
| $a_11 = { 558bec568bf1c70654c30210e8225401 } | |
| $a_12 = { 558bec83ec14a15041031033c58945fc } | |
| $a_13 = { 558bec53568b75088bd9578b3b85ff75 } | |
| $a_14 = { 558bec83ec1053ff75108d4df0e8cdf2 } | |
| $a_15 = { 558bec8b45108b4d0c8b550803c003c0 } | |
| $a_16 = { 558bec81ec80000000a15041031033c5 } | |
| $a_17 = { 558bec33c08b4d083b0cc540dc021074 } | |
| $a_18 = { 558bec81ec80060000a15041031033c5 } | |
| $a_19 = { 558bec83ec20a15041031033c58945fc } | |
| $a_20 = { 558bec568bf1e8c3eefefff645080174 } | |
| $a_21 = { 558b6c240c5685ed570f84020900008b } | |
| $a_22 = { 558bec6aff68ebbb021064a100000000 } | |
| $a_23 = { 558bec83ec105356576a168bf1e8cef1 } | |
| $a_24 = { 558bec83ec0c56576a1f8bf1e87feeff } | |
| $a_25 = { 558bec833d5cab03100056757933c039 } | |
| $a_26 = { 558bec81ec28030000a308a90310890d } | |
| $a_27 = { 558becb838180000e893880000a15041 } | |
| $a_28 = { 558bec8b45088b0885c974138b55108b } | |
| $a_29 = { 558bec81ec80020000a15041031033c5 } | |
| $a_30 = { 558bec33c039055cab03107530394508 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Etap_6bd4e33c0e8cdfd6fb07b95a12a339becd649472ea008b4e70ee7cda7688b8d2 { | |
| strings: | |
| $a_2 = { 558b460183e0388b1781e200ffffff03 } | |
| $a_3 = { 558b0725ff00000083f842741b83f84f } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Etumbot_bd4f3f4ff2d2f84af34c346fb430b8cf850f74f89cf50dbd341f4fb9082656a2 { | |
| strings: | |
| $a_2 = { 558bec6aff6850c2400068009c400064 } | |
| $a_3 = { 558bc18bf1c1f80583e61f8d3c8540ef } | |
| $a_4 = { 558bec51894dfc6858d04000e8825300 } | |
| $a_5 = { 558becb814360000e87b2b000057898d } | |
| $a_6 = { 558bec81ec40030000898dc0fcffffc7 } | |
| $a_7 = { 558bec81ec1803000057898de8fcffff } | |
| $a_8 = { 558becb800500000e84822000057898d } | |
| $a_9 = { 558bec83ec10894df0c745f40c000000 } | |
| $a_10 = { 558bec6aff68a8c5400068009c400064 } | |
| $a_11 = { 558bec6aff6860c5400068009c400064 } | |
| $a_12 = { 558bec6aff6828c2400068009c400064 } | |
| $a_13 = { 558bec6aff68f0c1400068009c400064 } | |
| $a_14 = { 558bec81ecec03000057c68514fcffff } | |
| $a_15 = { 558bec81ec7004000057898d90fbffff } | |
| $a_16 = { 558bec81ec0c010000898df4feffff83 } | |
| $a_17 = { 558bec51515333db391d48f040005657 } | |
| $a_18 = { 558bec5151833d50eb40000056577421 } | |
| $a_19 = { 558bec535657556a006a0068346f4000 } | |
| $a_20 = { 558bec81ec140100005357898decfeff } | |
| $a_21 = { 558bec83ec08894df868001000006a00 } | |
| $a_22 = { 558bec6aff6870c1400068009c400064 } | |
| $a_23 = { 558bec81ec30030000898dd0fcffffc7 } | |
| $a_24 = { 558bec81eca804000057898d58fbffff } | |
| $a_25 = { 558bec81ec60030000898da0fcffffc7 } | |
| $a_26 = { 558bec83ec1c894de46800100000e8ed } | |
| $a_27 = { 558bec81ec8006000057898d80f9ffff } | |
| $a_28 = { 558becb824320000e8903c0000565789 } | |
| $a_29 = { 558bec6aff6838c2400068009c400064 } | |
| $a_30 = { 558bec6aff6818c2400068009c400064 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Exsorv_b38c840b5fb8120b392001d94232443b4b9769b302f0f88a5c93bb7b8976f106 { | |
| strings: | |
| $a_2 = { 558bec538d450ce8208bf8ff8b451c85 } | |
| $a_3 = { 558bec53565784d2740883c4f0e8e295 } | |
| $a_4 = { 558b45fce8f689feffe8f1feffff5988 } | |
| $a_5 = { 558bec6a005333c055681af7400064ff } | |
| $a_6 = { 558bfa8bf08bd78bc6e804b8f8ff8bc7 } | |
| $a_7 = { 558bec33c055686937430064ff306489 } | |
| $a_8 = { 558bec83ec6ca1c481b157568b750857 } | |
| $a_9 = { 558b45fc8b8024040000e841e7feff8b } | |
| $a_10 = { 558bec6a00538bd833c055683ba34800 } | |
| $a_11 = { 558b45a08d55a45268a03aa55750ffd7 } | |
| $a_12 = { 558bec33c055687b684a0064ff306489 } | |
| $a_13 = { 558bd78b86d0010000e8d510fcffe8c0 } | |
| $a_14 = { 558bec5153565733c08945fca1acac49 } | |
| $a_15 = { 558bec33c0556899f6490064ff306489 } | |
| $a_16 = { 558bec6a0033c05568c604410064ff30 } | |
| $a_17 = { 558bec83c4c453565733db895dfc895d } | |
| $a_18 = { 558bec6a006a00538bd833c055687440 } | |
| $a_19 = { 558bec5633f6f6c21074195150e8129a } | |
| $a_20 = { 558bec51535684d2740883c4f0e8fe23 } | |
| $a_21 = { 558bec33c9515151515133c055682c37 } | |
| $a_22 = { 558bec538bd8833dccc84a0012753a83 } | |
| $a_23 = { 558bec8b45088b40f08b15e4dd4500e8 } | |
| $a_24 = { 558bec5356578bf88bc7e8915600008b } | |
| $a_25 = { 558bec53565784d2740883c4f0e85aec } | |
| $a_26 = { 558bec515356578945fc33c055684ca4 } | |
| $a_27 = { 558bec51535657a1d0c74a0085c07451 } | |
| $a_28 = { 558bec53568bf033dbe8fa34feff8b15 } | |
| $a_29 = { 558bec83c4f4538bd852e8c583ffff89 } | |
| $a_30 = { 558bec83c4ec5356578bd8e8d830feff } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Fakedoor_256e4be3a35386e84e04a734afbf14ec9e3c52a45de428c490f85e8c0105783a { | |
| strings: | |
| $a_2 = { 558be8ceb10d2f81eed73de2106823ee } | |
| $a_3 = { 558b754c95fbb5c7d55df59c160d368c } | |
| $a_4 = { 558bc5e638ee29e347609808e46ef375 } | |
| $a_5 = { 558b58d623c2c2cfaef1c25920b68362 } | |
| $a_6 = { 558b43b5586d5c3c7e40a915d9715158 } | |
| condition: | |
| 5 of them | |
| } | |
| rule BackdoorWin32Fakedos_a79f684499fb830c0e6354430a41ef91886a9910f36644c1e9948eaa95014798 { | |
| strings: | |
| $a_2 = { 558bec83ec0868b615400064a1000000 } | |
| $a_3 = { 558bec83ec0c68b615400064a1000000 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Farfli_3bd5c5c27da898cc445c5fe7d73163ae27c540a65fdf290c88b7236fd7c8b7b5 { | |
| strings: | |
| $a_2 = { 558b2dbc310110568db3100200008b06 } | |
| $a_3 = { 558bec6aff68e033011068a828011064 } | |
| $a_4 = { 558b2856576a30ffd3b90001000033c0 } | |
| $a_5 = { 558bf86a008b46648b4e445051ffd78b } | |
| $a_6 = { 558b82a800000050ff155433011085c0 } | |
| $a_7 = { 558bec6aff68e02c011064a100000000 } | |
| $a_8 = { 558be95657896c24148d5d548bcbe8b9 } | |
| $a_9 = { 558bec6aff68102b011064a100000000 } | |
| $a_10 = { 558bec6aff68c033011068a828011064 } | |
| $a_11 = { 558b2df8320110578d5a08897424188b } | |
| $a_12 = { 558b6c240c5783fb018bf97511807d00 } | |
| $a_13 = { 558b2db4310110681467011050ffd553 } | |
| $a_14 = { 558bcb89542420e8a2f3ffff8d442418 } | |
| $a_15 = { 558b6c24188b042e506a0068ff0f1f00 } | |
| $a_16 = { 558bd153c1e902f3a58bca83e103f3a4 } | |
| $a_17 = { 558b2d6c3201106a30ffd583c40453ff } | |
| $a_18 = { 558bd9568b74241057b95d0200008bfb } | |
| $a_19 = { 558bac241422000056578bcd8b85a800 } | |
| $a_20 = { 558b6c2414568b742420578bfb3bde89 } | |
| $a_21 = { 558b2d203001105657c74424145c6301 } | |
| $a_22 = { 558b2d6c3301105066c74424680200ff } | |
| $a_23 = { 558be96a2de8957c00008bd883c40485 } | |
| $a_24 = { 558b431885c00f849c0000008b431489 } | |
| $a_25 = { 558bec6aff68902d011064a100000000 } | |
| $a_26 = { 558b2d10320110803c1e5c752b568d44 } | |
| $a_27 = { 558bac241c0900005785ed0f844f0100 } | |
| $a_28 = { 558bce897e20e85b0400008d44241450 } | |
| $a_29 = { 558bcee835f3ffff85ed740955e86101 } | |
| condition: | |
| 23 of them | |
| } | |
| rule BackdoorWin32Farfli_a4c1898e3699063fa27d20997cb50339287a30272c84659452e643150124dc4b { | |
| strings: | |
| $a_2 = { 558b2d84f340005657a15456420085c0 } | |
| $a_3 = { 558b2dd0f440006a30ffd783c4046a00 } | |
| $a_4 = { 558bac24ac0f00005633db57c6450008 } | |
| $a_5 = { 558b2d6cf34000566a3066c744242402 } | |
| $a_6 = { 558bcfe89f8a000068304041008bcfe8 } | |
| $a_7 = { 558b6c240c578b7c24148bd08ac8c1fa } | |
| $a_8 = { 558b2d9cf3400056ffd50fbed05752ff } | |
| $a_9 = { 558b2dc8f44000894424206a006a016a } | |
| $a_10 = { 558b2dc8f440006a30ffd383c4046a11 } | |
| $a_11 = { 558b2d6cf340006a30ffd583c4046a00 } | |
| $a_12 = { 558bec6aff68d8fe400068faa4400064 } | |
| $a_13 = { 558bc18bf7c1e9028bfa8d9424200100 } | |
| $a_14 = { 558b2d5cf3400089742414b958000000 } | |
| $a_15 = { 558b6c2414568b74241433db578bfd85 } | |
| $a_16 = { 558b6c2410568bcd57c1f9038bf133c0 } | |
| $a_17 = { 558bc18bf78bfac1e902f3a58bc833c0 } | |
| $a_18 = { 558b2dc8f440006a006a016a02ffd533 } | |
| $a_19 = { 558b2d5cf140006a008d842408010000 } | |
| $a_20 = { 558bac24f00200005657b93900000033 } | |
| $a_21 = { 558bcee840000000b90020000033c08b } | |
| $a_22 = { 558b2d6cf3400056578bd96a30ffd583 } | |
| $a_23 = { 558b5c241cbd10000000a1a0464100b9 } | |
| condition: | |
| 18 of them | |
| } | |
| rule BackdoorWin32Feljina_46d38137b685eea88e0c385c2585867f5164418534b9b1798b2dd0fd1020a23c { | |
| strings: | |
| $a_2 = { 558bec83ec205666c745ec000066c745 } | |
| $a_3 = { 558bec51894dfc8b4dfce8f1e500008b } | |
| $a_4 = { 558bec51894dfc8b45088338ff74278b } | |
| $a_5 = { 558bec6a108b450c508b4d0851e8bebb } | |
| $a_6 = { 558bec51894dfc8b45fc8338ff74278b } | |
| $a_7 = { 558bec81ecfc030000898d04fcffffc7 } | |
| $a_8 = { 558bec83ec58894dac8b45ac8b4d0889 } | |
| $a_9 = { 558b6c241c8b0b8b430856578b7c241c } | |
| $a_10 = { 558bec51c7051454061064000000c705 } | |
| $a_11 = { 558bec81ec1c010000898de4feffff8b } | |
| $a_12 = { 558bec51894dfc8b45fc66c740040000 } | |
| $a_13 = { 558bec81ecfc030000898d04fcffff6a } | |
| $a_14 = { 558bec837d08007437833d0c9b071000 } | |
| $a_15 = { 558bec51894dfc8b45fcc70018660510 } | |
| $a_16 = { 558bec51894dfc8b4dfce8c8feffff8b } | |
| $a_17 = { 558becb9880b0710e82b76ffff5dc355 } | |
| $a_18 = { 558b6c240c85ed57c703000000007445 } | |
| $a_19 = { 558bec6aff68309605106810f6031064 } | |
| $a_20 = { 558bac249400000057eb078bb4249c00 } | |
| $a_21 = { 558bec68e8030000b9b0050710e88d73 } | |
| $a_22 = { 558becb938060710e84d74ffff5dc355 } | |
| $a_23 = { 558bec51894dfc8b45fc8b807c040000 } | |
| $a_24 = { 558becb920040710e8a879feff5dc355 } | |
| $a_25 = { 558bece8020000005dc3558bec684c54 } | |
| $a_26 = { 558bec8b4508ff348500c20610ff15e4 } | |
| $a_27 = { 558bec6aff68413d051064a100000000 } | |
| $a_28 = { 558bec83ec106876130510b9c8c10710 } | |
| $a_29 = { 558bec68e8030000b9a0040710e80573 } | |
| $a_30 = { 558bec68829c0110e8c601020083c404 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Firefly_8dc201a52fb0e75afb784d98b86e12e6867565305fcbf1214bd06d219532edfc { | |
| strings: | |
| $a_2 = { 558bec515356578bda8bf0c645ff008b } | |
| $a_3 = { 558bec33c05568dd40400064ff306489 } | |
| $a_4 = { 558bec33c05568594b400064ff306489 } | |
| $a_5 = { 558bec33c95151515133c055681e6940 } | |
| $a_6 = { 558bec33c055687d3e400064ff306489 } | |
| $a_7 = { 558bec33c05568c542400064ff306489 } | |
| $a_8 = { 558bec33c05568f149400064ff306489 } | |
| $a_9 = { 558bec33c055685542400064ff306489 } | |
| $a_10 = { 558bec535657bf208640008b470885c0 } | |
| $a_11 = { 558bec5356578bd885c0743233d25568 } | |
| $a_12 = { 558bec518945fc33d25568043b400064 } | |
| $a_13 = { 558bec33c055681951400064ff306489 } | |
| $a_14 = { 558bec33c055682668400064ff306489 } | |
| $a_15 = { 558bec6a00538bd833c05568725f4000 } | |
| $a_16 = { 558bec33c9515151515133c055681c5b } | |
| $a_17 = { 558bce2bcb418bd38bc7e850eaffff5d } | |
| $a_18 = { 558bec8b4510508b450c508b450850a1 } | |
| $a_19 = { 558bec33c05568214b400064ff306489 } | |
| $a_20 = { 558bec81c400f8ffff5356578bf18bfa } | |
| $a_21 = { 558bec515356578bf28bd8803dac8540 } | |
| $a_22 = { 558bec33c05568b53e400064ff306489 } | |
| $a_23 = { 558bec33c055684d41400064ff306489 } | |
| $a_24 = { 558bec833dcc86400000764b33d25568 } | |
| $a_25 = { 558bec33c05568614a400064ff306489 } | |
| $a_26 = { 558bec833de086400000764533c05568 } | |
| $a_27 = { 558bec33c05568bd41400064ff306489 } | |
| $a_28 = { 558bec33c05568e63b400064ff306489 } | |
| $a_29 = { 558bec33c055681d42400064ff306489 } | |
| $a_30 = { 558bec33c055686d40400064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Floxif_3b3dbd43471d9c9aeec7b475943be664498f44ad2cc50e2bdd8239eed95b5097 { | |
| strings: | |
| $a_2 = { 558bc417d8fed50afb1d6968bc9230dc } | |
| $a_3 = { 558b5c82ec66dc42bd6d83fcb03485cd } | |
| $a_4 = { 558bacac18e6dd028c567f4ac25cd6d7 } | |
| $a_5 = { 558b90241282da76e25ad7d944a47c4a } | |
| $a_6 = { 558be19bad37e927b8b9cbad8f8ffb35 } | |
| $a_7 = { 558bec833d9482450000567550ff7510 } | |
| $a_8 = { 558b9c6c68ae3e114edc98d6bc501279 } | |
| $a_9 = { 558bd5b50f8bb26118adb1d646725f0d } | |
| $a_10 = { 558b4b90a07aadfbbcc12b32af3bcd6b } | |
| $a_11 = { 558b3c3a36db0abea17d2542c766f2f2 } | |
| $a_12 = { 558bec83ec44a1acbd46005733ff8945 } | |
| $a_13 = { 558b8f1fccb65cfa14c774e208a696b5 } | |
| $a_14 = { 558b985d69ebdea2743a55f0ffeecc38 } | |
| $a_15 = { 558b24e283326fd87aec20320df90b96 } | |
| $a_16 = { 558ba684f4f6dfdddf4a12b88c67c5a9 } | |
| $a_17 = { 558bec83ec5453568b35acbd460033db } | |
| $a_18 = { 558bb10bb82d015ddd064ccfb9ba6aa3 } | |
| $a_19 = { 558bb486af9bfac0660511da0ce403dc } | |
| $a_20 = { 558b97d1f3797f4c62476cc4974b21a7 } | |
| $a_21 = { 558bec81eca8030000a1f43d47005356 } | |
| $a_22 = { 558be8a19ae0b0f0cba6d89b23d1f6f3 } | |
| $a_23 = { 558bb0652aef707edecf85594bbbddbc } | |
| $a_24 = { 558bec83ec5453568b35709240005768 } | |
| $a_25 = { 558b7e5a5f59f1d3103a463020c732c8 } | |
| $a_26 = { 558bec535657ff7508ff15c4904000ff } | |
| $a_27 = { 558b3c4890b8941f357ec5f920347f16 } | |
| $a_28 = { 558bec81ec840000008b4514535657c7 } | |
| $a_29 = { 558bec5151568b7508576a645fa18ca7 } | |
| $a_30 = { 558bf966377b047bfa270e4a3837d8d9 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32FlyAgent_5bb6b6ea1719fe4460d2c7dee61368bfbba0d2ea66f8ae41ab462d9e9f184bec { | |
| strings: | |
| $a_2 = { 558b2d80604000565733db33f633ff3b } | |
| $a_3 = { 558bec81ec08000000c745fc00000000 } | |
| $a_4 = { 558bec8bc140c1e0022be08d3c2451c7 } | |
| $a_5 = { 558bec81ec080000008965fc683f000f } | |
| $a_6 = { 558bec81ec18000000682c000000e807 } | |
| $a_7 = { 558bec81ec040000008965fcff7508b8 } | |
| $a_8 = { 558bec81ec040000006804000000ff75 } | |
| $a_9 = { 558b4b08fb262965224ce3a2b004bf29 } | |
| $a_10 = { 558bec81ec28000000c745fc00000000 } | |
| $a_11 = { 558becff7508e8060000008be55dc204 } | |
| $a_12 = { 558bec81ec380000006808000000e8d7 } | |
| $a_13 = { 558bec68040000806a008b5d108b0385 } | |
| $a_14 = { 558bec81ec50000000c745fc00000000 } | |
| $a_15 = { 558bec81ec080000008965fcff7508b8 } | |
| $a_16 = { 558b31927ba594c0f2c500a5b6ee48a9 } | |
| $a_17 = { 558bec8be55dc3558bece80e000000b8 } | |
| $a_18 = { 558bec5756538b750c8b7d088d05c08b } | |
| $a_19 = { 558bec6aff683066400068a44c400064 } | |
| $a_20 = { 558bece80e000000b800000000e90000 } | |
| $a_21 = { 558b7277a6f1568314f35c5bd4d63e38 } | |
| $a_22 = { 558bec81ec080000008965fc68000000 } | |
| $a_23 = { 558bec81ec240000006808000000e8c0 } | |
| $a_24 = { 558bec81ecbc0000006808000000e880 } | |
| $a_25 = { 558bec81ec0c0000006807000000ff75 } | |
| $a_26 = { 558bec81ec0c000000c745fc00000000 } | |
| $a_27 = { 558bec81ec10000000837d08000f846a } | |
| $a_28 = { 558bec535657556a006a0068c44b4000 } | |
| $a_29 = { 558bcdd5173918dde688b7dfb84b8edc } | |
| $a_30 = { 558bec51515333db391d288f40005657 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32FlyAgent_9aef52b5d72a7bf8520e60b67566fd56b8274136bbd89c9bf95d44b87b87e742 { | |
| strings: | |
| $a_2 = { 558bec28d88e0c2b3f33ea20e4626f88 } | |
| $a_3 = { 558bc83c0f46032b404e1e8194d5061b } | |
| $a_4 = { 558bbc22ee391dd3765d1479926803bb } | |
| $a_5 = { 558ba7fac8aed7fc4933f0f109bd35e8 } | |
| $a_6 = { 558b3c57ae32212663bc630fd07bea43 } | |
| $a_7 = { 558b432a01e29d5116750f9f0115ac1a } | |
| $a_8 = { 558b47370d88e8df10822a1c585642f5 } | |
| $a_9 = { 558bee0100a7d18bdaa296b2b5333ca6 } | |
| $a_10 = { 558b6adb40f88d53c27cce5951221b98 } | |
| $a_11 = { 558b9f1899e00964f06854b40e84d756 } | |
| $a_12 = { 558b903ee712a32575c2fac59efad9a0 } | |
| $a_13 = { 558bb5482267bbef054a554738f1c774 } | |
| condition: | |
| 10 of them | |
| } | |
| rule BackdoorWin32ForShare_19dce7a0c9b638470e2e3451f2d4f42e5d4f558d67e9d69d7bf6c1a7ff17b82a { | |
| strings: | |
| $a_2 = { 558bea81c5f8ffffffebd68b39eb53a2 } | |
| $a_3 = { 558bec83ec4c8b1153568b7108578b79 } | |
| $a_4 = { 558b10f43c3689564ab38b9b00aa0285 } | |
| $a_5 = { 558bec5156578bfaeb09880e9cfb16a2 } | |
| $a_6 = { 558ba434c3f91509d4e86aef934778f6 } | |
| $a_7 = { 558b875424048d1cad00000000ebd7c5 } | |
| $a_8 = { 558b3659aa74e77b52c09e1634f7e636 } | |
| $a_9 = { 558be80fb65d005de982000000109505 } | |
| $a_10 = { 558b3d0356c3d0b41b2d4610038872f0 } | |
| $a_11 = { 558becebbd8d64241cc645e47a8d8f4e } | |
| $a_12 = { 558bec83ec0c56eb098a0a98ff0afe2b } | |
| $a_13 = { 558b489f7ce6d4d529e1d1459742fdcc } | |
| $a_14 = { 558bea8b75005debe133f28d6424048d } | |
| $a_15 = { 558b0c248d4c24f5660fbdcbeb420f9e } | |
| $a_16 = { 558b13a4e9cb4e438b5ed9fca8695341 } | |
| $a_17 = { 558bec83ec185356578955e8eb09fc7e } | |
| $a_18 = { 558b38e2e279c71d1d778acdc8684a29 } | |
| $a_19 = { 558bec83e4f883ec2c535657eb09d256 } | |
| $a_20 = { 558bd7e9f7f9fdffcbb4d32eccd55bcb } | |
| $a_21 = { 558bce8b042466407529741149c15130 } | |
| $a_22 = { 558bc79b0e59024e6ac0cce141a5ba1a } | |
| $a_23 = { 558bec83ec185356eb0754d24027d266 } | |
| $a_24 = { 558befebdd895f08b7b6668bd966f7d3 } | |
| $a_25 = { 558b317b4f8c2254c67d8033c5b09317 } | |
| $a_26 = { 558beeeb04b998fbd28d6d0c8b55005d } | |
| $a_27 = { 558b0c248b14248d642402e92dffffff } | |
| $a_28 = { 558b2c24fdeb1b6497fec98614248d2c } | |
| $a_29 = { 558be80fb65d005deb470c8d1d649777 } | |
| $a_30 = { 558bea8d2cad000000008dad80e40310 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32FR_a29b295f6720dfaf7d6ac32dd5dd4a940ba43e6b0836219e4c739d25fd532e12 { | |
| strings: | |
| $a_2 = { 558baeb603175bf39d36a49eeac571fb } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Fynloski_36591427a842709b76c177a121848fa3dbb627497e5f49acee7897933c3e0340 { | |
| strings: | |
| $a_2 = { 558bec5151688612400064a100000000 } | |
| $a_3 = { 558bac64cc3287bb5eb0956af1b0b343 } | |
| $a_4 = { 558b0de0e04400c704017795526a6a04 } | |
| $a_5 = { 558bec6a0858e8cf42fbff683bc54400 } | |
| $a_6 = { 558b8a19b12913bae6e22415ef9bf59a } | |
| $a_7 = { 558bec6a4858e88441fbffa198e34400 } | |
| $a_8 = { 558bec5dc3558bec5dc3558bec515168 } | |
| $a_9 = { 558bec5dc3558bec5151688612400064 } | |
| $a_10 = { 558bec83ec0c688612400064a1000000 } | |
| $a_11 = { 558bec6a1858e81343fbff8b45088945 } | |
| $a_12 = { 558bec6a0458e84876fbffa18ce04400 } | |
| condition: | |
| 10 of them | |
| } | |
| rule BackdoorWin32Gaertob_05afe9bad723f03053c155e20608715b0b33ea168ee724e69c38b28f95bba0e5 { | |
| strings: | |
| $a_2 = { 558bec83c4f833c08945fc33c0556800 } | |
| $a_3 = { 558bec81c4dcfeffff33c9894de0894d } | |
| $a_4 = { 558bec83c4bc33d28955bc8955c08955 } | |
| $a_5 = { 558bec83c4e48945fc909090908b45fc } | |
| $a_6 = { 558bec33c95151515133c05568113d00 } | |
| $a_7 = { 558bec81c4e4feffff33c9898de4feff } | |
| $a_8 = { 558bf98bea8bf0b8141300103b051c50 } | |
| $a_9 = { 558bec83c4f8e803000000e8e8e883c4 } | |
| $a_10 = { 558bec83c4f833c08945f833c0556823 } | |
| $a_11 = { 558bec83c4f48955f88945fc8b45fc33 } | |
| $a_12 = { 558becb90a0000006a006a004975f989 } | |
| $a_13 = { 558bec83c4d85333db895dd8894df489 } | |
| $a_14 = { 558bec33c05568ab19001064ff306489 } | |
| $a_15 = { 558bec51c645ff00e8e3ffffff3d0030 } | |
| $a_16 = { 558bec83c4e433c08945e48945e88b45 } | |
| $a_17 = { 558b6a0883c105e8aeffffffffd15d5f } | |
| $a_18 = { 558bec83c4b833d28955b88955bc8955 } | |
| $a_19 = { 558bec33c95151515133c055688a3400 } | |
| $a_20 = { 558bec83c4e88d45e850e835feffff0f } | |
| $a_21 = { 558bec83c4f833c08945f833c0556844 } | |
| $a_22 = { 558bec83c4ec33c08945ec8945f033c0 } | |
| $a_23 = { 558bec33c055684d1b001064ff306489 } | |
| $a_24 = { 558bec81c4e0feffff33d28995e0feff } | |
| $a_25 = { 558bec83c4c433c9894dc4894dc8894d } | |
| $a_26 = { 558bec81c468feffff33c9898d68feff } | |
| $a_27 = { 558bec83c4d833c9894ddc894dd8894d } | |
| $a_28 = { 558bec33c05568851b001064ff306489 } | |
| $a_29 = { 558bec33c05568c343001064ff306489 } | |
| $a_30 = { 558bec33c05568d51b001064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Ganipin_cdbfaa3c0a91d9127c28133ac6db82dfdfc7f1991901481838560a53e4557c03 { | |
| strings: | |
| $a_2 = { 558bec51a130a000145333db3bc3895d } | |
| $a_3 = { 558bec83ec1c8065f800565733c02045 } | |
| $a_4 = { 558becb888900100e8671c000080a578 } | |
| $a_5 = { 558bec6aff6880850014688451001464 } | |
| $a_6 = { 558bec535657556a006a0068a4500014 } | |
| $a_7 = { 558bec81ecf40600005356576a4033db } | |
| $a_8 = { 558bec83ec6c5356576a015b33f65656 } | |
| $a_9 = { 558bec83ec108d45f4c745f001000000 } | |
| $a_10 = { 558bec8b450885c075025dc3833d30a0 } | |
| $a_11 = { 558bec83ec6853565733ff6a108d45ec } | |
| $a_12 = { 558becb81c330000e893170000535657 } | |
| $a_13 = { 558b2d68810014565733db33f633ff3b } | |
| $a_14 = { 558bec6aff6898850014688451001464 } | |
| $a_15 = { 558bec81ec1c01000053565733db33c0 } | |
| $a_16 = { 558bec81ec8c010000566a006a02c785 } | |
| $a_17 = { 558bec51515333db391decb300145657 } | |
| $a_18 = { 558becb888200300e89f1a0000535633 } | |
| $a_19 = { 558bec83ec1056e84a000000ff15ec80 } | |
| $a_20 = { 558bec6aff68d0810014688451001464 } | |
| $a_21 = { 558bec81ec44020000ff750c8d85bcfd } | |
| $a_22 = { 558bec81ecd001000080a530feffff00 } | |
| $a_23 = { 558bc18bf1c1f80583e61f8d3c85e0b2 } | |
| $a_24 = { 558bec81ec5802000053568d45ac5750 } | |
| $a_25 = { 558bec83ec0c5356576a00ff15ac8000 } | |
| $a_26 = { 558bec83ec14a168a000148b156ca000 } | |
| $a_27 = { 558bec515633c057508d4dfc505168af } | |
| $a_28 = { 558bec83ec14ff15dc8000143d000000 } | |
| $a_29 = { 558becb874900100e8211b0000576a00 } | |
| condition: | |
| 23 of them | |
| } | |
| rule BackdoorWin32Gaobot_9f864ebea0d5cb6fae5e83e07b0f74d49b6269b023856ea4545a60903c0b93b8 { | |
| strings: | |
| $a_2 = { 558bec515153568b35b0824000578b56 } | |
| $a_3 = { 558bec51833d948640000053751d8b45 } | |
| $a_4 = { 558bec51568b750885f6745aa10c8940 } | |
| $a_5 = { 558bec6aff6828544000687c1e400064 } | |
| $a_6 = { 558bec6aff6840544000687c1e400064 } | |
| $a_7 = { 558b2d44504000565733db33f633ff3b } | |
| $a_8 = { 558bec6aff68b8504000687c1e400064 } | |
| $a_9 = { 558bec51515333db391d288a40005657 } | |
| $a_10 = { 558becb82c120000e8651200008d8568 } | |
| $a_11 = { 558bec535657556a006a00689c1d4000 } | |
| $a_12 = { 558bec83ec14a1c48640008b15c88640 } | |
| $a_13 = { 558bec5153568b359462400057837e10 } | |
| condition: | |
| 10 of them | |
| } | |
| rule BackdoorWin32GDoor_6b6fac9ec873951e57e9b4f36c7f72bd1820599c430028f9b357f1e577f1eb1a { | |
| strings: | |
| $a_2 = { 558b9abc5a928b558c66d9d026ed9908 } | |
| $a_3 = { 558b5c8eb5f2c522dac080e8597bc4e0 } | |
| $a_4 = { 558bfb6a4b6a841f5476b59528e4c329 } | |
| $a_5 = { 558bd33f46986120e8c1fba1e460485d } | |
| condition: | |
| 4 of them | |
| } | |
| rule BackdoorWin32Ghost_1483acc55f3645a03c16bce1c26ec193f59ae04846846240b5fe2e797f678f96 { | |
| strings: | |
| $a_2 = { 558bec83ec0c535657be541f40008d7d } | |
| $a_3 = { 558bec81ec5c0800005356578d85a8f8 } | |
| $a_4 = { 558bec81ec0401000056576a00e8b811 } | |
| $a_5 = { 558bec81ec0002000053568b750c57ff } | |
| $a_6 = { 558bec81eca40200008d855cfdffff50 } | |
| $a_7 = { 558bec83ec4056ff7508ff153c2b0010 } | |
| $a_8 = { 558bec81ec04010000535657ff157011 } | |
| $a_9 = { 558bec81ec5005000053565768682640 } | |
| $a_10 = { 558bec81ec100400005356bb04010000 } | |
| $a_11 = { 558bec6aff68202f400068c068400064 } | |
| $a_12 = { 558bec81ec04010000535668641f4000 } | |
| $a_13 = { 558bec81ece40100008365e40083658c } | |
| $a_14 = { 558bec83240c915bbe54108d7df4706a } | |
| $a_15 = { 558bec8b4508568b750c8a108aca3a16 } | |
| $a_16 = { 558bec5168ca604000ff1598104000e8 } | |
| $a_17 = { 558bec81ec00010000ff750cff7508ff } | |
| $a_18 = { 558bec51518b450c830dd0684000ff89 } | |
| $a_19 = { 558bec81ec0c030000538b1d10104000 } | |
| $a_20 = { 558bec83ec145357e825020000b34366 } | |
| $a_21 = { 558bc18bf78bfbc1e902f3a58bc833c0 } | |
| $a_22 = { 558bec81ec0c020000535657be102440 } | |
| $a_23 = { 558bec81ec8000000056ff7514ff7510 } | |
| $a_24 = { 558bec83ec4056ff7510ff750cff7508 } | |
| $a_25 = { 558bec83ec345356578d45cc68040100 } | |
| $a_26 = { 558bec81ec0401000053568b35701140 } | |
| $a_27 = { 558bec81ec080200005356576a4033db } | |
| $a_28 = { 558bec81ec9003000056ff7514ff7510 } | |
| $a_29 = { 558bec81ec20070000538b1d1c104000 } | |
| $a_30 = { 558bec81ec50040000576a505933c0ff } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Gibbon_cd0d2bc21d7547bb168b51c0c277efc1df287ec1bdf7c9704ae5fec676d12f17 { | |
| strings: | |
| $a_2 = { 558be06d23f82957b305884266562b61 } | |
| $a_3 = { 558b29a44b47585ba23429301898d04d } | |
| $a_4 = { 558b72eb72d423d50d926ea881e1710a } | |
| $a_5 = { 558bc6766f86d9b3160449a1606a044f } | |
| condition: | |
| 4 of them | |
| } | |
| rule BackdoorWin32Ginwui_1e258ad39024f6d4e53532e3fea0e27107d67282da57ce0429c96c99cd4e6680 { | |
| strings: | |
| $a_2 = { 558bec33c05568f231400064ff306489 } | |
| $a_3 = { 558bec535657bf1c5640008b470885c0 } | |
| $a_4 = { 558bb38d020c42598db73a0062ab6334 } | |
| $a_5 = { 558bec33c055689d35400064ff306489 } | |
| $a_6 = { 558bec33c05568673b400064ff306489 } | |
| $a_7 = { 558bf0bffc554000bd005640008b1df4 } | |
| $a_8 = { 558bec81c404f0ffff5083c4d8535657 } | |
| $a_9 = { 558bec83c4f85356578bd8803da85540 } | |
| $a_10 = { 558bec33c05568d133400064ff306489 } | |
| $a_11 = { 558bec52508b450850516a006a00e82d } | |
| $a_12 = { 558bec518945fc33d255689c31400064 } | |
| $a_13 = { 558bec83c4f85356578bd8803da86540 } | |
| $a_14 = { 558bec81c4a0fdffff53565733d28995 } | |
| $a_15 = { 558bec83c4f85356578945fca1204040 } | |
| $a_16 = { 558bf28bd8eb0853e8a0eaffff8bd88a } | |
| $a_17 = { 558bec33c05568993c400064ff306489 } | |
| $a_18 = { 558bec33d255681618400064ff326489 } | |
| $a_19 = { 558bec33c055680934400064ff306489 } | |
| $a_20 = { 558bec33c055686134400064ff306489 } | |
| $a_21 = { 558bec535657a12456400085c0744b8b } | |
| $a_22 = { 558bec518945fc33d25568003a400064 } | |
| $a_23 = { 558bec81c4f8f7ffff5356578d75fc33 } | |
| $a_24 = { 558bec33c055682632400064ff306489 } | |
| $a_25 = { 558bec535657bf1c6640008b470885c0 } | |
| $a_26 = { 558bec83c4f053b820494000e87bf2ff } | |
| $a_27 = { 558bec515356578bf28bd8803da86540 } | |
| $a_28 = { 558bec6a00535633c05568c926400064 } | |
| $a_29 = { 558bec33c05568453c400064ff306489 } | |
| $a_30 = { 558bec518945fc33d25568d031400064 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Gobot_7db4d11b57033ef9efe706acf377a4c5bee63b4ac01fb24590b021de89c3a6f2 { | |
| strings: | |
| $a_2 = { 558bb2356e64f8163fa0e2a718edaa3f } | |
| $a_3 = { 558b37ae63397f901910b3d4c18b125b } | |
| $a_4 = { 558bf436859de5d955e294d303ac6797 } | |
| $a_5 = { 558bdf88812826a8e9ad128a7b86c7b5 } | |
| $a_6 = { 558b698ba02ab73f22d8b3414024bfde } | |
| $a_7 = { 558be77b537cf1e50a1d755ed29a6e40 } | |
| $a_8 = { 558b292e0b5cf592356936e4c3d265e5 } | |
| $a_9 = { 558bd9f68dfddeb3e8c74304606a044f } | |
| $a_10 = { 558bba95dcfe03e9f7479b3f0881bac9 } | |
| $a_11 = { 558b2b5cabe1d16df6bfc29af0042c1f } | |
| condition: | |
| 9 of them | |
| } | |
| rule BackdoorWin32Goolelo_406e73948c78b1e692646ea0edbadbb366bede04036114ac2bf86c413d4d4132 { | |
| strings: | |
| $a_2 = { 558bec83ec148b451053568b750c85c0 } | |
| $a_3 = { 558bec81ecc00200005356576a0f33db } | |
| $a_4 = { 558becb814940100e8350a0000535657 } | |
| $a_5 = { 558bec81ec8000000066a184b1400056 } | |
| $a_6 = { 558bec6aff6840314000688027400064 } | |
| $a_7 = { 558bec81ec5403000053568b35383040 } | |
| $a_8 = { 558bec81ec1001000080a570ffffff00 } | |
| $a_9 = { 558bec81ec28010000566a006a02e855 } | |
| $a_10 = { 558becb840290000e8b3150000535657 } | |
| $a_11 = { 558becb88c900100e80c080000535657 } | |
| $a_12 = { 558bec81ec240100008b4d1053568b75 } | |
| $a_13 = { 558bec81ec3c0600005356be04010000 } | |
| condition: | |
| 10 of them | |
| } | |
| rule BackdoorWin32Govrat_50678d26f560ba4620c3dfdc5bba0199ac153f44d003551a4c71667e89fa99ed { | |
| strings: | |
| $a_2 = { 558b6c241c8d59020fb653010fb6038d } | |
| $a_3 = { 558bec83ec30a17090440033c58945fc } | |
| $a_4 = { 558bec5151a17090440033c58945fc56 } | |
| $a_5 = { 558bec6aff68a366430064a100000000 } | |
| $a_6 = { 558bec5151a17090440033c58945fc53 } | |
| $a_7 = { 558bec535657e8b259ffff8bf033db6a } | |
| $a_8 = { 558bec83e4f8833da4b344000056578b } | |
| $a_9 = { 558bec8b4d0c568b7508890ee89c2500 } | |
| $a_10 = { 558bec5de9342000008bff558bec8b45 } | |
| $a_11 = { 558bec53568b750c33c9576a04bb1073 } | |
| $a_12 = { 558bec83ec108d4df05356ff7510e889 } | |
| $a_13 = { 558bec51ff71088b4d088365fc00e8cd } | |
| $a_14 = { 558bec6aff686066430064a100000000 } | |
| $a_15 = { 558bece87d0000008b0d649044008b45 } | |
| $a_16 = { 558bec568b7508578b7e082b7e143b7d } | |
| $a_17 = { 558bec56ff75088bf1e8fe8fffffc706 } | |
| $a_18 = { 558bec5156ff75088bf18975fce80fb8 } | |
| $a_19 = { 558bec6a00ff1584714300ff7508ff15 } | |
| $a_20 = { 558bec5633f6833d70aa4400027d2d8b } | |
| $a_21 = { 558beca10890440085c00f84bdc20000 } | |
| $a_22 = { 558bec5de9fafeffff6a0c68606f4400 } | |
| $a_23 = { 558bec8b450883c02050ff15b8704300 } | |
| $a_24 = { 558bec8b4d0885c9741681f938ca4300 } | |
| $a_25 = { 558bec57ff750ce80781ffff598b4d0c } | |
| $a_26 = { 558becff7508b944ab4400e84ca70000 } | |
| $a_27 = { 558bec8b4d0885c97515e85f060000c7 } | |
| $a_28 = { 558b6c24180fb70c788bd583e201c1e9 } | |
| $a_29 = { 558becb810140000e8fae7feffa17090 } | |
| $a_30 = { 558b6c24208bc25657894424148bf18b } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Hackarmy_e8e7392b03f89409ddae36f12b751073768fd0348559eab90fa41afdb6cb3c79 { | |
| strings: | |
| $a_2 = { 5589e5578b7d0809ff7c586bc728ff34 } | |
| $a_3 = { 5589e5535657ff7508e89da5000089c7 } | |
| $a_4 = { 5589e55356578b7d0831f609ff74118b } | |
| $a_5 = { 5589e581eca80300005356578dbd70fd } | |
| $a_6 = { 5589e5565768000400006800d04000e8 } | |
| $a_7 = { 5589e581ec7c0100005356578dbde8fe } | |
| $a_8 = { 5589e5b8c8270000e8cb290000535657 } | |
| $a_9 = { 5589e55166c745fe0000eb2e0fb745fe } | |
| $a_10 = { 5589e5b800100000e89b990000565768 } | |
| $a_11 = { 5589e56a0de842afffff50e8d6aeffff } | |
| $a_12 = { 5589e581ec0401000068000100008d85 } | |
| $a_13 = { 5589e581ec700900005356578b5d088b } | |
| $a_14 = { 5589e581ec780100005356578dbde8fe } | |
| $a_15 = { 5589e583ec1456578b450c6689450c6a } | |
| $a_16 = { 5589e551ff35b8d44000e8e3a60000ff } | |
| $a_17 = { 5589e583ec5468132b4100ff35dceb40 } | |
| $a_18 = { 5589e581ec0c0200005356578b5d088d } | |
| $a_19 = { 5589e581ec0402000056578b7d0857e8 } | |
| $a_20 = { 5589e5515356578b751009f6750431c0 } | |
| $a_21 = { 5589e5515356578b75088b5d0c5356e8 } | |
| $a_22 = { 5589e5515056578b7d0866c745fe0000 } | |
| $a_23 = { 5589e551576a006a006a006a006a00e8 } | |
| $a_24 = { 5589e581ec400400005356578dbdecfb } | |
| $a_25 = { 5589e583ec30535657c745d010000000 } | |
| $a_26 = { 5589e55150578325b8eb400000688000 } | |
| $a_27 = { 5589e55156578b7d146a008d45fc506a } | |
| $a_28 = { 5589e581ec540700005356578dbdd6fc } | |
| $a_29 = { 5589e581ec0c0100005768000100008d } | |
| $a_30 = { 5589e581ec9400000056578b7d08c785 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32HackerDefender_af16d0281331451eca64bce14209e61bb5f328019f34eac78271f46bc9ff7097 { | |
| strings: | |
| $a_2 = { 558bec83c4d45356578b451083c00c8b } | |
| $a_3 = { 558bec51648b05300000008945fc8b45 } | |
| $a_4 = { 558bec608b7424288b7c242cfcb28031 } | |
| $a_5 = { 558bec51e828000000dbb3000059b000 } | |
| condition: | |
| 4 of them | |
| } | |
| rule BackdoorWin32Hacty_b8a63efc02c0c2c338783c8c836600f84fe742668975af2e253daa507d82f9e4 { | |
| strings: | |
| $a_2 = { 558babb8d0cc1977ae8bc0c4faea3ae6 } | |
| $a_3 = { 558b9fc4517c1b66161712622e804cc3 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Hanove_228ec161435b8f8a450ffe179219ca8c4df2d1ed3b351112be366d6efa38f559 { | |
| strings: | |
| $a_2 = { 558bec83ec14a1b03c440033c58945fc } | |
| $a_3 = { 558bec568bf1e879440000837d0c0075 } | |
| $a_4 = { 558bece896ffffffe88bc40000837d08 } | |
| $a_5 = { 558b6c24182bc1555003ca51e8c15e01 } | |
| $a_6 = { 558bec568b750885f67505e85d54ffff } | |
| $a_7 = { 558beca11c55440085c074035dffe033 } | |
| $a_8 = { 558bec6a01e880ffffff8bc85de960f6 } | |
| $a_9 = { 558be98b5d38c74500d4c3430085db74 } | |
| $a_10 = { 558bece8fffeffff85c074075dff2578 } | |
| $a_11 = { 558bec833d807744000075108b45088d } | |
| $a_12 = { 558bec83ec10a1b03c440033c58945fc } | |
| $a_13 = { 558bec81ec90000000a1b03c440033c5 } | |
| $a_14 = { 558bec56e89c0b00006a008bf0e8d775 } | |
| $a_15 = { 558bec6aff686265430064a100000000 } | |
| $a_16 = { 558bec568bf1e80bc8ffff8b4508c706 } | |
| $a_17 = { 558bec837d08007505e891b0ffffff75 } | |
| $a_18 = { 558bec8b4d08a100304400890d003044 } | |
| $a_19 = { 558bec83e4f881ec08020000a1b03c44 } | |
| $a_20 = { 558bec8b45085633f63bc6751ce839d2 } | |
| $a_21 = { 558bec5333db395d10751de8f62a0000 } | |
| $a_22 = { 558bec83ec34a1b03c440033c58945fc } | |
| $a_23 = { 558bec81ec28030000a3d0734400890d } | |
| $a_24 = { 558bec83ec48a1b03c440033c58945fc } | |
| $a_25 = { 558bec568bf18b4e0433c0578b3d3080 } | |
| $a_26 = { 558bec5153568bf133db3bf3751ee870 } | |
| $a_27 = { 558bec568bf1c706508a4300e803ffff } | |
| $a_28 = { 558bec8b450883f8117205e82056ffff } | |
| $a_29 = { 558bec568bf1e886e9ffff8b45088946 } | |
| $a_30 = { 558bec516a008d4dfce840ffffff6898 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Harvester_c121fdc0cdd256c7680a27dc45a2e13b22a150783735ef8f98799071183d0a26 { | |
| strings: | |
| $a_2 = { 558bec83c4f85356578945fca1141041 } | |
| $a_3 = { 558bce2bcb418bd38bc7e858ceffff5d } | |
| $a_4 = { 558bec6a00535633c055687185400064 } | |
| $a_5 = { 558bec6a005633c055681b86400064ff } | |
| $a_6 = { 558bec83c4e4535633c08945e88945e4 } | |
| $a_7 = { 558bec33c0556889a9400064ff306489 } | |
| $a_8 = { 558bec33c05568070c410064ff306489 } | |
| $a_9 = { 558bec8d4510f6451580740583380075 } | |
| $a_10 = { 558bec83c4b4b8100c4100e8084bffff } | |
| $a_11 = { 558bec535657a12866141385c0744b8b } | |
| $a_12 = { 558bec53803dac651413000f84cc0000 } | |
| $a_13 = { 558bec33c0556861aa400064ff306489 } | |
| $a_14 = { 558bec83c4f8e8c174ffff8855fb8945 } | |
| $a_15 = { 558becff750cff75088b15f8244100e8 } | |
| $a_16 = { 558bec8d4d0c8b0185c074093d000001 } | |
| $a_17 = { 558bc3e861f8ffff59eb0c55b87c8240 } | |
| $a_18 = { 558bec535657a1a424410085c0744b8b } | |
| $a_19 = { 558bea8bf88bc7e889ccffff8bf0bb01 } | |
| $a_20 = { 558bec518945fc33d25568a848400064 } | |
| $a_21 = { 558bec51568bf06a208bcaa148b24000 } | |
| $a_22 = { 558bec535657bf9c2441008b470885c0 } | |
| $a_23 = { 558bf0bf00661413bd046614138b1df8 } | |
| $a_24 = { 558bec83c4f85356578945fca1205014 } | |
| $a_25 = { 558bec83c4e45752ff75106a008d7de4 } | |
| $a_26 = { 558bec89c1dd4508d80d6011410083ec } | |
| $a_27 = { 558bec51538945fc8b45fce81455ffff } | |
| $a_28 = { 558bec33c055680d58400064ff306489 } | |
| $a_29 = { 558bec33c05568d137141364ff306489 } | |
| $a_30 = { 558bec33c055688cd9400064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Havex_b8514bff04e8f4e77430202db61ec5c206d3ec0f087a65ee72c9bb94a058b685 { | |
| strings: | |
| $a_2 = { 558becff7508ff15e4b003105dc38bff } | |
| $a_3 = { 558bec837d08fe750d817d0cffffff7f } | |
| $a_4 = { 558bec83ec4c538b1de0dd0410566a30 } | |
| $a_5 = { 558becff7508ff15e8b003105dc38bff } | |
| $a_6 = { 558bec6a008bcec746180f000000e8ed } | |
| $a_7 = { 558b3783c70489bddcfdffffe8fa6600 } | |
| $a_8 = { 558bec83c1c483ec40518d4dc0e83300 } | |
| $a_9 = { 558bec83ec10a15885041033c58945fc } | |
| $a_10 = { 558bec518365fc005356576a205e8bf8 } | |
| $a_11 = { 558bec5356578b7d08837f2000bb908f } | |
| $a_12 = { 558bec568b75088b460ca8837510e823 } | |
| $a_13 = { 558bec51518b088b4004894df885c074 } | |
| $a_14 = { 558becb840140000e87d390100535657 } | |
| $a_15 = { 558bec81ec1c050000a15885041033c5 } | |
| $a_16 = { 558bec83e4f86aff687692031064a100 } | |
| $a_17 = { 558bec83ec10a1c0dc041053568b750c } | |
| $a_18 = { 558bec83e4f883ec0c8b451453568bf1 } | |
| $a_19 = { 558bec83ec0c85ff750ae8ed6f0000e8 } | |
| $a_20 = { 558bec83ec74a15885041033c58945fc } | |
| $a_21 = { 558bec8b450c568b75088906e8e33b00 } | |
| $a_22 = { 558bec81ecc4010000a15885041033c5 } | |
| $a_23 = { 558bec837d0c117415837d0c1674075d } | |
| $a_24 = { 558bec8b06df6d10df6d08b98fbc0000 } | |
| $a_25 = { 558bec81ec80000000a15885041033c5 } | |
| $a_26 = { 558bec51397e147305e86f7a010083c8 } | |
| $a_27 = { 558bec83e4f88b038b500483ec185657 } | |
| $a_28 = { 558bec538b5d08568bf1c706c4b40310 } | |
| $a_29 = { 558bec83e4f86aff68f09f031064a100 } | |
| $a_30 = { 558bec8bc18b4d08c700c4b403108b09 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Hekdor_b8ea1ad1614f8bef0c66041e85f498888671a40534534c3851a34aa53ad1d22f { | |
| strings: | |
| $a_2 = { 558bec81c4d8feffff535657e8aef9ff } | |
| $a_3 = { 558bec6aff6880f9001064a100000000 } | |
| $a_4 = { 558bec81c4f8fdffff56578db5f8fdff } | |
| $a_5 = { 558bec6aff68b0fa001064a100000000 } | |
| $a_6 = { 558bf0e82c2f000053e8262f000083c4 } | |
| $a_7 = { 558be95657896c24108b451085c07418 } | |
| $a_8 = { 558bcee879feffff8bfb83c9ff33c06a } | |
| $a_9 = { 558bec83c4fc2bf68975fc8b45084075 } | |
| $a_10 = { 558bec81c4f8fdffff56578dbdf8fdff } | |
| $a_11 = { 558bcee84102000083f80175e6899e28 } | |
| $a_12 = { 558be956578d5d2085db0f8462010000 } | |
| $a_13 = { 558bec6aff6800fa001064a100000000 } | |
| $a_14 = { 558bec81c4d8feffff535657e8f5f8ff } | |
| $a_15 = { 558bcbe853010000668b534e52ff1518 } | |
| $a_16 = { 558b2d3022001051884609ffd58a5424 } | |
| $a_17 = { 558bec6aff68e0fa001064a100000000 } | |
| $a_18 = { 558bce896c2428895c2424e846f2ffff } | |
| $a_19 = { 558bec6aff686bfa001064a100000000 } | |
| $a_20 = { 558b6c241c894c240856578d4c2d028d } | |
| $a_21 = { 558bec6aff6810fa001064a100000000 } | |
| $a_22 = { 558bec81c4f8fdffff56578b7d088db5 } | |
| $a_23 = { 558bec6aff6890f9001064a100000000 } | |
| $a_24 = { 558bec6aff68ebf9001064a100000000 } | |
| $a_25 = { 558bec81c4ccedffff535657e824fdff } | |
| $a_26 = { 558b5304565781e1ffff0000505152ff } | |
| condition: | |
| 21 of them | |
| } | |
| rule BackdoorWin32Hesetox_50e0e6da645b71b24ca5a4524ff2e0059502d1acb92f571feb7aeb48e9184af4 { | |
| strings: | |
| $a_2 = { 558bec566a188bf1e8fd9a00005933c9 } | |
| $a_3 = { 558bec83ec10eb0dff7508e8cc4d0000 } | |
| $a_4 = { 558becff750ce8248f00005983f8ff75 } | |
| $a_5 = { 558bec538b5d0856538bf1e869d8ffff } | |
| $a_6 = { 558becb8e41a0000e80a410000a17046 } | |
| $a_7 = { 558bec83ec0c5356ff1530d141008bd8 } | |
| $a_8 = { 558bec81ec0c010000a17046420033c5 } | |
| $a_9 = { 558bec568bf1ff761ce80e720000f645 } | |
| $a_10 = { 558becff75108b4d08ff750ce8e7f7ff } | |
| $a_11 = { 558bec83ec1853ff75108d4de8e8836b } | |
| $a_12 = { 558bec5356e8b830ffff8bf033db3bf3 } | |
| $a_13 = { 558bec51ff75088365fc0083c118e837 } | |
| $a_14 = { 558bec81ec28030000a3c8604200890d } | |
| $a_15 = { 558bec81ecc8010000a17046420033c5 } | |
| $a_16 = { 558bec538b5d08578b7d0c3bdf741c56 } | |
| $a_17 = { 558bec51ff750c8365fc00e8fd090000 } | |
| $a_18 = { 558bec8b450883c1095183c00950e84e } | |
| $a_19 = { 558bec535657e81548ffff8db89c0000 } | |
| $a_20 = { 558bec83ec10ff75088d4df0e8b83cff } | |
| $a_21 = { 558bec5151a17046420033c58945fc53 } | |
| $a_22 = { 558bec56ff75088bf1e883f4feffc706 } | |
| $a_23 = { 558bec83ec10a1dc6442005333db568b } | |
| $a_24 = { 558bec5185f67450803e00744b688802 } | |
| $a_25 = { 558bec51ff750c8365fc00e856120000 } | |
| $a_26 = { 558bec83ec10ff75088d4df0e87daaff } | |
| $a_27 = { 558bec5de911fbffff8bff558bec5657 } | |
| $a_28 = { 558bec6a0a6a00ff7508e8ccd7ffff83 } | |
| $a_29 = { 558bec5156578bf96a008d4dfce8308f } | |
| $a_30 = { 558bec518b4d14535657eb4283651400 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Hikiti_b33ffbec01b43301edd9db42a59dcd33dd45f638733e2f92f0cb5bfe86714734 { | |
| strings: | |
| $a_2 = { 558bec83ec0c8b45108365fc00568b48 } | |
| $a_3 = { 558bec83ec185657bf800000006a008b } | |
| $a_4 = { 558bec8b4508568b70048b0005a00000 } | |
| $a_5 = { 558bec83ec100fb7450c535657ff7510 } | |
| $a_6 = { 558bec81ec580500005356576a4033db } | |
| $a_7 = { 558becff7510ff750cff7508e8b6ffff } | |
| $a_8 = { 558bec5151538b5d088d45f856506a00 } | |
| $a_9 = { 558bec538b5d08f6c301740783e3fe80 } | |
| $a_10 = { 558bec0fb74d108b45183b487473088b } | |
| $a_11 = { 558bec81ec8809000053568b35a83040 } | |
| $a_12 = { 558bec51518b45088365fc008b000fb7 } | |
| $a_13 = { 558bec51518b45085356576681384d5a } | |
| $a_14 = { 558b2d8830400074275733ff395e0c7e } | |
| $a_15 = { 558bec56ff750cff7508ff7514ff1530 } | |
| $a_16 = { 558bec518365fc008d45fc5068dc4040 } | |
| $a_17 = { 558bec83ec1453568b751433d233c957 } | |
| $a_18 = { 558bec81ec140300008365fc0053568d } | |
| condition: | |
| 14 of them | |
| } | |
| rule BackdoorWin32Hostil_86705fd083992f99d59b4e96dd90711c09acbddd4b131f1ba6d08f6708b9c216 { | |
| strings: | |
| $a_2 = { 558bec83ec10ff75088d4df0e88bcbff } | |
| $a_3 = { 558bec8b4d0883f9fe7515e8975cffff } | |
| $a_4 = { 558bec833d587241000075118b4d08a1 } | |
| $a_5 = { 558bec6aff6820de400064a100000000 } | |
| $a_6 = { 558beca1c426510033051c534100ff75 } | |
| $a_7 = { 558becb8f01a0000e85e080000a11c53 } | |
| $a_8 = { 558bec568bf1e8a7170000f645080174 } | |
| $a_9 = { 558bec8b450885c07515e83797ffffc7 } | |
| $a_10 = { 558bec83ec28a11c53410033c58945fc } | |
| $a_11 = { 558bec83ec18a11c5341008d4de88365 } | |
| $a_12 = { 558bec8b4508b9d05b41003bc1721f3d } | |
| $a_13 = { 558bec83ec10ff750c8d4df0e89cbfff } | |
| $a_14 = { 558beca1c826510033051c534100ff75 } | |
| $a_15 = { 558beca1c026510033051c5341007407 } | |
| $a_16 = { 558bec8b550c8b0d98f14000568b7508 } | |
| $a_17 = { 558bec8b4508a3006741005dc3558bec } | |
| $a_18 = { 558beca1d026510033051c534100740d } | |
| $a_19 = { 558bec8b450c5683f80175358b750868 } | |
| $a_20 = { 558bec568b750c56e83f08000083c404 } | |
| $a_21 = { 558bec535657556a006a0068f8914000 } | |
| $a_22 = { 558bec51a1d061410083f8fe750ae82e } | |
| $a_23 = { 558bec8b4d0833c03b0cc51050410074 } | |
| $a_24 = { 558bec83ec30a11c53410033c58945fc } | |
| $a_25 = { 558bec8b4508a3d86341005dc3cccccc } | |
| $a_26 = { 558bec81ec28030000a11c53410033c5 } | |
| $a_27 = { 558beca13027510033051c534100741b } | |
| $a_28 = { 558bec51a11c53410033c58945fc8b4d } | |
| $a_29 = { 558bec83ec10ff75088d4df0e84dcaff } | |
| $a_30 = { 558becff35dc634100ff1594e0400085 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Hostil_f32255727e7a4b1da9f2654c3f308bce9197c19f44571d3dcb3cd87b1854717c { | |
| strings: | |
| $a_2 = { 558b362c141ecb47158b48fc3c19eece } | |
| $a_3 = { 558b6d981495a6ca3365cf12fec4965b } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Hostposer_fecff8ccaa14d132bd54ece561f36c69720621b0cd108044b1bef6829fe0d14c { | |
| strings: | |
| $a_2 = { 558bec83ec14686615400064a1000000 } | |
| $a_3 = { 558bec83e4f883ec0c53568b750c5766 } | |
| $a_4 = { 558bec83e4f883ec1053558b2d401140 } | |
| $a_5 = { 558bec83ec18686615400064a1000000 } | |
| $a_6 = { 558bec83ec0c686615400064a1000000 } | |
| $a_7 = { 558bec83ec08686615400064a1000000 } | |
| condition: | |
| 6 of them | |
| } | |
| rule BackdoorWin32Htbot_a92420d4d7a41ee90f7639eca674c70a1c60dbeaf4c995796ba9bf29c90ef43b { | |
| strings: | |
| $a_2 = { 558bec8b0da00303038a0184c074393c } | |
| $a_3 = { 558bec81eccc010000a100e4020333c5 } | |
| $a_4 = { 558bec56e80afbfeff8b55088bf06a00 } | |
| $a_5 = { 558bec85d274078b45088b0089025dc2 } | |
| $a_6 = { 558bec8a45088841048bc1c7014ca602 } | |
| $a_7 = { 558bec8b45085dc3c3558bec833d8c54 } | |
| $a_8 = { 558becff750ce8200700005985c0b9dc } | |
| $a_9 = { 558bec568bf1e8a4230000f645080174 } | |
| $a_10 = { 558bec83ec18e8f62effff85c0745768 } | |
| $a_11 = { 558bec83ec408d4dc0ff7508e853c9fe } | |
| $a_12 = { 558bec83ec188b0da0030303ba0000ff } | |
| $a_13 = { 558bec837d08007515e816f9ffffc700 } | |
| $a_14 = { 558becff7508ff155051020350ff154c } | |
| $a_15 = { 558bec51833d2404030300570f858c00 } | |
| $a_16 = { 558bec8b4508a3fc0103035dc3558bec } | |
| $a_17 = { 558bec56ff75088bf1e879250000c706 } | |
| $a_18 = { 558beca1b003030383ec245356be0020 } | |
| $a_19 = { 558beca1c0100303330500e402037408 } | |
| $a_20 = { 558bec81ece8020000a100e4020333c5 } | |
| $a_21 = { 558bec83ec18a100e4020333c58945fc } | |
| $a_22 = { 558bec83ec106a018d45fcc745fca464 } | |
| $a_23 = { 558bec6a08ff7508e8e091000059595d } | |
| $a_24 = { 558bec515657e8ed56feff8b75088bf8 } | |
| $a_25 = { 558bec5151a100e4020333c58945fc8b } | |
| $a_26 = { 558bece8023f00008b809800000085c0 } | |
| $a_27 = { 558bec8b4508c701ac6a02038b008941 } | |
| $a_28 = { 558becff750ce8b20700005985c0b9dc } | |
| $a_29 = { 558bec81ec200300006a17e847b60100 } | |
| $a_30 = { 558bec568bf1c706ac6a0203e8770000 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Hupigon_39d1e51f2567050feca9ee9f8b3b322f07cd719dbd8c9d22045335ef007b750e { | |
| strings: | |
| $a_2 = { 558bec60e804000000000001005b8b1b } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Hupigon_9cbccd5597927c78f95477a1acf8958bdadfad88abedce7802edffdf111d52ef { | |
| strings: | |
| $a_2 = { 558bec83c4f88945fca138084a008078 } | |
| $a_3 = { 558bec33c05568558d480064ff306489 } | |
| $a_4 = { 558bec53568bf28bd88b53708bc6e8d1 } | |
| $a_5 = { 558bec33c05568fd80400064ff306489 } | |
| $a_6 = { 558bea8bf08bc5e889b2fbffbb010000 } | |
| $a_7 = { 558bc3e821f8ffff59eb0c55b864c040 } | |
| $a_8 = { 558bec53568b750883c6fc8b068b5804 } | |
| $a_9 = { 558bec33c05568b6b4420064ff306489 } | |
| $a_10 = { 558bec83c4f8e8c9dffeff8855fb8945 } | |
| $a_11 = { 558bec6a0053568bd833c05568194048 } | |
| $a_12 = { 558bec53518b4d08518b0d2c074a008b } | |
| $a_13 = { 558bec33c0556861f4460064ff306489 } | |
| $a_14 = { 558bec51538945fcb2028b45fce8c2fc } | |
| $a_15 = { 558bec81c45cfeffff538bd8c6430f01 } | |
| $a_16 = { 558bec6a0033c055680603410064ff30 } | |
| $a_17 = { 558becb9480000006a006a004975f953 } | |
| $a_18 = { 558bec33c05568a191480064ff306489 } | |
| $a_19 = { 558bec33c0556815f5420064ff306489 } | |
| $a_20 = { 558bec8b80900000008b55088990b000 } | |
| $a_21 = { 558bf833ed8bc7e80151fcff8bd84b85 } | |
| $a_22 = { 558bec83c4e453568bf28bd8c745fc04 } | |
| $a_23 = { 558bec33c055683589480064ff306489 } | |
| $a_24 = { 558bec515356578945fca1141e4a0085 } | |
| $a_25 = { 558bec83c4f4535657a14c184a008b10 } | |
| $a_26 = { 558bec33c0556860ca420064ff306489 } | |
| $a_27 = { 558bec51535684d2740883c4f0e8f2d6 } | |
| $a_28 = { 558bec83c4f8538945fc8b45fce8b65a } | |
| $a_29 = { 558bec33c0556809b5460064ff306489 } | |
| $a_30 = { 558bec5356578bd88b83f8020000ba60 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Idicaf_d4d62bc4fb2d3de6657e98860ffd919c1fc671e3336c663785f6f3f63ae2360b { | |
| strings: | |
| $a_2 = { 558bec81ec4805000053568d85b8faff } | |
| $a_3 = { 558bec81ec000400008d450c56508d85 } | |
| $a_4 = { 558bec83ec7c53565733ff575757683c } | |
| $a_5 = { 558b6c24188bd52bdd2bcd2bd0565789 } | |
| $a_6 = { 558bec81ec9403000053568b35d86101 } | |
| $a_7 = { 558bec83e4f881ec94010000538b5d18 } | |
| $a_8 = { 558becb80c1b0000e8073801005356ba } | |
| $a_9 = { 558bec81ec30020000535657b9880000 } | |
| $a_10 = { 558bec81ec0c03000080a5f4fcffff00 } | |
| $a_11 = { 558bec81ec4805000053568b75085756 } | |
| $a_12 = { 558bec81ec2805000080a5d8faffff00 } | |
| $a_13 = { 558bec81ec3c01000053568d45e05750 } | |
| $a_14 = { 558bec81ec0401000056be0401000056 } | |
| $a_15 = { 558bec56578b7d0868e841091057e88f } | |
| $a_16 = { 558bec81ec2801000056576a006a02e8 } | |
| $a_17 = { 558bec83ec1c53568bf133db57395e24 } | |
| $a_18 = { 558b6c241856578b7c24142bfb2bd82b } | |
| $a_19 = { 558bec83ec4c535633db57538d45b46a } | |
| $a_20 = { 558bec81ec0801000080a5f8feffff00 } | |
| $a_21 = { 558bec6aff688064011068d258011064 } | |
| $a_22 = { 558bec83ec1c8d45fc57506a2833ffff } | |
| $a_23 = { 558bec81ec6c0300006a008d8594fcff } | |
| $a_24 = { 558bec81ec540800005633f6568d85ac } | |
| $a_25 = { 558bec81ecb001000053566824400910 } | |
| $a_26 = { 558bec81ec8000000056ff7508e8a85c } | |
| $a_27 = { 558bec81ec2c040000a12890011083c0 } | |
| $a_28 = { 558bec83ec208065e000576a0733c059 } | |
| $a_29 = { 558bec83e4f883ec088b45088b550cdd } | |
| $a_30 = { 558b6c241c8bcf8d5af883c7f8668b45 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32IRCBot_521a7381a6c2b7337362dac5fcea11aa5ceba1ce9c9c442e5bd4188e2300d551 { | |
| strings: | |
| $a_2 = { 558bec33c066a16041400033c9668b0d } | |
| $a_3 = { 558bec83ec08682c4140008b450825ff } | |
| $a_4 = { 558bec81ec2403000057b91100000033 } | |
| $a_5 = { 558bec518b4518508b4d14518d551052 } | |
| $a_6 = { 558bc0fcf7d0f6d618eefce95cf70100 } | |
| $a_7 = { 558bb72de51bbb619f6c8fa6925a5c85 } | |
| $a_8 = { 558bec576a006a006a006a006a006a00 } | |
| $a_9 = { 558bec83ec0856578b7d0883c9ff33c0 } | |
| $a_10 = { 558bec66c70572414000000066c70574 } | |
| $a_11 = { 558bec83ec548b45088945d88b4dd889 } | |
| $a_12 = { 558bec83ec0c681c414000e880fcffff } | |
| $a_13 = { 558bec8b45080fbe08c1e1088b55080f } | |
| $a_14 = { 558bec81ec3c0100005657e8f0faffff } | |
| $a_15 = { 558bec6aff6830314000688024400064 } | |
| $a_16 = { 558bec83ec0856578b450c50e8f70d00 } | |
| condition: | |
| 13 of them | |
| } | |
| rule BackdoorWin32Iroffer_b01d2429bd38e42dcb43dcc32003f73fecddb074ce1750b914494c7e2a0338ae { | |
| strings: | |
| $a_2 = { 5589e557565381ec9c000000c7442408 } | |
| $a_3 = { 5589e55383ec148b5d08c74424083a01 } | |
| $a_4 = { 5589e581eca80200008975f88b750889 } | |
| $a_5 = { 5589e557565383ec1c8b7d108b75088b } | |
| $a_6 = { 5589e557565383ec5cc7442408da0300 } | |
| $a_7 = { 5589e557565383ec1c8b7d0c8b7508c7 } | |
| $a_8 = { 5589e5565383ec108b7508c7442408a4 } | |
| $a_9 = { 5589e557565383ec3cc7442408c10700 } | |
| $a_10 = { 5589e55de9e7f8020090909090909090 } | |
| $a_11 = { 5589e583ec18c74424082a050000c744 } | |
| $a_12 = { 5589e583ec18c7442408a9020000c744 } | |
| $a_13 = { 5589e583ec08a10030430085c07401cc } | |
| $a_14 = { 5589e583ec18c744240832050000c744 } | |
| $a_15 = { 5589e557565383ec2cc7442408b40200 } | |
| $a_16 = { 5589e583ec68c744240858050000895d } | |
| $a_17 = { 5589e557565383ec1c8b7d08c7442408 } | |
| $a_18 = { 5589e557565383ec6cc7442408e10100 } | |
| $a_19 = { 5589e557565383ec2c8b5d0cc7442408 } | |
| $a_20 = { 5589e557565383ec2cc7442408ab0100 } | |
| $a_21 = { 5589e583ec18c744240ce5050000895d } | |
| $a_22 = { 5589e583ec18895dfc8b5d08c7442408 } | |
| $a_23 = { 5589e557565383ec1cc744240c2e0800 } | |
| condition: | |
| 18 of them | |
| } | |
| rule BackdoorWin32Jadow_af4324b1f4779a5218312583297af71b863ef6ba0426f1db152425fdd083838a { | |
| strings: | |
| $a_2 = { 558bec83ec10ff75088d4df0e8467eff } | |
| $a_3 = { 558bec535657556a006a006848bb4000 } | |
| $a_4 = { 558bec8b4508a364694100a368694100 } | |
| $a_5 = { 558bec81eca4010000a11441410033c5 } | |
| $a_6 = { 558bec56fc8b750c8b4e0833cee8b8fc } | |
| $a_7 = { 558bec6884084100ff15e800410085c0 } | |
| $a_8 = { 558bec83ec10a11441410033c58945fc } | |
| $a_9 = { 558bec565733f6ff750cff7508e8ae38 } | |
| $a_10 = { 558bec56ff75088bf1e8aa460000c706 } | |
| $a_11 = { 558becb808140000e8730a0000a11441 } | |
| $a_12 = { 558bec83ec74a11441410033c58945fc } | |
| $a_13 = { 558bec8b450883f8fe750fe8e0c4ffff } | |
| $a_14 = { 558bec83ec0853568bf05733c08d4900 } | |
| $a_15 = { 558bec6a0a6a00ff7508e80c3b000083 } | |
| $a_16 = { 558bec83ec185356ff750c8d4de8e8c6 } | |
| $a_17 = { 558bec83ec0c5333db5657391d0c6b41 } | |
| $a_18 = { 558bec8b4d08e8d5e8ffff33c05dc204 } | |
| $a_19 = { 558bec83ec4c568d45b450ff15180041 } | |
| $a_20 = { 558bec833d8007410000741968800741 } | |
| $a_21 = { 558bec83ec0c85ff750ae80d0f0000e8 } | |
| $a_22 = { 558bec83ec18a1144141008365e8008d } | |
| $a_23 = { 558bec33c08b4d083b0cc52011410074 } | |
| $a_24 = { 558bec83ec30a11441410033c58945fc } | |
| $a_25 = { 558becb8e41a0000e8fa8bffffa11441 } | |
| $a_26 = { 558becff35885c4100ff15b400410085 } | |
| $a_27 = { 558bec83ec1056ff750c8d4df0e824ed } | |
| $a_28 = { 558bec83ec20a11441410033c58945fc } | |
| $a_29 = { 558bec33c0a380544100a384544100a3 } | |
| $a_30 = { 558bec83ec10a1144141008365f80083 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Jedobot_b7a9bf36b2c68c862d9ddc072265a882ee5f8d52bb657207437fa1c85fa5d045 { | |
| strings: | |
| $a_2 = { 558b646435f5be16185aa94e68ec207b } | |
| $a_3 = { 558b6a56c852939e6277408c36f6e3fa } | |
| $a_4 = { 558b46d27e398cee9846ee344f557672 } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorWin32Jepesroot_ec3a37a635c8ccd6c80c725f3808e21352872184fe4e9b1b96b4b6ed379fc85d { | |
| strings: | |
| $a_2 = { 558bec535657e89f79ffff83b80c0200 } | |
| $a_3 = { 558bec568b750885f67515e88bb6ffff } | |
| $a_4 = { 558bece87286ffff8b8098000000eb0a } | |
| $a_5 = { 558bec83ec10ff750c8d4df0e82d6fff } | |
| $a_6 = { 558bec83e4f86aff685b09410064a100 } | |
| $a_7 = { 558bec83ec1853ff75108d4de8e87a71 } | |
| $a_8 = { 558bec8b450833c93b04cd6850410074 } | |
| $a_9 = { 558bec8b4508568d34c570594100833e } | |
| $a_10 = { 558bec83ec34a15c50410033c58945fc } | |
| $a_11 = { 558bec56ff75088bf1e870160000c706 } | |
| $a_12 = { 558bec81ec80000000a15c50410033c5 } | |
| $a_13 = { 558bec568b750856e8ad2700005983f8 } | |
| $a_14 = { 558bec83ec10eb0dff7508e8bf170000 } | |
| $a_15 = { 558bec8b450885c07515e807c2ffffc7 } | |
| $a_16 = { 558b3383c304899dd8fdffffe8a26000 } | |
| $a_17 = { 558bec51568bf0807e30007413668b45 } | |
| $a_18 = { 558bec8b4508565785c078593b052c7e } | |
| $a_19 = { 558bec83ec1056578bf8b8185f41008d } | |
| $a_20 = { 558bec83ec20a15c50410033c58945fc } | |
| $a_21 = { 558bec8b45088b0dbc21410056395004 } | |
| $a_22 = { 558bec83e4f881eca4060000a15c5041 } | |
| $a_23 = { 558bec565768162700008bf0e8610700 } | |
| $a_24 = { 558bec51833d105f4100fe7505e8f415 } | |
| $a_25 = { 558bec83ec0c85ff750ae86dc7ffffe8 } | |
| $a_26 = { 558becff05507841006800100000e87c } | |
| $a_27 = { 558bec535657556a006a0068f8eb4000 } | |
| $a_28 = { 558bec53568bd8578d730156e8012700 } | |
| $a_29 = { 558bec83ec4c568d45b450ff15b81041 } | |
| $a_30 = { 558bec83ec10ff75088d4df0e89976ff } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Joanap_39f8530710263cc196e3dab289ca720f62ca1df6c1e87d4e61bddcf427546204 { | |
| strings: | |
| $a_2 = { 558b6cbfa3468db9ede31c8b75308b5d } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Jukbot_547446340464d564aff6bbe31b51ffb976495be871a8eaedccaba5ca0c23b532 { | |
| strings: | |
| $a_2 = { 558bec6aff68001a4000684047400064 } | |
| $a_3 = { 558bec81ec280100005633f657566a02 } | |
| $a_4 = { 558bec81ece006000053565768bc1340 } | |
| $a_5 = { 558bec81ec08010000576a405933c08d } | |
| $a_6 = { 558bec81ec1401000080a5ecfeffff00 } | |
| $a_7 = { 558bec83ec3453576860e31600ff15dc } | |
| $a_8 = { 558b6c240c5633f6578b3db010400083 } | |
| $a_9 = { 558bec81ec600300005356be04010000 } | |
| $a_10 = { 558bec6aff68101a4000684047400064 } | |
| $a_11 = { 558bec81ecac040000535657e8c1ffff } | |
| $a_12 = { 558bec83ec2856576a06be4819400059 } | |
| $a_13 = { 558bec83ec68806598005356576a1833 } | |
| $a_14 = { 558bec81ec5408000080a5e4feffff00 } | |
| $a_15 = { 558bec81ecac04000053568b35d41040 } | |
| $a_16 = { 558bec81ec34060000538d45d45750c7 } | |
| $a_17 = { 558bec81ec68040000535657e8aff4ff } | |
| $a_18 = { 558bec81ecc80400008b450856689814 } | |
| $a_19 = { 558bec81ec5c0200005356578d450c68 } | |
| $a_20 = { 558b6c24105685c08bf57624578bf88b } | |
| condition: | |
| 16 of them | |
| } | |
| rule BackdoorWin32Jupdate_04d34304a9aba0e035eef0d9cf4a3e36e818c7573a28966b198df81307061df0 { | |
| strings: | |
| $a_2 = { 558b7424147c6600f2d018fc1e83c604 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Kanav_636e00c168565de17d581cbd9446afa952a35d7b1ef2b89c91b5b5d47dba94cc { | |
| strings: | |
| $a_2 = { 558bec56578bf468e08240008bfc68f4 } | |
| $a_3 = { 558bec51833d8cae40000053751d8b45 } | |
| $a_4 = { 558bec51515333db391d0cb240005657 } | |
| $a_5 = { 558bec56578bf468048440008bfc680c } | |
| $a_6 = { 558bec56578bf468048340008bfc6814 } | |
| $a_7 = { 558bece8090000003bece8491b00005d } | |
| $a_8 = { 558bec568bf46a006a0168f8864000ff } | |
| $a_9 = { 558bec56578bf4689c8340008bfc68ac } | |
| $a_10 = { 558bec568bf4680401000068f4ab4000 } | |
| $a_11 = { 558bec81ec6003000056578dbda0fcff } | |
| $a_12 = { 558bece8090000003bece80a1b00005d } | |
| $a_13 = { 558bece8090000003bece8e11800005d } | |
| $a_14 = { 558bec56578bf468a48240008bfc68b4 } | |
| $a_15 = { 558bece8090000003bece81d1a00005d } | |
| $a_16 = { 558bec5153568b359c8a400057837e10 } | |
| $a_17 = { 558bece8090000003bece8301900005d } | |
| $a_18 = { 558bec81ec1001000056578dbdf0feff } | |
| $a_19 = { 558bec56578bf4687c8340008bfc688c } | |
| $a_20 = { 558bec56578bf468608340008bfc6870 } | |
| $a_21 = { 558bec56578bf468408340008bfc6854 } | |
| $a_22 = { 558bece8090000003bece8f41700005d } | |
| $a_23 = { 558bec515153568b35b8aa4000578b56 } | |
| $a_24 = { 558bec6aff688074400068103f400064 } | |
| $a_25 = { 558bec81ec0408000056578dbdfcf7ff } | |
| $a_26 = { 558bece8090000003bece8bb1a00005d } | |
| $a_27 = { 558bec56578bf468c48240008bfc68d0 } | |
| $a_28 = { 558bece8090000003bece8a51700005d } | |
| $a_29 = { 558bece8090000003bece87f1900005d } | |
| $a_30 = { 558bece8090000003bece8431800005d } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Kasidet_02fdd43ffe4ce50a3238bfb79577e69d9a10dcfaef49eeeb4fe377fae61cf216 { | |
| strings: | |
| $a_2 = { 558bec535657837d0800740c837d0c00 } | |
| $a_3 = { 558bec81ec50010000a15053410033c5 } | |
| $a_4 = { 558bec83ec40a15053410033c58945f0 } | |
| $a_5 = { 558bec83ec20a15053410033c58945f0 } | |
| $a_6 = { 558bec83ec4c33c056c645d8e88945d9 } | |
| $a_7 = { 558bec8b450c508b4d0851e892910000 } | |
| $a_8 = { 558bec83ec086a008b450850e83d0a00 } | |
| $a_9 = { 558bec51837d10057e188b45088945fc } | |
| $a_10 = { 558bec8b4514508b4d1083c12c51ff15 } | |
| $a_11 = { 558bec51837d080074138b45080fb708 } | |
| $a_12 = { 558bec81ecc0000000a15053410033c5 } | |
| $a_13 = { 558bec81ec30020000a15053410033c5 } | |
| $a_14 = { 558bec81ec9c010000a15053410033c5 } | |
| $a_15 = { 558bec83ec30568bf08d45d050ff153c } | |
| $a_16 = { 558bec8a0284c0740c3c9074083ccc74 } | |
| $a_17 = { 558bec81ec30080000a15053410033c5 } | |
| $a_18 = { 558bec83ec1c837d18320f8e71010000 } | |
| $a_19 = { 558bec83ec088b4508506a006a38ff15 } | |
| $a_20 = { 558bec81ec7c040000a15053410033c5 } | |
| $a_21 = { 558bec81ec20040000a15053410033c5 } | |
| $a_22 = { 558bec81ec4c010000a15053410033c5 } | |
| $a_23 = { 558bec83ec18ff151c02410050ff1520 } | |
| $a_24 = { 558bec83ec28c745e8661f4100a12c53 } | |
| $a_25 = { 558bec5156c745fc00000000eb098b45 } | |
| $a_26 = { 558bec51c745fc000000006a008d45fc } | |
| $a_27 = { 558bec81ec28030000a348624100890d } | |
| $a_28 = { 558bec83ec08c645ff006a508b450850 } | |
| $a_29 = { 558bec83ec18c645e800c645e900c645 } | |
| $a_30 = { 558bec83ec248b450850e811e9ffff83 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Kazakiwhale_c069ede2ec84f2eec9626e6e54461a022f65e5ee939332ae5019a3653754d421 { | |
| strings: | |
| $a_2 = { 558bf183ee04c706aebee01e2bf38935 } | |
| $a_3 = { 558b77f1509446200dba55ef9f5c1e02 } | |
| $a_4 = { 558b44550bd40b47a22a1ba60b6c1195 } | |
| $a_5 = { 558b779177b1675c0c3deb3779a83a18 } | |
| $a_6 = { 558befff40340b3800cb79ba34ef2803 } | |
| $a_7 = { 558b3b65ac0f21a90b3971eb228d75ac } | |
| $a_8 = { 558b5967626d16cb80595fb51c6f0a04 } | |
| $a_9 = { 558bec531bb099701020ee7665507560 } | |
| $a_10 = { 558be88db5101d3cf1ab484e83c60481 } | |
| condition: | |
| 8 of them | |
| } | |
| rule BackdoorWin32Kbotrep_bb59482439115aed19a925e1ebab1482fd3fd26790e068ef96433f8ab6ed8f62 { | |
| strings: | |
| $a_2 = { 558bec83ec10565733c08d7df2ab6a02 } | |
| $a_3 = { 558bec83ec3c5356578bc18955f033c9 } | |
| $a_4 = { 558bec51518d45f850ff15d430f6008b } | |
| $a_5 = { 558bec83ec0c8d45f4508d45fc506a00 } | |
| $a_6 = { 558bec83ec105657680001000033ff8d } | |
| $a_7 = { 558bec53578bf98bdaf7477c00080000 } | |
| $a_8 = { 558b54ef048bc28b1cef8bcbc1e81888 } | |
| $a_9 = { 558bec51510f57c0660f1345f86a33e8 } | |
| $a_10 = { 558bec83ec388b45088b4d0803483c89 } | |
| $a_11 = { 558bec81ecd0020000a100d0f60033c5 } | |
| $a_12 = { 558bec51515633c08bf1506a02505050 } | |
| $a_13 = { 558bec83ec1853565733c08bfa6a1050 } | |
| $a_14 = { 558bec83ec0c53568d45f88955fc8b55 } | |
| $a_15 = { 558bec81ec10040000a100d0f60033c5 } | |
| $a_16 = { 558bec83ec20538b5d0c6aff0fb70350 } | |
| $a_17 = { 558bec56578b7d088b7734c1e605568d } | |
| $a_18 = { 558bec83e4f881ecf40200008b4d108d } | |
| $a_19 = { 558bec83ec28a100d0f60033c58945fc } | |
| $a_20 = { 558bec83ec40a100d0f60033c58945f8 } | |
| $a_21 = { 558bec83ec4853568b35f433f60033c0 } | |
| $a_22 = { 558bec83ec445356578bf933db895df8 } | |
| $a_23 = { 558bec837d0c017505e8081100005de9 } | |
| $a_24 = { 558becc0e10683fa097728ff24959a2f } | |
| $a_25 = { 558b6c24248a015633f62174241c8845 } | |
| $a_26 = { 558bec53568bf28bd9e872f8ffff85c0 } | |
| $a_27 = { 558bec83ec148d45fc535657508d45f4 } | |
| $a_28 = { 558bec83ec14538b5d1c894df433c956 } | |
| $a_29 = { 558bec51518b4d088bc18b550c0bc256 } | |
| $a_30 = { 558bec83ec188b45088b4d0803483c89 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Kirts_8f0c928d0e43da353614b16d65c2c5972d81516fbdf1e590d15736a61f703fa6 { | |
| strings: | |
| $a_2 = { 558b676b56879a65b7b889d7a375838d } | |
| $a_3 = { 558b6159b8883666a56888687e164834 } | |
| $a_4 = { 558b0b3637387e8d47e5b488861a95c5 } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorWin32Kitpolap_8cbbb24a0c515923293e9ff53ea9967be7847c7f559c8b79b258d19da245e321 { | |
| strings: | |
| $a_2 = { 558bc2eac1587eef4b11a9df5e7bed0d } | |
| $a_3 = { 558be366bd91afa1970f29415f5288ab } | |
| $a_4 = { 558b4de1c4164d5d364934437ab87e77 } | |
| $a_5 = { 558bc7bb79d554f84a8c0ddfbc921025 } | |
| $a_6 = { 558b3225a35ae4d1c46a711e1e9d41fe } | |
| $a_7 = { 558b1257dad989cd65ca0a6515acc41a } | |
| $a_8 = { 558b3710590c402ce483cf8128b49e18 } | |
| $a_9 = { 558b49f5e7ee16c7d79f83adfe29f42f } | |
| $a_10 = { 558bc4b5a8170ddbd6ceea578ed1a734 } | |
| $a_11 = { 558b383ffbdd6e1025c739bc2d61c789 } | |
| $a_12 = { 558b2fa8d4cd869534b39f8bf67e0bd4 } | |
| $a_13 = { 558b2a553d5c6d545fab5e014ef9499b } | |
| $a_14 = { 558b16dad92b7cab56adeaf4cfffe296 } | |
| $a_15 = { 558b390e85ae2c2b06ed5e8f2eb5a070 } | |
| $a_16 = { 558b462089412405e6ad849aaf98963f } | |
| $a_17 = { 558b548ff51c79db18cff2b5f672d183 } | |
| $a_18 = { 558b178b45722f272ec4d7b50dbd0302 } | |
| $a_19 = { 558b6ce96c4b97a1f534da6db824c5a0 } | |
| $a_20 = { 558b3c58b183eac235bfab4a68ac79f5 } | |
| $a_21 = { 558bc7d0cc5332b54b0dee1ed26423bc } | |
| $a_22 = { 558b5abd69b94e844acf5cdebacee8ad } | |
| $a_23 = { 558b51ed28a81d7b424023e88f1f82cf } | |
| $a_24 = { 558ba21f889e1ffd49f4d9e86bd1b7a2 } | |
| condition: | |
| 19 of them | |
| } | |
| rule BackdoorWin32Kluch_f762bd93bd36e0d8ee7cc9d9a7926c3a21d37b1c76217427947fb86213affae7 { | |
| strings: | |
| $a_2 = { 558bec51a1540904108065fe005633f6 } | |
| $a_3 = { 558becb804010000e893860000535657 } | |
| $a_4 = { 558bec81ec240600005356578d85e4fb } | |
| $a_5 = { 558bec81ec00010000565733ff57ff75 } | |
| $a_6 = { 558bec81ec4c080000a1540904105356 } | |
| $a_7 = { 558bec81ec14020000568d85f0feffff } | |
| $a_8 = { 558bec81ec100200005356bed48f0410 } | |
| $a_9 = { 558bec81ec0001000056578b7d0cbe00 } | |
| $a_10 = { 558bec83ec0c56576a015f6a146a4089 } | |
| $a_11 = { 558bec8b4d0c5356578b7d0833d233db } | |
| $a_12 = { 558bec81ec880800008d45fc50ff159c } | |
| $a_13 = { 558bec83ec74a1fc2b05105333db563b } | |
| $a_14 = { 558bec83ec545356576a105933c08d7d } | |
| $a_15 = { 558bec518365fc0081c1c8010000518b } | |
| $a_16 = { 558bec5151568d45f8578365f800508d } | |
| $a_17 = { 558bec5633f6ff356c080410ff152871 } | |
| $a_18 = { 558becb824130000e8e9c9000053568d } | |
| $a_19 = { 558becb800480000e89d050000538b5d } | |
| $a_20 = { 558bec83ec345356ff35c4080410ff15 } | |
| $a_21 = { 558bec83ec0c8d45f88365fc008365f8 } | |
| $a_22 = { 558bec81ec800000005657ff750833ff } | |
| $a_23 = { 558bec6aff6820e4021068d04b021064 } | |
| $a_24 = { 558bec81ec180300008365f4005356be } | |
| $a_25 = { 558bec81ec00020000576a7f33d25933 } | |
| $a_26 = { 558bec568b7510ff751c8d4510897510 } | |
| $a_27 = { 558b28894c2420568b701033c0578dba } | |
| $a_28 = { 558bec83ec2c568d4de86a1133c0518d } | |
| $a_29 = { 558bec81ec44020000566a00e89f0000 } | |
| $a_30 = { 558bec83ec1c57ff15d07002108bf885 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Knockex_1e20ee65450e511a9e0fa1a75f57a70b5b50d3ba0d4e3d0f824643ca0cfbfff8 { | |
| strings: | |
| $a_2 = { 558bec83ec6056ff15001040008bf08a } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Koceg_3673e373f602fa1b015fc5f98553338b858a0b20cf21e0e3518e50b2960955bb { | |
| strings: | |
| $a_2 = { 558b597923458addb5bb35d5127da646 } | |
| $a_3 = { 558b45ec73a253b9d2b86f6f9dec089d } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Konny_39bc918f0080603ac80fe1ec2edfd3099a88dc04322106735bc08188838b2635 { | |
| strings: | |
| $a_2 = { 558bec83ec0c5333db5657391daca840 } | |
| $a_3 = { 558bec83ec0c5356ff15746040008bd8 } | |
| $a_4 = { 558becff353ca74000ff155c60400085 } | |
| $a_5 = { 558bec8b4508ff34c560904000ff15c0 } | |
| $a_6 = { 558bec81ec10050000a10490400033c5 } | |
| $a_7 = { 558bec5356576a0052682643400051e8 } | |
| $a_8 = { 558bec833db0a8400000741968b0a840 } | |
| $a_9 = { 558bec5153568b355c60400057ff35a8 } | |
| $a_10 = { 558bec833d289b4000017505e8a30700 } | |
| $a_11 = { 558bec535657556a006a0068d8514000 } | |
| $a_12 = { 558bec53568b3598604000578b7d0857 } | |
| $a_13 = { 558bec6874614000ff155460400085c0 } | |
| $a_14 = { 558bec83ec4c568d45b450ff15386040 } | |
| $a_15 = { 558bec6afe68007b4000685026400064 } | |
| $a_16 = { 558bec56e82f0900008bf085f60f8432 } | |
| condition: | |
| 13 of them | |
| } | |
| rule BackdoorWin32Konus_6d29de75743876246f111e93e348187b79f2620100013ba33406e7d6d55af516 { | |
| strings: | |
| $a_2 = { 558bf5ff37f32514e3b2d3b26b8d0c46 } | |
| $a_3 = { 558b848cfa9d1d3631c771b540db6d78 } | |
| $a_4 = { 558ba60fa0febc3173fa4b19c3910548 } | |
| $a_5 = { 558bec83ec0c68a610400064a1000000 } | |
| $a_6 = { 558b7cca4c2e3576e5cf9427e1890e46 } | |
| $a_7 = { 558b685ebe61c5b6e1d7152de1e6b903 } | |
| $a_8 = { 558b7a777a2892cdcf0af03abb9e796d } | |
| $a_9 = { 558b7def77ad9eac478129309aa3cd3c } | |
| condition: | |
| 7 of them | |
| } | |
| rule BackdoorWin32Korplug_8b956a5abe394d4bfde0dcb8189d6597ab89c3328285d7d5735c0ed59e2c01f9 { | |
| strings: | |
| $a_2 = { 558bec8b4508a3043000108b450c83e8 } | |
| $a_3 = { 558bec83ec188d45e850ff1520200010 } | |
| $a_4 = { 558bec83ec10535657bf00100000576a } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorWin32Kreen_3b71f0742d34c16c950c8a30678dc46325638cba7d2f993a37d1869c8aacfc0e { | |
| strings: | |
| $a_2 = { 558bec83ec14538bd88b431056578bf9 } | |
| $a_3 = { 558bec83ec108b45088b550c8b4d1089 } | |
| $a_4 = { 558bec81ecd4010000a1c032071033c5 } | |
| $a_5 = { 558bec518b0b8d45fc5051e8d02d0100 } | |
| $a_6 = { 558bec568b7508b8403007103bf07222 } | |
| $a_7 = { 558bec8b4508a3081a0810a30c1a0810 } | |
| $a_8 = { 558becb8010000008b4d085de9bfffff } | |
| $a_9 = { 558bec33c083ec08390514470710745e } | |
| $a_10 = { 558bec83ec1453568b7508578b7e0480 } | |
| $a_11 = { 558bec578b7d0c85ff7436538b5d0856 } | |
| $a_12 = { 558bec8b45088b550c8b0852508b411c } | |
| $a_13 = { 558bec83ec0c568b75080fb746068d44 } | |
| $a_14 = { 558bec5133c038461275593946187654 } | |
| $a_15 = { 558bec8b450885c074148b481485c974 } | |
| $a_16 = { 558bec8b450c568b750885c07e068986 } | |
| $a_17 = { 558bec837d0800741c50e88140010083 } | |
| $a_18 = { 558bec56e887a7ffff8b7508c7462400 } | |
| $a_19 = { 558bec568b75080fb74e1cf7c1002000 } | |
| $a_20 = { 558bec85c07413f6400304740d508b45 } | |
| $a_21 = { 558bec83ec10578bf88b473c8a0f8b57 } | |
| $a_22 = { 558bec83ec10a1c032071033c58945fc } | |
| $a_23 = { 558bec8b450880b8830000000074088b } | |
| $a_24 = { 558bec83ec10568bf0817e44a30df2bd } | |
| $a_25 = { 558bec568b75088b464c50e8b070feff } | |
| $a_26 = { 558bec5356578bf88d47ff8bf183f807 } | |
| $a_27 = { 558bec568b75108b0650e8219dfeff83 } | |
| $a_28 = { 558bec53568b75088b464c5750e82e46 } | |
| $a_29 = { 558bec535657e8a408fbff83b80c0200 } | |
| $a_30 = { 558bec8b4508538b18578b7d0c85ff75 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Kriskynote_8d5adfb3266501115f8ce3515a429a3a88d7aa5bcc292a385a0b92fb37891c96 { | |
| strings: | |
| $a_2 = { 558bd32bd54863ca85d27e17498d4434 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Lecna_cd94e01fd576a55487c56eb6d736daa1ad046dadb6e94c1871b535188ccc3193 { | |
| strings: | |
| $a_2 = { 558ba8764aa5bfafdab4fbfa2cb4e826 } | |
| $a_3 = { 558bb695cca3d55c0a42801f5046782c } | |
| $a_4 = { 558b7564d13332fcacbfddfe1ad6b7d6 } | |
| $a_5 = { 558bec8b450885c075025dc3833da08a } | |
| $a_6 = { 558b2d3c70400056578d7424188bfe83 } | |
| $a_7 = { 558b70811e46aa9e985891bbbdb1c746 } | |
| $a_8 = { 558b18626059054ab13f0c4c0a151b5c } | |
| $a_9 = { 558b5cf7fe70fc126f463bd0e2f48be5 } | |
| $a_10 = { 558b4b6d3c436e0a355f6fa7944dc957 } | |
| $a_11 = { 558bde576644af4677bd041d5b2fbb4d } | |
| $a_12 = { 558b4c325453888af765025c4bb1515b } | |
| $a_13 = { 558ba09b76b0100a7aeca84799e49d6d } | |
| $a_14 = { 558bb910c91aa77ceba3558ce6716583 } | |
| $a_15 = { 558bec51515333db391da89f40005657 } | |
| $a_16 = { 558b2bed24236e4aed3183a4946bc991 } | |
| $a_17 = { 558bec6aff6810714000686046400064 } | |
| $a_18 = { 558bccee88151894a4ddcd732f882c88 } | |
| $a_19 = { 558b25ce842d22c2ec0cc1e84a3a94a3 } | |
| $a_20 = { 558ba606a2e65056e92a3a6efdff2ffb } | |
| $a_21 = { 558b3b83e79c004a755f6a6c24adc957 } | |
| $a_22 = { 558b29b56276c1c732932d01cb66b921 } | |
| $a_23 = { 558bec6aff68a0744000686046400064 } | |
| $a_24 = { 558b0fea869570f787f679cad5e39547 } | |
| $a_25 = { 558b15a57cdd9b77ec4c532942e78cc3 } | |
| $a_26 = { 558ba8489ca299dcbaf43ad2df587ba7 } | |
| $a_27 = { 558bc18bf1c1f80583e61f8d3c85a09e } | |
| $a_28 = { 558b3bba3ca26e0b0d637747946dc964 } | |
| $a_29 = { 558b3bb93ca26e4a14c9662d2ceb8961 } | |
| $a_30 = { 558bec83ec0c53568b7508573b35a09f } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Likseput_91626e9f8b966ce4b81a88d961cc02188c10021894a70de8e549b2af946cd95e { | |
| strings: | |
| $a_2 = { 558bec83ec28ff1584304000a9000000 } | |
| $a_3 = { 558bec81ec70020000837d0cff535657 } | |
| $a_4 = { 558bec83ec205333db391df847400056 } | |
| $a_5 = { 558bec81ec600200005733ff397d1089 } | |
| $a_6 = { 558bec81ec64040000a1f44740005333 } | |
| $a_7 = { 558bec83ec588d45fc5650ff15383040 } | |
| $a_8 = { 558bec83ec4c568bf1837e0c00750733 } | |
| $a_9 = { 558bec568bf1ff750833c08946048946 } | |
| $a_10 = { 558bec6aff6868314000683c2c400064 } | |
| $a_11 = { 558bec83ec0c5333db395d080f84b100 } | |
| $a_12 = { 558bec83ec54535633f6573935f84740 } | |
| $a_13 = { 558bf15555ff761cff15483140003bc5 } | |
| condition: | |
| 10 of them | |
| } | |
| rule BackdoorWin32Liondoor_8eb0a62e7811df521c28dcf40cde643e7ed29909dd2a91cb3e4f414535e35955 { | |
| strings: | |
| $a_2 = { 558bec6aff68b8d94000680c5d400064 } | |
| $a_3 = { 558bec83ec185356576a19e845c5ffff } | |
| $a_4 = { 558bec6aff6870d94000680c5d400064 } | |
| $a_5 = { 558becb804100000e815aaffff535633 } | |
| $a_6 = { 558b6c240c5683fd01570f84a0020000 } | |
| $a_7 = { 558bec51833d146941000053751d8b45 } | |
| $a_8 = { 558bec51515333db391d087e41005657 } | |
| $a_9 = { 558bec6aff6850d24000680c5d400064 } | |
| $a_10 = { 558b2d68d14000c74424141000000068 } | |
| $a_11 = { 558bec6aff6810d24000680c5d4000e9 } | |
| $a_12 = { 558bec5356be746a41005756ff1594d0 } | |
| $a_13 = { 558bec6aff68f0d14000680c5d400064 } | |
| $a_14 = { 558b75e06a09e8140c000059c383f802 } | |
| $a_15 = { 558bac24285100005657e826d0ffff8b } | |
| $a_16 = { 558bec535657556a006a00682c5c4000 } | |
| $a_17 = { 558bec515356e88effffff8bf0ff7650 } | |
| $a_18 = { 558bec6aff68b0d14000680c5d400064 } | |
| $a_19 = { 558bec8b450885c075025dc3833d1469 } | |
| $a_20 = { 558bec5756538b750c8b7d088d050c69 } | |
| $a_21 = { 558bec515153568b35ec684100578b7d } | |
| $a_22 = { 558bec6aff68d0d14000680c5d400064 } | |
| $a_23 = { 558bec6aff6820d24000680c5d400064 } | |
| $a_24 = { 558bec6aff6838d24000680c5d400064 } | |
| $a_25 = { 558bec83ec14a1b86c41008b15bc6c41 } | |
| $a_26 = { 558bec6aff6800d24000680c5d400064 } | |
| $a_27 = { 558bec6aff68c0d14000680c5d400064 } | |
| $a_28 = { 558bc1c1f8058d3c85e06c41008bc183 } | |
| $a_29 = { 558b2d18d14000565733db33f633ff3b } | |
| $a_30 = { 558bec8b450856833c85c0304100008d } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Lisuife_92da1df1f49700e6798adee2efe81e2287ebcd820bbdd60e42e2e6be2c29005b { | |
| strings: | |
| $a_2 = { 558bec83ec405356578b450850e8f01c } | |
| $a_3 = { 558bec81ecfc010000a100f1420033c5 } | |
| $a_4 = { 558bec83ec40535657e862f9ffff6a00 } | |
| $a_5 = { 558bec6aff68188b420064a100000000 } | |
| $a_6 = { 558bec83ec44535657894dfc6810a542 } | |
| $a_7 = { 558becb850200000e8c3cc0100a100f1 } | |
| $a_8 = { 558bec8b4508568d34c560f54200833e } | |
| $a_9 = { 558bec8bc18b4d08c70048aa42008b09 } | |
| $a_10 = { 558bec837d08007515e828d0ffffc700 } | |
| $a_11 = { 558bec83ec48535657894dfc518bcc89 } | |
| $a_12 = { 558bec83ec10a100f142008365f80083 } | |
| $a_13 = { 558bec6aff68288f420064a100000000 } | |
| $a_14 = { 558bec6aff68818f420064a100000000 } | |
| $a_15 = { 558bec6aff68f789420064a100000000 } | |
| $a_16 = { 558bec8b450833c93b04cd28f1420074 } | |
| $a_17 = { 558bec83ec405356578b451050e8ce13 } | |
| $a_18 = { 558bec833da022430000741968a02243 } | |
| $a_19 = { 558bec83ec10ff750c8d4df0e8e8b3ff } | |
| $a_20 = { 558bec83ec1053ff75148d4df0e88287 } | |
| $a_21 = { 558bec83ec1053ff75148d4df0e87873 } | |
| $a_22 = { 558bec81ec1c050000a100f1420033c5 } | |
| $a_23 = { 558becff05400e43006800100000e84a } | |
| $a_24 = { 558bec83ec7c535657894dfc8b450c50 } | |
| $a_25 = { 558bec6aff68508f420064a100000000 } | |
| $a_26 = { 558bec568bf1c70648aa4200e868ffff } | |
| $a_27 = { 558bece84a2200008b4d088948145dc3 } | |
| $a_28 = { 558bec83ec64535657894dfc8b450850 } | |
| $a_29 = { 558bec83ec64a100f1420033c58945fc } | |
| $a_30 = { 558bec83ec60a100f1420033c58945fc } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Liudoor_8f8aa330a79142ab7339e4bde895ecfc2d1fa51dfdcb1a4d6037859b69136f86 { | |
| strings: | |
| $a_2 = { 558be5e0da0e03142fb755292d5d8f9e } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Loops_d7fa2fd7f118d3a0ffe89f0265c7f3693eab4f51ecc07ecf89e5a9d381b8d4ef { | |
| strings: | |
| $a_2 = { 558b6c24205733db8d7d148bc28bcbd3 } | |
| $a_3 = { 558b6c240c56578b45048bd83bd97602 } | |
| $a_4 = { 558bec6aff6868a7400068fa88400064 } | |
| $a_5 = { 558bcec786d0000000f3070000c786cc } | |
| $a_6 = { 558b2d609440005657b95800000033c0 } | |
| $a_7 = { 558b6c242056578b45748b55648b7524 } | |
| $a_8 = { 558bac88540b00008b904814000003c9 } | |
| $a_9 = { 558b6c241c565785d20f84770300008b } | |
| $a_10 = { 558bf08bfae8516e00008b4c24288be8 } | |
| $a_11 = { 558b6c2410568bf1578b7c24208b864c } | |
| condition: | |
| 9 of them | |
| } | |
| rule BackdoorWin32Loselove_573df5180f8447f5927f45ad45e75623d2ad858dea93e6e6dd5c00f880025e1d { | |
| strings: | |
| $a_2 = { 558bec535684d2740883c4f0e85f86f8 } | |
| $a_3 = { 558b55dc2bd68bc6e8b5f6ffff594e47 } | |
| $a_4 = { 558bec83c4f4b8ec824900e800e1f6ff } | |
| $a_5 = { 558bec33c055680da4420064ff306489 } | |
| $a_6 = { 558bec83c4e88d45e850e805e9ffff0f } | |
| $a_7 = { 558bec51535684d2740883c4f0e80659 } | |
| $a_8 = { 558be8a1d4b74900e8c46600008bf04e } | |
| $a_9 = { 558bec51538bd86880b64900e883c5fe } | |
| $a_10 = { 558bec515356578945fc33c055687c29 } | |
| $a_11 = { 558bec51535684d2740883c4f0e8223d } | |
| $a_12 = { 558bceba010000008bc3e8c9b6ffffeb } | |
| $a_13 = { 558bec83c4f48955f88945fca114b649 } | |
| $a_14 = { 558bec6a006a00538bd833c055682d62 } | |
| $a_15 = { 558bec83c4f0a188b74900e84c22feff } | |
| $a_16 = { 558bec6a0033c05568d854410064ff30 } | |
| $a_17 = { 558bec538bd88b4508508bc3e85f14fd } | |
| $a_18 = { 558bec81c4f4f7ffff5333db899df4f7 } | |
| $a_19 = { 558b45fc8b80d8020000e8cefeffff59 } | |
| $a_20 = { 558bec5dc2040090538bd883bb900000 } | |
| $a_21 = { 558bec83c4f853bbd0b74900e8b7aafb } | |
| $a_22 = { 558bec6a00538bd833c0556842394300 } | |
| $a_23 = { 558bd98bf28bf88bcb8bd68bc7e8f37e } | |
| $a_24 = { 558bec6a00538bd833c05568fd0e4100 } | |
| $a_25 = { 558bd88b435c80b80c02000000744c8b } | |
| $a_26 = { 558bec33c05568639f470064ff306489 } | |
| $a_27 = { 558bec51535684d2740883c4f0e8f291 } | |
| $a_28 = { 558bec51535684d2740883c4f0e802cf } | |
| $a_29 = { 558bec51535684d2740883c4f0e8229c } | |
| $a_30 = { 558bec33c05568f912450064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Losfondup_728225b19408e81049f45726268348b63e698b4fa13859fa019f3bf8038dbcdd { | |
| strings: | |
| $a_2 = { 558bec83c4f8e8b9fcfeff8855fb8945 } | |
| $a_3 = { 558becb9290400006a006a004975f951 } | |
| $a_4 = { 558bec81c468feffff535657c705f437 } | |
| $a_5 = { 558bf28bd8eb0853e8a4e9ffff8bd88a } | |
| $a_6 = { 558bec53565733c055688067420064ff } | |
| $a_7 = { 558bece81cfdffff84c074108b450c50 } | |
| $a_8 = { 558bec33c9515151515333c055683b9a } | |
| $a_9 = { 558bec33c05568abaa420064ff306489 } | |
| $a_10 = { 558bec33c055689531430064ff306489 } | |
| $a_11 = { 558bec5356578b7d108b5d08be024000 } | |
| $a_12 = { 558bec33c055685dd6430064ff306489 } | |
| $a_13 = { 558bec33c0556865ae410064ff306489 } | |
| $a_14 = { 558bec33c95151515133c05568b09a42 } | |
| $a_15 = { 558bec33d255682e1b400064ff326489 } | |
| $a_16 = { 558bec33c05568d6c3400064ff306489 } | |
| $a_17 = { 558bec515356578b5d10c745fcffffff } | |
| $a_18 = { 558bec51e8d7b9ffff668945fe8a45fe } | |
| $a_19 = { 558bec33c0556831eb400064ff306489 } | |
| $a_20 = { 558b45a0e80b69ffff508d45a0e8526b } | |
| $a_21 = { 558bec6a00538bd833c0556888b94100 } | |
| $a_22 = { 558becb9880000006a006a004975f953 } | |
| $a_23 = { 558bec83c4f45356578bfa8945fc8b45 } | |
| $a_24 = { 558bec5356578b45085033d2556817f6 } | |
| $a_25 = { 558bec535657a100464400e8c08effff } | |
| $a_26 = { 558bec83c4ec5356576a0050e8d39cff } | |
| $a_27 = { 558bec5356578b5d108bc3c1e810754d } | |
| $a_28 = { 558becb9830000006a006a004975f951 } | |
| $a_29 = { 558bec8b55088b450c8b4d10e86fcefe } | |
| $a_30 = { 558bec81c46cfaffff53565733db899d } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Luder_ed73c7159d68d3753c5e33ba50a10e27c149c094d7887da204dd9b3a6a413bf1 { | |
| strings: | |
| $a_2 = { 558beb8b450c5d03431450ff73205060 } | |
| $a_3 = { 558be9528bd3296a305a5d0f85a7ffff } | |
| $a_4 = { 558bec8b5d0853ff9384000000c9c204 } | |
| $a_5 = { 558beb0375145d528bd68b7a105a508b } | |
| $a_6 = { 558beb8b452c5d0bc00f841000000003 } | |
| $a_7 = { 558beb8b4d105d538bd833c35bf3aa8d } | |
| $a_8 = { 558beb8975205d5e8b430c03431450ff } | |
| $a_9 = { 558beb8b45085d518bcd03c1590fb704 } | |
| $a_10 = { 558bee8b7d105d037b148b6e0c0bed0f } | |
| $a_11 = { 558becc70300000000c7430407000000 } | |
| $a_12 = { 558bec528bd58b5a085a53ff93840000 } | |
| $a_13 = { 558b4350518bcb03411459ffd08d4b78 } | |
| $a_14 = { 558bec538b5314525f528bd32b7a185a } | |
| $a_15 = { 558bec55535657538bdd8b7b0c5b558b } | |
| $a_16 = { 558be8528bd3896a145a5de906000000 } | |
| $a_17 = { 558bec55535657518bcd8b790c598bf7 } | |
| $a_18 = { 558bea03f55d558b4e04518b2e83e908 } | |
| $a_19 = { 558bec538b7508ad8bc88b436c578bf8 } | |
| $a_20 = { 558beb8975205d5e528bd38b420c5a51 } | |
| $a_21 = { 558bec53568bf38b56145e8bfa518bcb } | |
| $a_22 = { 558bec55535657508bc58b780c588bf7 } | |
| $a_23 = { 558bec538b7508ad5059518bcb8b416c } | |
| $a_24 = { 558beb0345145d505f60f3a4615033c0 } | |
| $a_25 = { 558be8568bf3896e085e5d508bc58b78 } | |
| $a_26 = { 558bec538b5314525f568bf32b7e185e } | |
| $a_27 = { 558beb8b55205dad558be88bcd5dad0b } | |
| $a_28 = { 558be88bf55d558beb0375145dad0bc0 } | |
| $a_29 = { 558bec568bf58b5e085e53ff93840000 } | |
| $a_30 = { 558beb8b75285d0bf60f848800000050 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Lukicsel_c28139a922f28cdf9a6ea08fb142c402ad0683d98fbf1f6573fa6485c53de718 { | |
| strings: | |
| $a_2 = { 558bec51568bf068ffff00008bcaa13c } | |
| $a_3 = { 558bec8b450883c00450e8a5bcffff5d } | |
| $a_4 = { 558bec538bd88bc3e8ef68ffff506a00 } | |
| $a_5 = { 558bec33c0556851c2400064ff306489 } | |
| $a_6 = { 558bec83c4f8e8bd45ffff8855fb8945 } | |
| $a_7 = { 558bec83c4c85356578b75088d7ddba5 } | |
| $a_8 = { 558bec6a0033c05568fac9400064ff30 } | |
| $a_9 = { 558bf28bd88bc6e875e2ffff8bf88bc3 } | |
| $a_10 = { 558bec6a00538bd833c055687dd84100 } | |
| $a_11 = { 558bec33c05568f1c3410064ff306489 } | |
| $a_12 = { 558bec51568bf068ffff00008bcaa19c } | |
| $a_13 = { 558bec6a0033c055682ad7400064ff30 } | |
| $a_14 = { 558bec538bd88bc3e82b6cffff506a00 } | |
| $a_15 = { 558bec538bd88bc3e8636cffff506a00 } | |
| $a_16 = { 558bec83c4ec53565733c08945ecb8c0 } | |
| $a_17 = { 558bec568b550801500c8b700885f674 } | |
| $a_18 = { 558bec33c05568e103420064ff306489 } | |
| $a_19 = { 558bec6a0033c0556842d4400064ff30 } | |
| $a_20 = { 558bec538bd88b4508508bc3e8ffbaff } | |
| $a_21 = { 558bf28bd8eb0853e878e9ffff8bd88a } | |
| $a_22 = { 558bec83c4f85356578bd8803dbc6542 } | |
| $a_23 = { 558bec33c05568c94e410064ff306489 } | |
| $a_24 = { 558bec6a005333c0556822bd400064ff } | |
| $a_25 = { 558b4c240c8bd68b4304e86f58ffff8b } | |
| $a_26 = { 558bec518945fc33d255684055400064 } | |
| $a_27 = { 558bec53803dbc654200000f84cc0000 } | |
| $a_28 = { 558bec33c055682f1d420064ff306489 } | |
| $a_29 = { 558bec6a0053568bf18bda33c055680c } | |
| $a_30 = { 558bec33c0556825cc400064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Lybsus_eec266370065040a41b5bee99c02bb1cc512a0aa5fc30c19459f49052b692fdf { | |
| strings: | |
| $a_2 = { 558bfb327823f6b4fda62c75597e19fc } | |
| $a_3 = { 558bbb99134c66084929cb28c0fa5565 } | |
| $a_4 = { 558bd1ff004d35ba6baa7aa3d1fe08f8 } | |
| $a_5 = { 558b6b4678b9dc2acb077835a3bd9dd5 } | |
| $a_6 = { 558b972afebd4a7a5b32a33480647463 } | |
| $a_7 = { 558bef72b9391eb5104da4fcac18fded } | |
| $a_8 = { 558b2d8dcaca10e70706b0ae2fadecd7 } | |
| $a_9 = { 558b7ef021ce3a600ebed5a681815c10 } | |
| $a_10 = { 558b43bad9bd30ae098ba73d38f4afca } | |
| $a_11 = { 558b2b63e53ffd7a5d2ee2e6ee34b8ba } | |
| $a_12 = { 558bf67cfdb355cb3fed3b72dce47ca3 } | |
| $a_13 = { 558b0585d9ccadb48e49e08ed5bfe1bf } | |
| $a_14 = { 558b019818850000324f735d3868c673 } | |
| $a_15 = { 558b511416fe612368e064f5ff001a12 } | |
| $a_16 = { 558b4b57bbbc4b75085a460011c8addf } | |
| $a_17 = { 558b2ba68260d192bc6322abec203003 } | |
| $a_18 = { 558b854e490aa61b174b14e862a49cd3 } | |
| $a_19 = { 558b4cb736f1cba7dc3792bf740f3538 } | |
| $a_20 = { 558b8502d3cb48834ac46e18c903fc2a } | |
| $a_21 = { 558bec83ec0c688611400064a1000000 } | |
| $a_22 = { 558bb2bff5a79fdcc4e15feb12552a53 } | |
| $a_23 = { 558b2c3d6ba8d3bf604fd86e3b885a2f } | |
| condition: | |
| 18 of them | |
| } | |
| rule BackdoorWin32Mangit_9e4303df6552e6352e443adf712228eae2d59ef86b536af1499cbed48dcd3cfb { | |
| strings: | |
| $a_2 = { 558bd6ca751479287e2092ef8dfe9c54 } | |
| $a_3 = { 558b4f691b57cb60920441bb2a6c6759 } | |
| $a_4 = { 558b8da998b0b8ccdd547b793d64440b } | |
| $a_5 = { 558bd5e18e832add3eccd434fc32c106 } | |
| $a_6 = { 558bcd281abbcbd41fac29d027fbc52b } | |
| $a_7 = { 558b906b3158a255ba60e6dc3c1c175b } | |
| $a_8 = { 558b7e37bddcf3e7ac6bdc23d04a6edf } | |
| $a_9 = { 558b629ef4ab2ccab2fae82afca6044a } | |
| $a_10 = { 558b09b0e4a7329c79ff835a6fa5c4a5 } | |
| $a_11 = { 558b62f272058b7c89b6d116d33dc755 } | |
| $a_12 = { 558b8179ffba986f195949ea21691b7d } | |
| $a_13 = { 558bbb4f2bd2c104a52ed0ec5e462ef4 } | |
| $a_14 = { 558b0cdd9bcbc4edf5dcc1d0a280ba87 } | |
| $a_15 = { 558bfc522bdc9ff46912854cdcb13d5f } | |
| $a_16 = { 558ba5d6520854431baa7c5d3f7df755 } | |
| $a_17 = { 558be0a502233295673efbafb0c4bfe5 } | |
| $a_18 = { 558b2f3fc02e796dafc71b64241d8a97 } | |
| $a_19 = { 558be27a55b391fb3eefd293387fbdf7 } | |
| $a_20 = { 558ba140229bd644af5279ac434742c4 } | |
| $a_21 = { 558b04b7c2cbc548a3752a314773064a } | |
| $a_22 = { 558b3889cbf650000762515de3c02ba5 } | |
| $a_23 = { 558bf89ec50332a7c71f7e715653b45d } | |
| $a_24 = { 558bf09467482ffac39219ac3105d2ee } | |
| $a_25 = { 558baaee6511535b62eae484ba63382a } | |
| $a_26 = { 558b44871cc6d1411030f5b44059c687 } | |
| $a_27 = { 558b7e34d0bbeafc686007c03a3d2988 } | |
| $a_28 = { 558bf3d8a276144c9fb09bcc962166da } | |
| $a_29 = { 558b72dde6ea95f42f7dcbc40f1e24b1 } | |
| $a_30 = { 558bdac17f52f1de8f7bde7e5be04ccb } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Masteseq_7f89ee860e4e72312abb041c705a179164f73520284e81a343cbb782e60f57b4 { | |
| strings: | |
| $a_2 = { 558bec51c745fc00eb098b0883c00189 } | |
| $a_3 = { 558ba06c19fee10da070b6025848d62a } | |
| $a_4 = { 558ba32daec5661b035a738eaf004f10 } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorWin32Matchaldru_2d309b3982f2a0db65238b410e35c1d77949f53be345c591484dde136fb95f00 { | |
| strings: | |
| $a_2 = { 558b2da0904000568b3588904000578b } | |
| $a_3 = { 558b6c240856578bfd83c9ff33c033f6 } | |
| $a_4 = { 558bec6aff68d0914000688081400064 } | |
| $a_5 = { 558bec6aff68c0914000688081400064 } | |
| $a_6 = { 558bec6aff68e0914000688081400064 } | |
| $a_7 = { 558b2d109140008d8424980100005250 } | |
| $a_8 = { 558bec6aff68b0914000688081400064 } | |
| $a_9 = { 558bac24241800005657b072b20db10a } | |
| $a_10 = { 558bec6aff68e082400064a100000000 } | |
| $a_11 = { 558bec6aff68f082400064a100000000 } | |
| $a_12 = { 558bec6aff680083400064a100000000 } | |
| condition: | |
| 10 of them | |
| } | |
| rule BackdoorWin32Mdmbot_4f4fc8e86e750c282852d230e5ba5f0b50adb7c7c0a081474ee46f938137e43d { | |
| strings: | |
| $a_2 = { 558bec83ec1053565733db85db74408b } | |
| $a_3 = { 558b2de47000105633f6573bc60f85b1 } | |
| $a_4 = { 558b2d3c700010578b464085c074548d } | |
| $a_5 = { 558becff7508684220000053b8010000 } | |
| $a_6 = { 558be95657c6442413008d4510508944 } | |
| $a_7 = { 558b2d14710010ff15107100106af056 } | |
| $a_8 = { 558bac24340b000056578dbc24380700 } | |
| $a_9 = { 558b2d407000108b4b0c8b431456576a } | |
| $a_10 = { 558bec53837d08007510ff750ce80eff } | |
| $a_11 = { 558b1833ed668b4b1466396b068d4419 } | |
| $a_12 = { 558b6f04568b378944241081c670b200 } | |
| $a_13 = { 558b2d5c70001050ffd58b461c85c074 } | |
| $a_14 = { 558bec518b4d105385c9c745fc000000 } | |
| $a_15 = { 558bec81eca405000053568b358c7000 } | |
| $a_16 = { 558b6c241456578bf9897c24108d5f0c } | |
| $a_17 = { 558bec51535633f68975fc516b4dfc10 } | |
| $a_18 = { 558bec53ff750853b8010000006bc010 } | |
| $a_19 = { 558b2d5070001057b98000000033c0bf } | |
| $a_20 = { 558b0d248e00108bac24580200005683 } | |
| $a_21 = { 558b2d8c7000105657ffd58b5c24148b } | |
| $a_22 = { 558bac24cc0400005657bf648100108b } | |
| condition: | |
| 18 of them | |
| } | |
| rule BackdoorWin32Meciv_2686335f2be7ef06ddb826177d26377129b6c448abd70a02ef6363a175421661 { | |
| strings: | |
| $a_2 = { 558bc64d0c8d9a9accb97cbe1c576523 } | |
| $a_3 = { 558bec51515333db391d688a40005657 } | |
| $a_4 = { 558bec6aff6848544000682c23400064 } | |
| $a_5 = { 558bfe89f4757d33e1d58b048000008b } | |
| $a_6 = { 558bec83ec14a1388940008b153c8940 } | |
| $a_7 = { 558bec6aff6860544000682c23400064 } | |
| $a_8 = { 558b78f0743338619e48a9685b72eab5 } | |
| $a_9 = { 558b2d7c504000565733db33f633ff3b } | |
| $a_10 = { 558bec6aff68d8504000682c23400064 } | |
| $a_11 = { 558bfe85f88bc14283f17e8df07d8fc1 } | |
| $a_12 = { 558becb82c120000e8162000008d8568 } | |
| $a_13 = { 558bec5153568b351462400057837e10 } | |
| $a_14 = { 558bec51833dd48640000053751d8b45 } | |
| $a_15 = { 558bec515153568b3530824000578b56 } | |
| $a_16 = { 558bec51568b750885f6745aa1488940 } | |
| $a_17 = { 558bec535657556a006a00684c224000 } | |
| condition: | |
| 14 of them | |
| } | |
| rule BackdoorWin32Mestys_e97bc8c4924efb727a3efcd2ba878ff196e4b4df4d31e6230b406ea693ba321e { | |
| strings: | |
| $a_2 = { 558bd98b8b140100008b812001000056 } | |
| $a_3 = { 558bac2420010000565768040100008d } | |
| $a_4 = { 558bff8b4424200fb604028bea8bcac1 } | |
| $a_5 = { 558b691056578b7a108d34bd00000000 } | |
| $a_6 = { 558be98b4a10895424088b5204578bfa } | |
| $a_7 = { 558b6c24285657558bda68b8e8410053 } | |
| $a_8 = { 558b8a74c5d5a043be45cec3e5bed740 } | |
| $a_9 = { 558bd38bcee8660300004d83fd017df0 } | |
| $a_10 = { 558b6f048bc82bcd03d15d893a8b088b } | |
| $a_11 = { 558bd98b43245657894424148b4b648b } | |
| $a_12 = { 558bec83ec14538bd98b43088b4b0c56 } | |
| $a_13 = { 558be9568bdd578954242c895c242873 } | |
| $a_14 = { 558b44241883f8027d074089442418eb } | |
| $a_15 = { 558b6920568b33578d3c102bc63bfd75 } | |
| $a_16 = { 558b6c2410568b74241c578b7c242457 } | |
| $a_17 = { 558b6c240c5633f63bee578bda8bf975 } | |
| $a_18 = { 558b6c2408568bf13bf574528b460885 } | |
| $a_19 = { 558bac244402000056578bf28d44241c } | |
| $a_20 = { 558bea6bd21c568bc5c1e00433db83fd } | |
| $a_21 = { 558be766e6a842cec5c4d5a94b3b291c } | |
| $a_22 = { 558b6c241885ed56577407c745000000 } | |
| $a_23 = { 558bc1568bb09816000033c985f65789 } | |
| $a_24 = { 558b6c240885ed750b6a57e840b8feff } | |
| $a_25 = { 558bba140f088166a1ed6f4d9a3a4883 } | |
| $a_26 = { 558b6c24148bc3f7d81bc08bcdf7d91b } | |
| $a_27 = { 558bec6aff68d0a24100686899410064 } | |
| $a_28 = { 558b7c599416bdcc5309b43ea27a97d5 } | |
| $a_29 = { 558b84a801ac798b9e83a1154add6268 } | |
| $a_30 = { 558b2856578b780c33c03bf88bf18954 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Metlar_9392776d6d8e697468ab671b43dce2b7baf97057b53bd3517ecd77a081eff67d { | |
| strings: | |
| $a_2 = { 558bec83ec6053568d45fc575033ffff } | |
| $a_3 = { 558bec83ec1c8065f2008065fc008365 } | |
| $a_4 = { 558bec83ec14578d45fc8365fc006a01 } | |
| $a_5 = { 558bec83ec24535657c745dce197af54 } | |
| $a_6 = { 558bec81ecb0000000568b7508578b3e } | |
| $a_7 = { 558bec83ec0c834df4ff8365f800568d } | |
| $a_8 = { 558bec83ec208b4d105356576a078bc1 } | |
| $a_9 = { 558bec51518b45085356576a2bc70063 } | |
| $a_10 = { 558bec51518b450cc645f84348c645f9 } | |
| $a_11 = { 558bec83ec305657ff75088bf9ff1570 } | |
| $a_12 = { 558bec83ec3c5657ff75088bf9ff1570 } | |
| $a_13 = { 558bec83ec205356578bf1ff7508ff15 } | |
| $a_14 = { 558bec83ec10535657894df0ff151843 } | |
| $a_15 = { 558bec51568bf18b068d55fc52508b08 } | |
| $a_16 = { 558bec81ec8000000056be8000000056 } | |
| $a_17 = { 558beca160430010ffe0e8efffffff89 } | |
| $a_18 = { 558bec83ec248b450c5356576a0333d2 } | |
| condition: | |
| 14 of them | |
| } | |
| rule BackdoorWin32Miancha_73ef70f1e80e32341eebcb3b1084cf896f6b1aa701b7a6c7abcb9293500d84ae { | |
| strings: | |
| $a_2 = { 558bec6afe685032001068e120001064 } | |
| $a_3 = { 558bec515133c039450c750e39051040 } | |
| $a_4 = { 558bec83e4f86aff68eb21001064a100 } | |
| $a_5 = { 558b6c240c8d04ca8b4c2410505155e8 } | |
| $a_6 = { 558bc3e8b70300008be885ed75055d5e } | |
| $a_7 = { 558bec837d0c017505e81f040000ff75 } | |
| condition: | |
| 6 of them | |
| } | |
| rule BackdoorWin32Minaps_4f7c2a14cbb3d24344d731156aac1a3e862cb74909b9d6e227dbe136156d6e27 { | |
| strings: | |
| $a_2 = { 558b2db49140008b4c24108d44241050 } | |
| $a_3 = { 558be98b85140400008b8c2434040000 } | |
| $a_4 = { 558bec6aff68808c400064a100000000 } | |
| $a_5 = { 558bd98b430480780d00568bb4248010 } | |
| $a_6 = { 558bac2418040000568bf18b86140400 } | |
| $a_7 = { 558b6c2434b00a56578b7c2438b14e88 } | |
| $a_8 = { 558becf6450802578bf974255668368c } | |
| $a_9 = { 558bec6afe6850c84000681e83400064 } | |
| $a_10 = { 558bec6afe6820c64000681e83400064 } | |
| $a_11 = { 558be9807d5400565774508bc38bf390 } | |
| $a_12 = { 558bec6aff68608c400064a100000000 } | |
| $a_13 = { 558bec6aff68a08c400064a100000000 } | |
| $a_14 = { 558be98b8da00200008d451050688096 } | |
| $a_15 = { 558bec83ec10a18ce040008365f80083 } | |
| $a_16 = { 558bec81ec28030000a3f8e24000890d } | |
| $a_17 = { 558bac241c040000568bf18b86140400 } | |
| $a_18 = { 558b2d689040006800ab40006814ab40 } | |
| $a_19 = { 558be98b85140400008b4c2430568b74 } | |
| $a_20 = { 558b2d48904000566a016a08ffd550ff } | |
| $a_21 = { 558bac2424140000568bb42424140000 } | |
| $a_22 = { 558bcbe812060000506a0a8bcbe80815 } | |
| condition: | |
| 18 of them | |
| } | |
| rule BackdoorWin32Miniasroot_b041090be33111041e2adac815c6dd0f8196097205120eff4fe2a3c53bf95ad3 { | |
| strings: | |
| $a_2 = { 558bec81ecd8000000a188f0400033c5 } | |
| $a_3 = { 558bec83ec24894dfc837d0c0074398b } | |
| $a_4 = { 558bec83ec1c894df48b45f40fb64008 } | |
| $a_5 = { 558bec83ec485657894de48b45e483c0 } | |
| $a_6 = { 558bec81ec340100005657894d886804 } | |
| $a_7 = { 558bec51894dfcb001c9c3558bec5189 } | |
| $a_8 = { 558bec51894dfcc9c20800558bec5151 } | |
| $a_9 = { 558bec81ecb40000005657894df06804 } | |
| $a_10 = { 558bec81ec28010000a188f0400033c5 } | |
| $a_11 = { 558bec83ec105657894df06a00e800c4 } | |
| $a_12 = { 558bec81ecf40000005657894ddc6864 } | |
| $a_13 = { 558bec51894dfc6a008d450c50ff7508 } | |
| $a_14 = { 558bec51894dfc8b45fc8b801c040000 } | |
| $a_15 = { 558bec83ec10894df48d45f850e8b1ff } | |
| $a_16 = { 558bec83ec18894df88b45f88b80ec00 } | |
| $a_17 = { 558bec5151894df8c745fc002000008b } | |
| $a_18 = { 558bec83ec24894dec68000050006a00 } | |
| $a_19 = { 558bec83ec18894de86800c80000e87d } | |
| $a_20 = { 558bec83ec2c57894de46a03e8705000 } | |
| $a_21 = { 558becb860220000e894740000a188f0 } | |
| $a_22 = { 558bec81ecf8080000a188f0400033c5 } | |
| $a_23 = { 558bec51894dfc8b45fcc7008cbc4000 } | |
| $a_24 = { 558bec83ec145657894dec8b4dece86b } | |
| $a_25 = { 558bec83ec18894de88b4de8e8931800 } | |
| $a_26 = { 558bec83ec305657c745ecc0c640008b } | |
| $a_27 = { 558bec5151894df86a006a00ff75088b } | |
| $a_28 = { 558bec81ec28030000a3e8f24000890d } | |
| $a_29 = { 558bec83ec285657894de86800040000 } | |
| $a_30 = { 558bec83ec2c894df4ff750cff7508e8 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Mirai_3a4bcd109f1352019483b260e881a0378b0dc9f7336a09eb288e0871b7d2ebea { | |
| strings: | |
| $a_2 = { 558bb5de0473146e2d30534d72f99b3f } | |
| $a_3 = { 558b6b4ee87f3bca72a53d0f29e45358 } | |
| $a_4 = { 558be3b031252c381ee2a11afc673421 } | |
| $a_5 = { 558bcd4ce410db9a395b18b07d3854d9 } | |
| $a_6 = { 558b668902002bf2c6fdee5f7e77f427 } | |
| $a_7 = { 558b3966b6044b31a96e5c55fbdc3e74 } | |
| $a_8 = { 558b2a6898af35b80eb9350e74bee22a } | |
| $a_9 = { 558b89a337fa6131f8847cb61b6ea45d } | |
| $a_10 = { 558bb7b26f008fa0a5ea2900403236c4 } | |
| condition: | |
| 8 of them | |
| } | |
| rule BackdoorWin32Mirle_46b824125959e2441d5d8c7d499b28fc02ba8b38a6051122a4c8d8cec42c7ec0 { | |
| strings: | |
| $a_2 = { 5589e55c556a00776fef6e0168925aff } | |
| $a_3 = { 558b30384da838810518825d39d91178 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Misbot_0a7e444a089b28e269b81cf9fb15c7e578a0b3ce27a0c4160a7f9cec9dcd0851 { | |
| strings: | |
| $a_2 = { 5589e55383ec14c605a43e4100008b1d } | |
| $a_3 = { 5589e55383ec148b5d08891c24e81a04 } | |
| $a_4 = { 5589e581ecc8040000a00830410083f0 } | |
| $a_5 = { 5589e583ec28c7442404b8214100c704 } | |
| $a_6 = { 5589e583ec08e86d3a000099f77d0889 } | |
| $a_7 = { 5589e583ec08a1588941008b4048c9ff } | |
| $a_8 = { 5589e581ec88000000c745bc50a84000 } | |
| $a_9 = { 5589e5b8b4234100c9c366905589e5b8 } | |
| $a_10 = { 5589e583ec18e8253dffffc704241013 } | |
| $a_11 = { 5589e557565383ec4c8b5d08a1588941 } | |
| $a_12 = { 5589e55383ec148b5d08891c24e87205 } | |
| $a_13 = { 5589e583ec088b4508c70028294100c9 } | |
| $a_14 = { 5589e557565381ecfc0a0000c7858cf5 } | |
| $a_15 = { 5589e557565381ecbc0c00008b450889 } | |
| $a_16 = { 5589e581ec38040000c745e800000000 } | |
| $a_17 = { 5589e5b824244100c9c366905589e583 } | |
| $a_18 = { 5589e58b15608941008b028b4d08890a } | |
| $a_19 = { 5589e55383ec148b5d08c703e0284100 } | |
| $a_20 = { 5589e55383ec148b5d08c703c8284100 } | |
| $a_21 = { 5589e583ec18e82db300008b0d30fe40 } | |
| $a_22 = { 5589e583ec18a1588941008b504483fa } | |
| $a_23 = { 5589e5535181eca001000089cbe8bc27 } | |
| $a_24 = { 5589e583ec58c745dc50a84000c745e0 } | |
| $a_25 = { 5589e583ec18837d0801754d817d0cff } | |
| $a_26 = { 5589e58b4508c70048294100c9c36690 } | |
| $a_27 = { 5589e557565383ec3c8b7d08a1588941 } | |
| $a_28 = { 5589e557565381ecec020000c7858cfd } | |
| $a_29 = { 5589e583ec28a130894100895df48975 } | |
| $a_30 = { 5589e583ec18c7042402000000ff15dc } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Mizzmo_a02026c045243d1394177984476a745153ca46154297fa6c09c02570cc9e928e { | |
| strings: | |
| $a_2 = { 5589e583ec10c745fc00000000eb0e8b } | |
| $a_3 = { 5589e583ec48e8201400008b450c8b00 } | |
| $a_4 = { 5589e583ec38c745ecf0cd4000c74424 } | |
| $a_5 = { 5589e583ec38e82a1f00008d45108945 } | |
| $a_6 = { 5589e5575383ec308d5de8b000ba1000 } | |
| $a_7 = { 5589e583ec38e83a0800008d45148945 } | |
| $a_8 = { 5589e583ec48e888220000837d0c0075 } | |
| $a_9 = { 5589e583ec38837d0c00750ab8570007 } | |
| $a_10 = { 5589e5565383ec10a164f0400085c075 } | |
| $a_11 = { 5589e55383ec14a164f0400085c07508 } | |
| $a_12 = { 5589e55383ec148b5d08a164f0400085 } | |
| $a_13 = { 5589e55383ec148b1da8ac400083fbff } | |
| $a_14 = { 5589e583ec188b450ca344fa4000837d } | |
| $a_15 = { 5589e583ec108b45088a008845ff8b45 } | |
| $a_16 = { 5589e55383ec24e8921a00008b1d70b0 } | |
| $a_17 = { 5589e583ec488b45088945e08b450c89 } | |
| $a_18 = { 5589e583ec28c745f0000000008b450c } | |
| $a_19 = { 5589e55383ec34c745f400000000c745 } | |
| $a_20 = { 5589e581ec78020000c745f4ffffffff } | |
| $a_21 = { 5589e583ec488b450c668945e4e86d1d } | |
| $a_22 = { 5589e583ec38e8ec1d00008d45188945 } | |
| $a_23 = { 5589e55381ec240100008d85f0feffff } | |
| $a_24 = { 5589e583ec18b840b04000890424e88d } | |
| $a_25 = { 5589e581ec380200008b450c668985f4 } | |
| $a_26 = { 5589e5837d08007507b857000780eb3b } | |
| $a_27 = { 5589e583ec048b45088845fc8a45fc83 } | |
| $a_28 = { 5589e557565383ec2ca158f0400085c0 } | |
| $a_29 = { 5589e55383ec34837d08007406837d0c } | |
| $a_30 = { 5589e581ec280100008b45088945f0c7 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Mocbot_36425b3ec1849abd516c6b73c2257325a8814aadd0dd3345e4954490ce227028 { | |
| strings: | |
| $a_2 = { 558b2ce1181e542b6c91a00126b81e0e } | |
| $a_3 = { 558b170399e432774d0d3b50496027b9 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Morix_192209be063daf3f7b3c703c60de8b3a85a045a8a00be6f5c84c1b0f41d067c1 { | |
| strings: | |
| $a_2 = { 558b43d8fc8f9c747750ce9cf2fc26c2 } | |
| $a_3 = { 558ba38cf5ede2ac0590b5b67d337cf3 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Mosuck_335281b70731bb96ed4a9b1ee90ec123ec59ccef4ee27672bceb8d43a8604134 { | |
| strings: | |
| $a_2 = { 558b457dcb6ef2253466fe6b6a611588 } | |
| $a_3 = { 558b0cb873ae7fff7fc268ecd4d42a06 } | |
| $a_4 = { 558bc77e14720e8318320e0c6b7495fa } | |
| $a_5 = { 558be77352247dcbe5b9dafc2e3ea3f0 } | |
| condition: | |
| 4 of them | |
| } | |
| rule BackdoorWin32Moudoor_1c25c28e8166679435f846dc223c986f02b7311e3231f43048677ed121b559ff { | |
| strings: | |
| $a_2 = { 558bec83ec0c894dfc837d080074538b } | |
| $a_3 = { 558bec83ec10ff750c8d4df0e852b9fe } | |
| $a_4 = { 558bec538b5d0856578bf9c707bc9942 } | |
| $a_5 = { 558bec83ec10ff750c8d4df0e8bdb5fe } | |
| $a_6 = { 558bec83ec10ff750c8d4df0e850bafe } | |
| $a_7 = { 558b3783c70489bddcfdffffe8b80600 } | |
| $a_8 = { 558bec83ec18894de88b45e8c7000c93 } | |
| $a_9 = { 558bec8bc18a4d08c7006ca942008848 } | |
| $a_10 = { 558bec5356576a006a0068c717410051 } | |
| $a_11 = { 558bec83ec1053ff75108d4df0e88f48 } | |
| $a_12 = { 558bec568b7508b880e342003bf07222 } | |
| $a_13 = { 558bec83ec28a1b4e1420033c58945fc } | |
| $a_14 = { 558bec8b4508a36cfb4200a370fb4200 } | |
| $a_15 = { 558bec83ec20894de08b45088945fceb } | |
| $a_16 = { 558bec51535657ff354c0e4300e8ce14 } | |
| $a_17 = { 558bec81eccc0000008b45088945fc8b } | |
| $a_18 = { 558bec8b450c8a008b4d0888015dc38b } | |
| $a_19 = { 558bec8b45085633f63bc6751de87554 } | |
| $a_20 = { 558bec8b0db4e142008b550883c90133 } | |
| $a_21 = { 558bec6aff682880420064a100000000 } | |
| $a_22 = { 558bec83ec4ca1b4e1420033c58945fc } | |
| $a_23 = { 558bec8b45085633f63bc6751de86d27 } | |
| $a_24 = { 558bec51565733ff3bdf751be8ad2ffe } | |
| $a_25 = { 558bec83ec2ca1b4e1420033c58945fc } | |
| $a_26 = { 558bec83ec0cc645fb00c745fc000000 } | |
| $a_27 = { 558bec8b45085633f63bc6751de81aa0 } | |
| $a_28 = { 558bec83ec10ff75088d4df0e835c0fe } | |
| $a_29 = { 558bec6aff68d180420064a100000000 } | |
| $a_30 = { 558bec8b45085633f63bc6751de8ae54 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32MsxRat_2bd7c072c6ee067861250dd59a14f34d509a94ee03ec432445addabbe332506b { | |
| strings: | |
| $a_2 = { 558bec568bf1c70668b24000e8481b00 } | |
| $a_3 = { 558bec83e4f881ec10040000a144e040 } | |
| $a_4 = { 558bec538b5d08568bf1c7061cb94000 } | |
| $a_5 = { 558becff3550f74000e892f2ffff5985 } | |
| $a_6 = { 558bec8b4508a36cf740005dc38bff55 } | |
| $a_7 = { 558bec51515356576804010000be88f7 } | |
| $a_8 = { 558bec83e4f881ec18040000a144e040 } | |
| $a_9 = { 558b6068143cc1195a75fc58df6d469a } | |
| $a_10 = { 558bec51535657ff35900c4100e8130b } | |
| $a_11 = { 558bece8ee130000ff7508e83b120000 } | |
| $a_12 = { 558bec83ec10ff750c8d4df0e8eb9aff } | |
| $a_13 = { 558bec83e4f8b8ec100000e8b08f0000 } | |
| $a_14 = { 558bec568b7508b880ea40003bf07222 } | |
| $a_15 = { 558bec83ec10a144e0400033c58945fc } | |
| $a_16 = { 558bec8b450883f8fe7518e81d95ffff } | |
| $a_17 = { 558bec8b4508568d34c510e14000833e } | |
| $a_18 = { 558bec535657556a006a0068809d4000 } | |
| $a_19 = { 558bec56ff75088bf1e8c71a0000c706 } | |
| $a_20 = { 558bffff83c414ebd08bc8c1f9058d3c } | |
| $a_21 = { 558bec8b450833c93b04cd30e2400074 } | |
| $a_22 = { 558bec683cb24000ff15c0b0400085c0 } | |
| $a_23 = { 558bec8b4508b980ea40003bc1721f3d } | |
| $a_24 = { 558bec57bfe803000057ff1538b04000 } | |
| $a_25 = { 558bec83ec14a1440b41008b4d086bc0 } | |
| $a_26 = { 558bec83ec34a144e0400033c58945fc } | |
| $a_27 = { 558bec565733f6ff750cff7508e8bf36 } | |
| $a_28 = { 558bec81ec28030000a144e0400033c5 } | |
| $a_29 = { 558b6e1083fd020f9cc28bc157bb1910 } | |
| $a_30 = { 558b110b0e2cc2df2944926905b6e479 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Mydoom_fdfad3715a3d27d1230334e2da9446fe84fc0eed158db31a5d0a3ea6112fcf23 { | |
| strings: | |
| $a_2 = { 558bec33c055682d1b141964ff306489 } | |
| $a_3 = { 558bec81c4e4feffff53565733d28995 } | |
| $a_4 = { 558bec33c05568e91d141964ff306489 } | |
| $a_5 = { 558b00890424833c2400742c8bc78b0c } | |
| $a_6 = { 558bec33c05568af28141964ff306489 } | |
| $a_7 = { 558b6a0883c105e8aeffffffffd15d5f } | |
| $a_8 = { 558bec33c055689d1a141964ff306489 } | |
| $a_9 = { 558bf98bea8bf0b8341414193b051850 } | |
| $a_10 = { 558b0f27780a7def28ad634fce0c4625 } | |
| $a_11 = { 558bec33c055685419141964ff306489 } | |
| $a_12 = { 558bf28bd8eb0853e844feffff8bd88a } | |
| $a_13 = { 558bec33c05568311d141964ff306489 } | |
| $a_14 = { 558bec33c05568d51a141964ff306489 } | |
| condition: | |
| 11 of them | |
| } | |
| rule BackdoorWin32Nanspy_5b85286c974254908c2b579ff5d05ebad83e8d2926620d5e48406f9ad614bb09 { | |
| strings: | |
| $a_2 = { 558bd9b3e8c74304603b60dfd86a044f } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Naprat_77ce44f9d72b2e8d03ec4d301334abf1738f79bdbdbb15fc8a94d8cee1d64fdb { | |
| strings: | |
| $a_2 = { 558b00890424833c2400742c8bc78b0c } | |
| $a_3 = { 558bec33c05568953c400064ff306489 } | |
| $a_4 = { 558bec83c4f48b45088b108955f48b50 } | |
| $a_5 = { 558bec83c4f853568945fc8b45fc8b55 } | |
| $a_6 = { 558bece840faffff5531c968e8174000 } | |
| $a_7 = { 558bec83c4ec538945fc8b45fce8e6d7 } | |
| $a_8 = { 558bec83c4f05356578bda85db78078b } | |
| $a_9 = { 558bec81c4b4feffff53568bf0b3018d } | |
| $a_10 = { 558bec33c05568ad6a400064ff306489 } | |
| $a_11 = { 558bec33c055688943400064ff306489 } | |
| $a_12 = { 558bec81c4ccfeffff535633c08985d4 } | |
| $a_13 = { 558bf98bea8bf0b8bc1840003b052c80 } | |
| $a_14 = { 558bec33c05568d131400064ff306489 } | |
| $a_15 = { 558bec33c055686d42400064ff306489 } | |
| $a_16 = { 558bec33c055681b76400064ff306489 } | |
| $a_17 = { 558bec81c4f4feffff53568bf28945fc } | |
| $a_18 = { 558bec33c055682d42400064ff306489 } | |
| $a_19 = { 558bec83c4c8535657894dd88bda8945 } | |
| $a_20 = { 558bec53565733db33d25568d9434000 } | |
| $a_21 = { 558bf28bd8eb0853e82cfeffff8bd88a } | |
| $a_22 = { 558bec83c4bc5333d28955c88955c489 } | |
| $a_23 = { 558bec33c055682143400064ff306489 } | |
| $a_24 = { 558bec83c4f88b45088b108955f88b50 } | |
| $a_25 = { 558bec81c4e8fbffff53565733c9898d } | |
| $a_26 = { 558bec33c05568cd2c400064ff306489 } | |
| $a_27 = { 558bec83c4ec56578b45088bf08d7dec } | |
| $a_28 = { 558bec33c05568e942400064ff306489 } | |
| $a_29 = { 558bec81c4c8feffff53565733d28995 } | |
| $a_30 = { 558bec83c4f053568955fc8bf08b45fc } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Neporoot_5664aaa79fa893fc10e77e79cb566a5d1cecc4cd58f58759723ae1ad3709b7fa { | |
| strings: | |
| $a_2 = { 558b6c24145685ed578bf57e208b5c24 } | |
| $a_3 = { 558b6c24145633f6b30185ed7e24578b } | |
| $a_4 = { 558bec6aff685021400068601e400064 } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorWin32Netbot_54f3408b5892b70628c9956eb99c73de1f4bebdfc1758cb9b117bda7b872d843 { | |
| strings: | |
| $a_2 = { 558bec6aff6830c5001064a100000000 } | |
| $a_3 = { 558b2d28d1001089742414b958000000 } | |
| $a_4 = { 558be98d78018bf22bea897c24148a1c } | |
| $a_5 = { 558b2d00d000106a008d8424b4010000 } | |
| $a_6 = { 558b2de02a01105768ff0000006a008b } | |
| $a_7 = { 558b6c240c578b7c24148bd08ac8c1fa } | |
| $a_8 = { 558bec5164a13000000083c0683e8b00 } | |
| $a_9 = { 558b2dacd000106a008d842408010000 } | |
| $a_10 = { 558b2decd0001056578d730568982801 } | |
| $a_11 = { 558bec6aff6860d10010682685001064 } | |
| $a_12 = { 558b2dfc2a0110566a066a016a02ffd3 } | |
| $a_13 = { 558b8c2418b70000f7e98bcac1e91f8d } | |
| $a_14 = { 558bec6aff6840c5001064a100000000 } | |
| $a_15 = { 558b5c241cbd10000000a140260110b9 } | |
| $a_16 = { 558b2d002b01106a066a016a02ffd58b } | |
| $a_17 = { 558bec6aff6850d10010682685001064 } | |
| $a_18 = { 558bac24280400008b9424e000000052 } | |
| $a_19 = { 558b6c2414568b74241433db578bfd85 } | |
| $a_20 = { 558b6c2410568bcd57c1f9038bf133c0 } | |
| $a_21 = { 558b8c2458290000f7e98bc2c1e81f8d } | |
| $a_22 = { 558bd8ffd66858210110578be8ffd668 } | |
| $a_23 = { 558b2d082b01105768ff0000006a008b } | |
| $a_24 = { 558bec83ec28e815eeffff85c074156a } | |
| $a_25 = { 558b2d88d00010578d442410505356e8 } | |
| condition: | |
| 20 of them | |
| } | |
| rule BackdoorWin32Netbus_4185224e83c9d870fa8630026738193aa90a99886be6af4e2e42627ca050004e { | |
| strings: | |
| $a_2 = { 558bec83ec40c745d857000000c745dc } | |
| $a_3 = { 558bec81ec04010000898d58ffffff8b } | |
| $a_4 = { 558becb9da435100e83304faff5dc3cc } | |
| $a_5 = { 558bec83ec2c894dd48b45d433c98338 } | |
| $a_6 = { 558bec6a0033c0556876cd400064ff30 } | |
| $a_7 = { 558bec6afe68f83151006890e04c0064 } | |
| $a_8 = { 558bec6aff683d0d4e0064a100000000 } | |
| $a_9 = { 558bec6aff6803174e0064a100000000 } | |
| $a_10 = { 558bec83ec0c538b450850ff15b86850 } | |
| $a_11 = { 558b6cf3f68aefe0a7594d9218de1fbc } | |
| $a_12 = { 558bec6aff685cdb4d0064a100000000 } | |
| $a_13 = { 558bec83ec10ff750c8d4df0e87dfeff } | |
| $a_14 = { 558bec83ec0c8b450850ff15b4685000 } | |
| $a_15 = { 558becb965355100e8c31ffaff5dc3cc } | |
| $a_16 = { 558bec51538bda8945fc8bc38b15ec97 } | |
| $a_17 = { 558bec6aff680bed4d0064a100000000 } | |
| $a_18 = { 558bec83ec40c745d8c0000000c745dc } | |
| $a_19 = { 558bec83ec08894df86800000100e8b1 } | |
| $a_20 = { 558bec6aff6843034e0064a100000000 } | |
| $a_21 = { 558bec83ec40c745d841000000c745dc } | |
| $a_22 = { 558bec83ec080fb6451085c0740f0fb6 } | |
| $a_23 = { 558bec6aff68fa184e0064a100000000 } | |
| $a_24 = { 558bec5356578b7508bfbc054100bb01 } | |
| $a_25 = { 558bec6aff684e154e0064a100000000 } | |
| $a_26 = { 558bec6aff6868eb4d0064a100000000 } | |
| $a_27 = { 558bec81ecdc000000898d28ffffff8b } | |
| $a_28 = { 558bec83ec10ff75088d4df0e86511ff } | |
| $a_29 = { 558bec83ec40c745d824000000c745dc } | |
| $a_30 = { 558bec83ec40c745d820000000c745dc } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Nethief_aef076c2ee4320686842cc370cbf9278b73bea9f342f5c1565acde034a7c01c6 { | |
| strings: | |
| $a_2 = { 558b85c4cd96a8a9acabb1c7c5453ac5 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Netsnake_fbcc33559151682ffabc9c9a85bbd5b6574cfe1aa2880266783ebd8622708238 { | |
| strings: | |
| $a_2 = { 558bec83ec5053568bf1578b464c85c0 } | |
| $a_3 = { 558bec568bf1837e040074438b460885 } | |
| $a_4 = { 558bec81ec04040000538bd956578b83 } | |
| $a_5 = { 558bec83ec1853568b750c57ff7610e8 } | |
| $a_6 = { 558bec81ec0c02000053565733c0bf00 } | |
| $a_7 = { 558bec5356576a00ff7510ff750ce8f5 } | |
| $a_8 = { 558bec56578b7d086a106a0057e84f09 } | |
| $a_9 = { 558bec83ec10834dfcff53565733ff39 } | |
| $a_10 = { 558bec81ec14050000538bd956578b83 } | |
| $a_11 = { 558bec83ec0c8065ff005356576a00ff } | |
| $a_12 = { 558bec81ec0c0500005333db68208b41 } | |
| $a_13 = { 558bec5356578b7d0885ff7505bf70c2 } | |
| $a_14 = { 558bec8d451c56508d4518508bf1ff75 } | |
| $a_15 = { 558bec5151568d45fc578b7d08508d45 } | |
| $a_16 = { 558bec5151568b750885f674678d45f8 } | |
| $a_17 = { 558bec81ec2402000053568bf1578b46 } | |
| $a_18 = { 558bec5156578b7d108d45fc578365fc } | |
| $a_19 = { 558bec83ec2453568b750c578b461085 } | |
| $a_20 = { 558bec6aff683858410068863a410064 } | |
| $a_21 = { 558bec8d450c50ff750cff7508ff710c } | |
| $a_22 = { 558bec83ec1c568b35545441005733ff } | |
| $a_23 = { 558bec51568bf18d4dfcff15d4524100 } | |
| $a_24 = { 558bec83ec20535633f6894dfc566a1e } | |
| $a_25 = { 558bec83ec10568bf1837e0400743883 } | |
| $a_26 = { 558bec83ec2053568bd9bed4c1410057 } | |
| $a_27 = { 558bec83ec108365fc005356578b3d80 } | |
| $a_28 = { 558bec83ec1033c053394524568b750c } | |
| $a_29 = { 558bec83ec1c8d45fc506a28ff150451 } | |
| $a_30 = { 558bec83ec385356ff75088bf133db89 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Netspy_5760fbacc4a36ef386c867e49b09e4c97b6f4ff1f84fd1d1e83050d01855c0a9 { | |
| strings: | |
| $a_2 = { 558bec51c37c438bf0ff765064a23a4c } | |
| $a_3 = { 558bec81ece28b45bf1b46208b141a1e } | |
| $a_4 = { 558bd083e007ff7ff7863f8a1c45840e } | |
| $a_5 = { 558b81f65699f77b08578b7b1cc1e703 } | |
| $a_6 = { 558b0cb50bc0945fb58bc110f87f5286 } | |
| $a_7 = { 558bec83ecd856576a0859be200350fd } | |
| $a_8 = { 558b4f348b473c3bce4535fc4f527e70 } | |
| $a_9 = { 558b2df81efbfb81e7fdffbbdee00057 } | |
| $a_10 = { 558b6c24108b43105683f86457741947 } | |
| $a_11 = { 558bec7a55d1f40e6edb68c846eb7508 } | |
| $a_12 = { 558bec9f56833c85dffd637f6c008d34 } | |
| $a_13 = { 558b4d140fbe5401ff83fa4302ae0c43 } | |
| $a_14 = { 558bec83ec18c745f0008b45108945f4 } | |
| $a_15 = { 558bece6f80648cef107ed81ec84324b } | |
| $a_16 = { 558b751c8bc8fdeeff0d2e83f9067724 } | |
| $a_17 = { 558b6904ff3ffeff8bfa8b028b75003b } | |
| $a_18 = { 558b2d943356573307efffffdb33f633 } | |
| $a_19 = { 558becb8e8d492de21d63856e10b3bc0 } | |
| $a_20 = { 558b69204310578b7b1c8b3085ed7664 } | |
| $a_21 = { 558bece8c75dc309683c600010fe7fec } | |
| $a_22 = { 558bd9535c1faaffdf2243208b4b188b } | |
| $a_23 = { 558be98bc840565785c9a3180f859bac } | |
| $a_24 = { 558b14b9bc1c525051ffdb0ccdfe6ff4 } | |
| $a_25 = { 558b2da8327bffffbf565733db33f633 } | |
| condition: | |
| 20 of them | |
| } | |
| rule BackdoorWin32NetThief_bc232cebc6c37e4f326226199fc7cb070dea99321a99068315b019e76dfc8330 { | |
| strings: | |
| $a_2 = { 558bec6aff68900b480068e466470064 } | |
| $a_3 = { 558b2d00a1470081fad5000000b33a75 } | |
| $a_4 = { 558b2d10a947008bc68b368b78088bcf } | |
| $a_5 = { 558b482051ffd350e891ca00008bf085 } | |
| $a_6 = { 558b2d00a1470081f9d5000000b33a75 } | |
| $a_7 = { 558be9565768546b48008b4d14e8b3ef } | |
| $a_8 = { 558be95657896c24188d4d08e8cd2902 } | |
| $a_9 = { 558bd933ed5657895c2414c783080100 } | |
| $a_10 = { 558be9565768146648008b4d14e85319 } | |
| $a_11 = { 558bec6aff68a00b480068e466470064 } | |
| $a_12 = { 558b2d88a8470056578bf1bf41000000 } | |
| $a_13 = { 558bec6aff68b00b480068e466470064 } | |
| $a_14 = { 558bec6aff68708e470064a100000000 } | |
| $a_15 = { 558b2d04a1470081f9db04000075378d } | |
| $a_16 = { 558bd956578bbb0c01000085ff74428b } | |
| $a_17 = { 558bec6aff685080470064a100000000 } | |
| $a_18 = { 558bec6aff686080470064a100000000 } | |
| $a_19 = { 558b6c242456578d442414558bf150e8 } | |
| $a_20 = { 558bd9565785c0895c24180f85710600 } | |
| $a_21 = { 558b422050ffd350e803cd00008bf085 } | |
| $a_22 = { 558bec6aff68308e470064a100000000 } | |
| $a_23 = { 558be97419480f857d0100008b4d0c68 } | |
| $a_24 = { 558be95657896c2418c745003ccc4700 } | |
| $a_25 = { 558b2dcca84700568b40208b7318576a } | |
| $a_26 = { 558bec6aff68c00b480068e466470064 } | |
| $a_27 = { 558be933db5657c74500c8cb47008b85 } | |
| $a_28 = { 558b4020680410000050ffd685c07e74 } | |
| $a_29 = { 558b6c242456578bf18d04ad00000000 } | |
| $a_30 = { 558bcbc644242003e8bc010400a8020f } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32NetWiredRC_6280e7988b953bb1bed10cc1f3fdd848887ccb0fd87448f3f67a25d18b10b211 { | |
| strings: | |
| $a_2 = { 5589e5e9df000000598039327501c3e9 } | |
| $a_3 = { 558bec835bad85c074fb030424391875 } | |
| $a_4 = { 558bec83ec0c689611400064a1000000 } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorWin32NetWiredRC_c4d2d5715c4e6d4f20240f85a4788c38e7a729191252ea7a28bad1ee3126949b { | |
| strings: | |
| $a_2 = { 558bec51535657b8e2dce603c745fc7e } | |
| $a_3 = { 558bec83ec0c538b1d285040005657be } | |
| $a_4 = { 558be025c0ab1f5c9869185c55a36225 } | |
| $a_5 = { 558bec83ec0853565768937a103c68a5 } | |
| $a_6 = { 558bec83ec1453565768c80300006887 } | |
| $a_7 = { 558bec83ec24538b1d7c50400056576a } | |
| $a_8 = { 558bec83ec10535657bba08b9d5fc745 } | |
| $a_9 = { 558bec83ec0c535657bf6568f170bbcf } | |
| condition: | |
| 7 of them | |
| } | |
| rule BackdoorWin32Neunut_8da0c31bb2aa6cf210be0654e24d19973a4deef9252018fee3fbbd6a7fe71dc3 { | |
| strings: | |
| $a_2 = { 558bec8b450885c075025dc3833d9cb8 } | |
| $a_3 = { 558bec6aff6880844000683455400064 } | |
| $a_4 = { 558bec6aff6808814000683455400064 } | |
| $a_5 = { 558bec535657556a006a006854544000 } | |
| $a_6 = { 558bc18bf1c1f80583e61f8d3c8540cb } | |
| $a_7 = { 558bec6aff68c8844000683455400064 } | |
| $a_8 = { 558bec83ec0c53568b7508573b3540cc } | |
| $a_9 = { 558bec515153568b357cb84000578b7d } | |
| $a_10 = { 558bec83ec14a1f8ba40008b15fcba40 } | |
| $a_11 = { 558becb800100000e81ebeffff538b5d } | |
| $a_12 = { 558b2db4804000565733db33f633ff3b } | |
| $a_13 = { 558bec51833d9cb8400000535657751d } | |
| $a_14 = { 558bec51515333db391d48cc40005657 } | |
| condition: | |
| 11 of them | |
| } | |
| rule BackdoorWin32Nioriglio_8e097b886fcbb960b83492ebda862ccc05809d0bd5352531df035d5349fc5800 { | |
| strings: | |
| $a_2 = { 558bec83c4f85356578945fc833d74ff } | |
| $a_3 = { 558bec8b4038e82d1ee6ff5dc38d4000 } | |
| $a_4 = { 558bec83c4e45356578bf18bfa8bd88b } | |
| $a_5 = { 558bec6a00538bd833c0556820085600 } | |
| $a_6 = { 558bec83c4e853884dfb8955fce85e64 } | |
| $a_7 = { 558bec8950208b40188b10ff92900000 } | |
| $a_8 = { 558bec568bf08b464c8b08ff51085e5d } | |
| $a_9 = { 558bec83c4f45356578bd8be01000000 } | |
| $a_10 = { 558bec538bd88bca8bd08b8374020000 } | |
| $a_11 = { 558bec535756558b5d088d2c8a89c753 } | |
| $a_12 = { 558bec53568bf28bd85653ff1530cc62 } | |
| $a_13 = { 558bec535684d2740883c4f0e8fb67e2 } | |
| $a_14 = { 558bec538bd88bc3e83b16f9ffc64335 } | |
| $a_15 = { 558bec538b5d08b948cb6200ba74d958 } | |
| $a_16 = { 558bec568bf08b86c80000008b08ff51 } | |
| $a_17 = { 558bec83c4f48955f88945fca158ff64 } | |
| $a_18 = { 558bec6a00538bda33d25568fe9b5500 } | |
| $a_19 = { 558be833db0fb77d0e0fb7750c662bf7 } | |
| $a_20 = { 558bec33c95151515151538855fb8945 } | |
| $a_21 = { 558bec535684d2740883c4f0e837f9e4 } | |
| $a_22 = { 558bec33c055685de55f0064ff306489 } | |
| $a_23 = { 558bec53565784d2740883c4f0e8a6d0 } | |
| $a_24 = { 558bec53568bf28bd88bc3e8082a0000 } | |
| $a_25 = { 558bec515356578b5d085333c05568fe } | |
| $a_26 = { 558bec51535657e8b478e2ff8855ff8b } | |
| $a_27 = { 558bec5356578bfa8bd88bc3e843feff } | |
| $a_28 = { 558b45c0e84bebffff598845df807ddf } | |
| $a_29 = { 558bec83c4f4535633c9894dfc8bf233 } | |
| $a_30 = { 558bec51535684d2740883c4f0e87e26 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Nioupale_446e71e2b12758b4ceda27ba2233e464932cf9dc96daa758c4b221c8a433570f { | |
| strings: | |
| $a_2 = { 558bec83ec1c568d45fc5733f65068ff } | |
| $a_3 = { 558becb818190000e8233e0000535657 } | |
| $a_4 = { 558bec81ec7c0200005356578d8584fd } | |
| $a_5 = { 558bec6aff68f8f1a3166840c8a31664 } | |
| $a_6 = { 558becb808380000e8ac2a0000535657 } | |
| $a_7 = { 558bec81ec0808000053568b3504f1a3 } | |
| $a_8 = { 558bec578b7d1485ff7e1f8a4510b103 } | |
| $a_9 = { 558becb814280000e8d7700000535633 } | |
| $a_10 = { 558bec81ec0c04000053565768f40100 } | |
| $a_11 = { 558bec83ec18565733ff8b3548f0a316 } | |
| $a_12 = { 558bec81ec0804000053565733dbbf80 } | |
| $a_13 = { 558bec51a1ace4a3168365fc0085c056 } | |
| $a_14 = { 558bec81ec2c02000083a5d4fdffff00 } | |
| $a_15 = { 558bec83ec148b451053568b750c85c0 } | |
| $a_16 = { 558bec81ec080800005356b800040000 } | |
| $a_17 = { 558bec51834dfcff8d45fc56506a20ff } | |
| $a_18 = { 558bec83ec4c535657ff7510683cd4a3 } | |
| $a_19 = { 558bec81ec240100008b4d1053568b75 } | |
| $a_20 = { 558bec81ec0c08000053565768f40100 } | |
| $a_21 = { 558bec6aff6808f2a3166840c8a31664 } | |
| $a_22 = { 558becb870150000e8e00e0000535657 } | |
| $a_23 = { 558bec83ec2056578b7d088d45e06a1c } | |
| $a_24 = { 558becb898640000e83e150000535657 } | |
| $a_25 = { 558bec83ec105633f6837d1001c745f0 } | |
| $a_26 = { 558bec81ec040800005356505381c34e } | |
| $a_27 = { 558bec81ec000900008b450c568b3504 } | |
| $a_28 = { 558bec81ecbc0600005356578d85d4fa } | |
| $a_29 = { 558bec8b4d0833c03945107e10803c08 } | |
| $a_30 = { 558bec81ec04080000568d85fcf7ffff } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Nitvea_af56cce028eeb2eca241ad1c0c8323f7f16f973314994f8cb39315192e3d6829 { | |
| strings: | |
| $a_2 = { 558b00890424833c2400742c8bc78b0c } | |
| $a_3 = { 558bec515356578945fc8b45fce81ecf } | |
| $a_4 = { 558bec83c4f48b45088b108955f48b50 } | |
| $a_5 = { 558bec83c4f853568945fc8b45fc8b55 } | |
| $a_6 = { 558bec33c055687e40400064ff306489 } | |
| $a_7 = { 558bec83c4f05356578bda85db78078b } | |
| $a_8 = { 558bec33c055682144400064ff306489 } | |
| $a_9 = { 558bf28bd8eb0853e874eaffff8bd88a } | |
| $a_10 = { 558bec33d255686218400064ff326489 } | |
| $a_11 = { 558be61d6bbafce3910c92a6c876d6ee } | |
| $a_12 = { 558bec515356578bf28bd8803dac8540 } | |
| $a_13 = { 558becff7508e8e9feffff5dc2040090 } | |
| $a_14 = { 558bec83c4c8535657894dd88bda8945 } | |
| $a_15 = { 558bec33c055688159400064ff306489 } | |
| $a_16 = { 558bec83c4f88b45088b108955f88b50 } | |
| $a_17 = { 558bec83c4ec56578b45088bf08d7dec } | |
| $a_18 = { 558bec83c4f053568955fc8bf08b45fc } | |
| $a_19 = { 558bec83c4f85356578bd8803dac8540 } | |
| $a_20 = { 558bec518945fc33d25568643f400064 } | |
| $a_21 = { 558bec83c4f85356578945fca12c7040 } | |
| $a_22 = { 558bec53803dac854000000f84cc0000 } | |
| $a_23 = { 558bec515356578bd833c0a3b0854000 } | |
| $a_24 = { 558bec83c4d45356578955f88945fc8d } | |
| $a_25 = { 558bec81c4b4feffff53568bf0b3018d } | |
| $a_26 = { 558bec33c05568c159400064ff306489 } | |
| $a_27 = { 558bec33c05568e94e400064ff306489 } | |
| $a_28 = { 558bec33c05568c142400064ff306489 } | |
| $a_29 = { 558bec33c05568214f400064ff306489 } | |
| $a_30 = { 558bf0bf00864000bd048640008b1df8 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Nivdort_5960c8fc4dec1363401b266ebcf48284155f55756dc012ad4c50db51c76fc1b4 { | |
| strings: | |
| $a_2 = { 558bec83ec088b450c85c075078b4510 } | |
| $a_3 = { 558bec8b450c56578b7d088bf1578366 } | |
| $a_4 = { 558be7812ebbbcc2c8f3296825796648 } | |
| $a_5 = { 558bec83ec3456576908f9f0c604901e } | |
| $a_6 = { 558bec6aff6862fc410064a100000000 } | |
| $a_7 = { 558bec53568bf1578b7d088d55088b46 } | |
| $a_8 = { 558bec568be9070000000400c7000030 } | |
| $a_9 = { 558bec6aff68d9fd410064a100000000 } | |
| $a_10 = { 558bec6aff68e2fc410064a100000000 } | |
| $a_11 = { 558bec81ec3402000056bb7cf6d64ea7 } | |
| $a_12 = { 558bec568b7508578d4518ff751c8b3e } | |
| $a_13 = { 558bec6aff6819fe410064a100000000 } | |
| $a_14 = { 558bec518b45085356578b400c8b7d0c } | |
| $a_15 = { 558bec6aff68d9fa410064a100000000 } | |
| $a_16 = { 558bec51518b45e977000000008bd0b9 } | |
| $a_17 = { 558bec8b4d10568b750885c98b067436 } | |
| $a_18 = { 558bec6aff6859fd410064a100000000 } | |
| $a_19 = { 558bec83ec14561360c12568f50c7456 } | |
| $a_20 = { 558bec6aff683008420068e6f8410064 } | |
| $a_21 = { 558bec51535657415d6e4d103a5b40c1 } | |
| $a_22 = { 558becaf3c4acd9af949006e860965ae } | |
| $a_23 = { 558bec6aff6879fc410064a100000000 } | |
| $a_24 = { 558bec6a00ffe93b000000ebffff8b5b } | |
| $a_25 = { 558bec56578b7d0885ff74638b45e97b } | |
| $a_26 = { 558bec568b750833c03846440f85a400 } | |
| $a_27 = { 558becffc2fc0cbdaa9260bdb864d5ef } | |
| $a_28 = { 558bec518b450c8365fc0085c0567521 } | |
| $a_29 = { 558bec8b4d0c538b5d08e9320000006a } | |
| $a_30 = { 558bec5356576fe6f79fbffc17290412 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Noancooe_cc9ffde57fbcae676f6b25c716f09dd89e93be96320197e6065f9fc0d8a0bb2b { | |
| strings: | |
| $a_2 = { 558bece80f000000837d08007405e82c } | |
| $a_3 = { 558bec8b45086a048b48048b09e8ba6d } | |
| $a_4 = { 558bec83e4f881ec780600005333db56 } | |
| $a_5 = { 558bec83e4f881ec5c0a0000538b5d08 } | |
| $a_6 = { 558bec83ec1c8d45f056ff7510be4c36 } | |
| $a_7 = { 558bec566a108bf1e87b7f01008bd059 } | |
| $a_8 = { 558bec837d18007417ff7518b910184c } | |
| $a_9 = { 558bec53ff75088bd9e8d4ffffff85c0 } | |
| $a_10 = { 558bec83ec085356578b7d148b4f0c8b } | |
| $a_11 = { 558bec81ec18020000e81572000084c0 } | |
| $a_12 = { 558bec833ddc344c0000750633c05dc2 } | |
| $a_13 = { 558bec8b550883c144e83b0c000033c0 } | |
| $a_14 = { 558becff750cff75086a1ae88e95fcff } | |
| $a_15 = { 558bec83e4f8b80c2d0000e850480200 } | |
| $a_16 = { 558bec83ec1453568bf1578d4d0ce862 } | |
| $a_17 = { 558bec568bf157c70698284b0033ff8d } | |
| $a_18 = { 558bec837d10000f85271b06008b0d7c } | |
| $a_19 = { 558bec83ec185356578bd98b4d0c68f0 } | |
| $a_20 = { 558bec8b45088b48048b09e8c86cfbff } | |
| $a_21 = { 558bec8b450883f8107766ff248551d0 } | |
| $a_22 = { 558bec83ec10568b750c833e000f84b1 } | |
| $a_23 = { 558bec8b4d0c5685c97516e8f02c0000 } | |
| $a_24 = { 558bec8b0d7c184c00a170184c00538b } | |
| $a_25 = { 558bec5157ff15c4d348008bf885ff74 } | |
| $a_26 = { 558bec83ec10ff75088d4df0e8627ffe } | |
| $a_27 = { 558bec837d0800568bf175095151e890 } | |
| $a_28 = { 558bec83ec1c57ff7508b910184c00e8 } | |
| $a_29 = { 558bec83ec2853565768d0010000e8a1 } | |
| $a_30 = { 558bec8b45086a01ff700850e8df1600 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Nosrawec_b3ea1294a8c7e822f13e5876fea71a103863826c64db83d0044b21211237293c { | |
| strings: | |
| $a_2 = { 558bcafbbd801dd038b6b9e01e2bcb89 } | |
| $a_3 = { 558be88db510224e83c604827670c281 } | |
| $a_4 = { 558b4401e0615ba15059161c82620856 } | |
| $a_5 = { 558bec5378037eeb40fa787668707563 } | |
| $a_6 = { 558bc705cefe3407720c050744542580 } | |
| condition: | |
| 5 of them | |
| } | |
| rule BackdoorWin32Notpa_e8ecd7c897eeaac81a39a047bd2f2d11f1fd10e5e45688669ec5e617b60a1e04 { | |
| strings: | |
| $a_2 = { 558bec83ec0c682610400064a1000000 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Nuclear_5552de6757d369eaf763e2d605474904d5c56672818d56bd0e6900402f613043 { | |
| strings: | |
| $a_2 = { 558bec538bd86a000fb6c350e8e343fe } | |
| $a_3 = { 558bec83c4d45756538945fca04fb744 } | |
| $a_4 = { 558bec535633f633db8b45088b00e8d5 } | |
| $a_5 = { 558bec33c05568bee1420064ff306489 } | |
| $a_6 = { 558bec8b45088078fe0075548b450880 } | |
| $a_7 = { 558bec33c0556890a2420064ff306489 } | |
| $a_8 = { 558bec83c4c833d28955cc8955c88955 } | |
| $a_9 = { 558bec535657833d1423430000745233 } | |
| $a_10 = { 558bea8bf08bc58bd6e883d4ffff8bc6 } | |
| $a_11 = { 558bec6a0033c05568aeb0420064ff30 } | |
| $a_12 = { 558bec81c4dcf7ffff53565733c08985 } | |
| $a_13 = { 558becb9eb0000006a006a004975f951 } | |
| $a_14 = { 558bec33c951515151515133c0556848 } | |
| $a_15 = { 558bec83c4f88945fc8d4df831c08b55 } | |
| $a_16 = { 558bec6a005356578bd833c055689d16 } | |
| $a_17 = { 558bec83c4c4b810d24200e86c83fdff } | |
| $a_18 = { 558bec8b55088b450c8b4d10e837bfff } | |
| $a_19 = { 558be98bfa8bf033db6a006a006a006a } | |
| $a_20 = { 558bec33c0556807d2420064ff306489 } | |
| $a_21 = { 558bec81c4ccfdffff53565733d28995 } | |
| $a_22 = { 558bec6a006a006a005333c055684478 } | |
| $a_23 = { 558bec83c4e853565733c08945e88b7d } | |
| $a_24 = { 558bec51538945fc8d45fce8d061ffff } | |
| $a_25 = { 558bec83c4f85356578945fca1209014 } | |
| $a_26 = { 558bec518945fc33d255681460400064 } | |
| $a_27 = { 558bec5356578b7d108b5d0c33c033f6 } | |
| $a_28 = { 558bec51535657884dff8bfa8bd88bf3 } | |
| $a_29 = { 558bec535657833d2023430000745233 } | |
| $a_30 = { 558bec81c4ecfaffff53565733c08985 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Ocivat_3b46c317116065c4308e674a1a02b0e7985015d7bccd004c70ce561e8ced8e4f { | |
| strings: | |
| $a_2 = { 558bd8c1fb038bcb885dffc1f908884d } | |
| $a_3 = { 558b6c24545657c7442410000000008d } | |
| $a_4 = { 558bac24140200005685ed57750ea048 } | |
| $a_5 = { 558b4254ff1083c40885c00f8ed50500 } | |
| $a_6 = { 558bec81ec140200008b4508538bd956 } | |
| $a_7 = { 558b571052e8e262ffff83c0076a7099 } | |
| $a_8 = { 558bac249400000056576a0a8b753cbb } | |
| $a_9 = { 558b6c241456578b7c241885ed8bf574 } | |
| $a_10 = { 558b6c24303beb750be8cccffeff8be8 } | |
| $a_11 = { 558bf0e8fd00000083c41068ee010000 } | |
| $a_12 = { 558bec81ec800000008b45148b4d1053 } | |
| $a_13 = { 558bec83e4f8b8c4040000e8c0e80000 } | |
| $a_14 = { 558b6c24145756e89eadfeff8b0883c4 } | |
| $a_15 = { 558b6c240c5785ed751468e700000068 } | |
| $a_16 = { 558b56044752e873dbffff83c4043bf8 } | |
| $a_17 = { 558b028b0e5051e8df1b00008b7c2454 } | |
| $a_18 = { 558b6c247856578b45588b8870020000 } | |
| $a_19 = { 558bec6aff68a1e2440064a100000000 } | |
| $a_20 = { 558b6c2414568b7424145768781f4500 } | |
| $a_21 = { 558b6c240c33c9563be9577568a1a08d } | |
| $a_22 = { 558bec83ec748b450853565750e83efe } | |
| $a_23 = { 558bec83ec0853568bf1578975fc8d46 } | |
| $a_24 = { 558b6c240c565785d274178b75588b8d } | |
| $a_25 = { 558b6c24145655c744241000000000e8 } | |
| $a_26 = { 558bac249c0000005655e8499dfeff8b } | |
| $a_27 = { 558bec81ec9001000053568bd933f657 } | |
| $a_28 = { 558bec6aff6890b345006876e1440064 } | |
| $a_29 = { 558b6c240c56578b7d0033f657e8a3e4 } | |
| $a_30 = { 558bec6aff68bee3440064a100000000 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Oderoor_be0bc7e79ee7f881d913a7362fdf9df52cbd33e59e02d2164eca5453a6b8e745 { | |
| strings: | |
| $a_2 = { 558b0100bb43e925530100682f092cca } | |
| $a_3 = { 558ba4f05af88269e1a5b10643c4fc8d } | |
| $a_4 = { 558bd9db258806b6eed0c5913447dea6 } | |
| $a_5 = { 558b4a7eb6766d3ed9dcf21f33c29a4b } | |
| condition: | |
| 4 of them | |
| } | |
| rule BackdoorWin32OnionDuke_9acba7e5f972cdd722541a23ff314ea81ac35d5c0c758eb708fb6e2cc4f598a0 { | |
| strings: | |
| $a_2 = { 558bec6aff68a12a051064a100000000 } | |
| $a_3 = { 558bec6aff6840c7041064a100000000 } | |
| $a_4 = { 558bec6aff68d92d051064a100000000 } | |
| $a_5 = { 558bec56ff75088bf1e8fdb1ffffc706 } | |
| $a_6 = { 558bec6aff681933051064a100000000 } | |
| $a_7 = { 558bec6aff68a303051064a100000000 } | |
| $a_8 = { 558bec83ec2056576a0859be10510510 } | |
| $a_9 = { 558bec8b49f88d45f483ec0cff750850 } | |
| $a_10 = { 558becf6450801568bf1c706dca10510 } | |
| $a_11 = { 558bec83ec1c538b1da4420510578bf9 } | |
| $a_12 = { 558bec83ec18568b35a4420510578bf9 } | |
| $a_13 = { 558bec6aff68a6e3041064a100000000 } | |
| $a_14 = { 558bec8b4508568bf23bce741b8d4900 } | |
| $a_15 = { 558bec8b450885c07515e819b7ffffc7 } | |
| $a_16 = { 558bec6aff6891b7041064a100000000 } | |
| $a_17 = { 558bec833dec49051000b8e849051074 } | |
| $a_18 = { 558bec568d71948bcee822000000f645 } | |
| $a_19 = { 558bec6aff6877f7041064a100000000 } | |
| $a_20 = { 558bec6aff6801b7041064a100000000 } | |
| $a_21 = { 558bec6aff68fe09051064a100000000 } | |
| $a_22 = { 558bec83ec088b41ec538b59e8894dfc } | |
| $a_23 = { 558bec6aff68f3bc041064a100000000 } | |
| $a_24 = { 558becff7508ff15304105105dc3558b } | |
| $a_25 = { 558bec6aff68d8b0041064a100000000 } | |
| $a_26 = { 558bec6aff68f0df041064a100000000 } | |
| $a_27 = { 558bec6aff6880c4041064a100000000 } | |
| $a_28 = { 558bec6aff6899f6041064a100000000 } | |
| $a_29 = { 558bec6afe6880d505106860f0031064 } | |
| $a_30 = { 558bec6aff68f3d6041064a100000000 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Optixpro_654c36199bcf874a1d6570203d81e64d5e561e8dd99f0b075fc569805b79c5ce { | |
| strings: | |
| $a_2 = { 558b96b75f7340e8b8fcffff3f07933b } | |
| $a_3 = { 558bdb1f420cb6aa038727114bed2557 } | |
| $a_4 = { 558be9cefa0e89e4885ad5d9bb7007e6 } | |
| $a_5 = { 558bd9662d0449d5c06a049f68e46807 } | |
| $a_6 = { 5589e5b87816f0eceb546551aac53b0b } | |
| condition: | |
| 5 of them | |
| } | |
| rule BackdoorWin32Oztratz_80e67faef90e8aa51a4638427ef649bec5fe3de67f823dfc0cb988021cdbdc17 { | |
| strings: | |
| $a_2 = { 558bec6a0458e8815ffcff8b451c668b } | |
| $a_3 = { 558bec6a0458e8e659fcff8b4510668b } | |
| $a_4 = { 558bec83ec0c680612400064a1000000 } | |
| $a_5 = { 558baa262156184c0135cf548531e996 } | |
| $a_6 = { 558bec6a0858e8915bfcff8b4518dd45 } | |
| $a_7 = { 558bec6a0458e8815cfcff8b45108b4d } | |
| $a_8 = { 558bec5151680612400064a100000000 } | |
| $a_9 = { 558bec6a0858e88758fcff8b4528dd45 } | |
| $a_10 = { 558bec6a0858e8a355fcff8b4524dd45 } | |
| $a_11 = { 558b8f49492c7b373b341a6425f21245 } | |
| $a_12 = { 558bec6a0458e8a256fcff8b4530d945 } | |
| $a_13 = { 558bec6a0458e8785bfcff8b451c8b4d } | |
| $a_14 = { 558bec6a0458e8be55fcff8b4520668b } | |
| $a_15 = { 558bec6a0458e85a5afcff8b4518668b } | |
| $a_16 = { 558b65c4b1ca9f6a8f6cefc7f2daf420 } | |
| $a_17 = { 558bec33c05dc21400558bec6a0458e8 } | |
| $a_18 = { 558bec6a0458e8d35dfcff8b4510d945 } | |
| $a_19 = { 558bec6a0458e8eb5afcff8b4514668b } | |
| $a_20 = { 558bec6a0858e8cb59fcff8b45148b4d } | |
| $a_21 = { 558bec33c05dc22400558bec33c05dc2 } | |
| $a_22 = { 558bec6a0458e89c5cfcff8b451c668b } | |
| $a_23 = { 558bec6a0458e83056fcff8b452cd945 } | |
| $a_24 = { 558bec6a0458e8ac59fcff8b4528668b } | |
| $a_25 = { 558bec6a0458e89159fcff8b45208b4d } | |
| $a_26 = { 558bec6a0458e8055cfcff8b452c668b } | |
| $a_27 = { 558bec6a0858e80d59fcff8b45108b4d } | |
| condition: | |
| 22 of them | |
| } | |
| rule BackdoorWin32Pahador_fbb104577c773522eb413e9db325d821c0385bfde4b7207579f62e5da75e8a01 { | |
| strings: | |
| $a_2 = { 558bec33c05568addb420064ff306489 } | |
| $a_3 = { 558bec33c05568b5de460064ff306489 } | |
| $a_4 = { 558bec51e8ff9bffff668945fe8a45fe } | |
| $a_5 = { 558bec33c055689991460064ff306489 } | |
| $a_6 = { 558bec83c4f433c08945f433c05568a3 } | |
| $a_7 = { 558bec535684d2740883c4f0e8e7acfe } | |
| $a_8 = { 558bec518945fc8b45fc8b8004030000 } | |
| $a_9 = { 558b45fce81e97f9ff85c07e498d45d8 } | |
| $a_10 = { 558bd6a1087c4900e824320000e8532f } | |
| $a_11 = { 558bec83c4f85356578945fca1284049 } | |
| $a_12 = { 558bec6a005356578bd833c055682306 } | |
| $a_13 = { 558bec5356a18c7b4900837804000f95 } | |
| $a_14 = { 558bec6a005333c055684395480064ff } | |
| $a_15 = { 558bec33c05568edf4480064ff306489 } | |
| $a_16 = { 558bec33c9515151515133c0556853e1 } | |
| $a_17 = { 558bea8bd88bc58b5378e86a4cfcff74 } | |
| $a_18 = { 558bf18bfa8bd885f67e5a85ff7456eb } | |
| $a_19 = { 558bec33c05568033b490064ff306489 } | |
| $a_20 = { 558bec53565784d2740883c4f0e8467f } | |
| $a_21 = { 558bec5153a12469490080780c000f84 } | |
| $a_22 = { 558bec83c4e453568bf28bd8c745fc04 } | |
| $a_23 = { 558bec83c4f48955f88945fca1e87949 } | |
| $a_24 = { 558bec33c0556899d1420064ff306489 } | |
| $a_25 = { 558bec6a0033c05568ba93480064ff30 } | |
| $a_26 = { 558bec83c4f8535657e84640faff8855 } | |
| $a_27 = { 558b45f48b406c8b55f0e84c1b00008b } | |
| $a_28 = { 558bc3e80ab9feff50e80c8dfbff5d5f } | |
| $a_29 = { 558bec6a00538bd833c0556886fd4400 } | |
| $a_30 = { 558bec6a006a0053568bf233c055687b } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Paras_dadd8e247ef1b1fa1e34a22202c97839c7c89859917a1813c215e0136112d41a { | |
| strings: | |
| $a_2 = { 558b5424208d4c240451526a00ff15fc } | |
| $a_3 = { 558bec6aff68c023001064a100000000 } | |
| $a_4 = { 558bec6aff6878300010682022001064 } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorWin32Pasur_17d5aca5d2c75049819fd4e56772d4e2e62fee0da833f795ca231a31a392040c { | |
| strings: | |
| $a_2 = { 558b61f561685e745a3c7571cb504770 } | |
| $a_3 = { 558b4722aaea532289c55708968ba550 } | |
| $a_4 = { 558b098293c546eac7c26b9a2c7ae059 } | |
| $a_5 = { 558bec5356578b7d108b5d77effeff0c } | |
| condition: | |
| 4 of them | |
| } | |
| rule BackdoorWin32Patpoopy_483406c55aa1ec7acd5d017d42f101a5293a7b257c26ab2a2d618beba2de71b9 { | |
| strings: | |
| $a_2 = { 558bf3a9e218f7b60366f81fe5352464 } | |
| $a_3 = { 558bec8b45085633f63bc6751de8a97b } | |
| $a_4 = { 558bf2ba2090758a4a8554ad827dddd4 } | |
| $a_5 = { 558bec5151568d45f8506a04ff751033 } | |
| $a_6 = { 558bec8b4508568d34c590273110833e } | |
| $a_7 = { 558b8ff7fedf56fe13d81cc760f159d7 } | |
| $a_8 = { 558bc162e4440ce6db1d658a8b1c62f2 } | |
| $a_9 = { 558bcef04e0b8a2fa5acca537f477302 } | |
| $a_10 = { 558bec8b4508b94d5a000083ec286639 } | |
| $a_11 = { 558bec83e4f881ec8c000000538bd88b } | |
| $a_12 = { 558bec6a0a6a00ff7508e89c6fffff83 } | |
| $a_13 = { 558bec56ff351c2631108b35ac000110 } | |
| $a_14 = { 558bec83ec0ca1f82b311033c58945fc } | |
| $a_15 = { 558b14cbf5c926355226ea2c125058f1 } | |
| $a_16 = { 558bfabe99afa39f6c2144dc642a0257 } | |
| $a_17 = { 558b250a092caade80e7d2eb43a703b5 } | |
| $a_18 = { 558bec535657556a006a006880e30010 } | |
| $a_19 = { 558bec8b4508a3343d32105dc38bff55 } | |
| $a_20 = { 558b0a200bf6d135a212dad72b7b8534 } | |
| $a_21 = { 558bdd2348e7b1a95747f230a3bc151e } | |
| $a_22 = { 558becff3544373210e814f8ffff5985 } | |
| $a_23 = { 558bec51518b550853568b7510578b3e } | |
| $a_24 = { 558bec83ec1853ff75148d4de8e88570 } | |
| $a_25 = { 558bc71c7e43be7ad62c60f4bf1bf2d9 } | |
| $a_26 = { 558bec81ec140200005356578b3d0c00 } | |
| $a_27 = { 558bec83ec108b0633c9578b7e044183 } | |
| $a_28 = { 558b708c216be6493d4906426e916ba6 } | |
| $a_29 = { 558bec83ec1853ff75108d4de8e8e99f } | |
| $a_30 = { 558bec568b7508b8782931103bf07222 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Pavica_0b291cb606116092fcef01ba509790e2078572f02a95cd8bbd979207ca7d0942 { | |
| strings: | |
| $a_2 = { 5589e583ec08535631db6a0068800000 } | |
| $a_3 = { 5589e5ff7518ff75148d5510528d550c } | |
| $a_4 = { 558b31dc2a49f8d2033d4a9b1846fbbf } | |
| $a_5 = { 5589e553568b75088b5d0c31d242ac84 } | |
| $a_6 = { 5589e5ff15068d000785c0740cff7508 } | |
| $a_7 = { 5589e551578b7d088b4d0c31c0f3aa5f } | |
| $a_8 = { 5589e55156578b750c8b7d088b4d10f3 } | |
| $a_9 = { 5589e583ec1451535657c745f0000000 } | |
| $a_10 = { 5589e55156578b75088b7d0c8b4d10f3 } | |
| $a_11 = { 5589e55657538b5d08837d0c007452ff } | |
| $a_12 = { 5589e5515631c98b750885f67408ac84 } | |
| $a_13 = { 5589e5568b750856e81300000001c646 } | |
| $a_14 = { 5589e583ec1453c745ec00000000c745 } | |
| $a_15 = { 5589e583ec0851535657c745fc000000 } | |
| $a_16 = { 5589e583ec04538d5dfc536a40ff7510 } | |
| $a_17 = { 5589e583ec3c535657c745f904000000 } | |
| $a_18 = { 5589e583ec04535731ffff750ce80c00 } | |
| $a_19 = { 5589e5ff7508e80efcffffff7514ff75 } | |
| $a_20 = { 5589e583ec38535657c745c800000000 } | |
| $a_21 = { 5589e55153565731db8b75088b7d0c80 } | |
| $a_22 = { 5589e581ec2c02000053566a148d55e9 } | |
| condition: | |
| 18 of them | |
| } | |
| rule BackdoorWin32Payduse_24c311a1e25b339f8602df28ea41acff42acc9feba8d29a69785ab71d45bb891 { | |
| strings: | |
| $a_2 = { 558bec6800001188e801051c04f8b800 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32PcClient_1d243ac981c22eded5ffd0b7eb17173d746fe91e1bc27d0444fd5ad4f50fdb24 { | |
| strings: | |
| $a_2 = { 558bcee8bffaffff8b138bce5257e824 } | |
| $a_3 = { 558bec6aff68f070001064a100000000 } | |
| $a_4 = { 558bec6aff680071001064a100000000 } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorWin32Pedex_1f9c865df34e5a2eda721d68dee4a459436ae0a737fc48f13da4afb5fee38d7d { | |
| strings: | |
| $a_2 = { 558b5d20b6662cdaf98fcaf470c2a313 } | |
| $a_3 = { 558b6baeb9c8af1decc1a633c5a455f5 } | |
| $a_4 = { 558b2f4043cc0a7edf5fd4e535b506df } | |
| $a_5 = { 558b788cc2a11cd6a24e3937ba1fc63c } | |
| $a_6 = { 558b649ffa6aca94ae257d1eed8f7fad } | |
| $a_7 = { 558b4e09d3aba080377018929191b6ce } | |
| $a_8 = { 558b5c78bd0b4b843d59f1bbc67b751d } | |
| $a_9 = { 558ba01650a07018c4b533ee28d3a964 } | |
| $a_10 = { 558bbeff52cca8664fcd3e2b69e1f05a } | |
| $a_11 = { 558b4e51ba041fda3a3db5ecdd5ad658 } | |
| condition: | |
| 9 of them | |
| } | |
| rule BackdoorWin32Pfinet_2007aa72dfe0c6c93beb44f737b85b6cd487175e7abc6b717dae9344bed46c6c { | |
| strings: | |
| $a_2 = { 558bec83ec28a160c5011033c58945fc } | |
| $a_3 = { 558bec8b45088b0dc491011056395004 } | |
| $a_4 = { 558becb808200000e867c9ffff8b450c } | |
| $a_5 = { 558bec81ec78020000a15059011033c5 } | |
| $a_6 = { 558bec83ec1853ff75148d4de8e8a168 } | |
| $a_7 = { 558bec8b4508b9505b01103bc1721f3d } | |
| $a_8 = { 558bec837d0800750bff750ce8e3fcff } | |
| $a_9 = { 558bec515356ff751433f6ff7510ff75 } | |
| $a_10 = { 558bec6afe6878b6400068d04e400064 } | |
| $a_11 = { 558bec33c08b4d083b0cc5388b011074 } | |
| $a_12 = { 558bec535657556a006a006828b40010 } | |
| $a_13 = { 558bec83ec1856578d75e8a3586b0110 } | |
| $a_14 = { 558bec83ec10ff75088d4df0e818b8ff } | |
| $a_15 = { 558bec518365fc00566a406800300000 } | |
| $a_16 = { 558bec83ec20a150d9400033c58945fc } | |
| $a_17 = { 558bec565733f6ff7508e886e0ffff8b } | |
| $a_18 = { 558becb80c100000e8b28bffff5633f6 } | |
| $a_19 = { 558bec56e8e1dfffff8bf085f60f8432 } | |
| $a_20 = { 558becff05106b01106800100000e823 } | |
| $a_21 = { 558bec8b450c48752621450c8d450c50 } | |
| $a_22 = { 558bec51518b4d08538b1d6c10011056 } | |
| $a_23 = { 558bec8b450885c07515e876bbffffc7 } | |
| $a_24 = { 558bec837d08007515e848fcffffc700 } | |
| $a_25 = { 558bec81ec1801000053578bfa8bd885 } | |
| $a_26 = { 558bec5633c0e83605000033f6b00139 } | |
| $a_27 = { 558bec56ff75088bf1e8fa3f0000c706 } | |
| $a_28 = { 558bec8b4508568d34c5c0c20110833e } | |
| $a_29 = { 558bec51536a20ff7508b30156e87359 } | |
| $a_30 = { 558bec8b4508568d34c5b8590110833e } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Phdet_dc53f1bc9c0eb618b7c9a1b25bb3ed16a92ef2c7aec8f5818c30668a74116899 { | |
| strings: | |
| $a_2 = { 558bec81ecd00200002185e4feffff8d } | |
| $a_3 = { 558bec81ecc003000081fa270200000f } | |
| $a_4 = { 558bec81ecf002000013c2018528fdff } | |
| $a_5 = { 558bec81ece00300006681ad60feffff } | |
| $a_6 = { 558bec81ec8002000089ea03420e234a } | |
| $a_7 = { 558bec81ec9003000003c085d20f84a7 } | |
| $a_8 = { 558bec81ecf80300003bc1742381e133 } | |
| $a_9 = { 558bec81ec180200003df30000000f85 } | |
| $a_10 = { 558bec81ec280300003bca0f85340000 } | |
| $a_11 = { 558bec81ec580200003bc875151bca13 } | |
| $a_12 = { 558bec81ec0004000081eac134000023 } | |
| $a_13 = { 558bec81ec48030000399510fdffff0f } | |
| $a_14 = { 558bec81ecc00300001bd2338d44fdff } | |
| $a_15 = { 558bec81ec48030000253638000080a5 } | |
| condition: | |
| 12 of them | |
| } | |
| rule BackdoorWin32Pigskarb_12b4957bf0ec51989ad9d3ee05a7b78c70f599ed377e2888c4b8310988253c3e { | |
| strings: | |
| $a_2 = { 558bec81ec20020000c6853bffffff0a } | |
| $a_3 = { 558bec83ec2ca170e0420033c58945fc } | |
| $a_4 = { 558bec83ec20a170e0420033c58945fc } | |
| $a_5 = { 558bec83ec34a170e0420033c58945fc } | |
| $a_6 = { 558bec83ec2033c08b0cc5a8e342003b } | |
| $a_7 = { 558bec5356576a006a00684b47420051 } | |
| $a_8 = { 558bec83ec10a170e042008365f80083 } | |
| $a_9 = { 558bec83ec10ff75088d4df0e8dcb2ff } | |
| $a_10 = { 558bec81ec24020000c68537ffffff14 } | |
| $a_11 = { 558beca170a04200a3b8e443008b0d74 } | |
| $a_12 = { 558bec83ec1853ff75108d4de8e8e497 } | |
| $a_13 = { 558bec81ec28020000c6852bffffff05 } | |
| $a_14 = { 558beca168a14200a368e143008b0d64 } | |
| $a_15 = { 558bec83ec10ff75088d4df0e8a19dff } | |
| $a_16 = { 558bec83e4f081ec80000000a170e042 } | |
| $a_17 = { 558bec81ec0002000053c6853fffffff } | |
| $a_18 = { 558bec83ec18dd05b0a64200dd5df0dd } | |
| $a_19 = { 558bec83ec10ff750c8d4df0e8f9c7ff } | |
| $a_20 = { 558beca100a04200a3e8e143008b0d64 } | |
| $a_21 = { 558bec83ec28a170e0420033c58945fc } | |
| $a_22 = { 558beca1f4a24200a300e743008b0df8 } | |
| $a_23 = { 558bec83ec10ff750c8d4df0e82f97ff } | |
| $a_24 = { 558bec81ec000200005356c6853fffff } | |
| $a_25 = { 558bec83ec105333db538d4df0e805d0 } | |
| $a_26 = { 558bec83ec10ff75088d4df0e8a69bff } | |
| $a_27 = { 558bec8b4508568d34c500eb4200833e } | |
| $a_28 = { 558bec5151a170e0420033c58945fca1 } | |
| $a_29 = { 558bec83ec20535657e8c2d0ffff33db } | |
| $a_30 = { 558bec83ec74a170e0420033c58945fc } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Pingbed_f27593fd1d391f9925230a1abc12b8f3791fc43ea980ecefa281147c1070b00d { | |
| strings: | |
| $a_2 = { 558bec81ec1c010000f60514a5001001 } | |
| $a_3 = { 558bec5356576a40ff750cbfacb60010 } | |
| $a_4 = { 558bec81ec98010000837d0800560f85 } | |
| $a_5 = { 558bec83ec20535657e82b030000a120 } | |
| $a_6 = { 558bec83ec0c5356578bf1e803fcffff } | |
| $a_7 = { 558bec33c03945147e1d568b55108b75 } | |
| $a_8 = { 558bec5153568b750c576a08894dfc33 } | |
| $a_9 = { 558bec518a41088365fc00568d710857 } | |
| $a_10 = { 558bec6aff68f865001068384f001064 } | |
| $a_11 = { 558bec83ec1c8b45088365f400a348b2 } | |
| $a_12 = { 558bec83ec1c8d45fc56506828000200 } | |
| $a_13 = { 558bec81ec2008000053565733db6a1c } | |
| $a_14 = { 558bec81ec140100008365fc0056576a } | |
| $a_15 = { 558bec81ec90010000568b3518620010 } | |
| $a_16 = { 558bec538b5d08565785db8bf10f84ac } | |
| $a_17 = { 558bec83ec548d45f853508b450c6a53 } | |
| $a_18 = { 558becb890200000e82a13000056be04 } | |
| $a_19 = { 558becb85c200000e8e2030000535657 } | |
| $a_20 = { 558bec83ec14565733ff6a1cbec8b100 } | |
| $a_21 = { 558bec83ec2853565768ec830010ff75 } | |
| $a_22 = { 558bec81ec140400005356578bf16a40 } | |
| $a_23 = { 558bec83ec30538b1d04620010565733 } | |
| $a_24 = { 558bec8b451056c1f803578b7d0833f6 } | |
| $a_25 = { 558becb81c220000e831020000535657 } | |
| condition: | |
| 20 of them | |
| } | |
| rule BackdoorWin32Pirpi_23e98362cb28029b5b139ef09057a521320898dfa95f36fa2b5269dca3c741a6 { | |
| strings: | |
| $a_2 = { 558bec53565752bac2717b7d8bd5e9f4 } | |
| $a_3 = { 558b4524890dbc7742006bc03c034528 } | |
| $a_4 = { 558bec6aff680904420064a100000000 } | |
| $a_5 = { 558bec81ec20080000535657898de0f7 } | |
| $a_6 = { 558b6c241456578b7c241885ed8bf574 } | |
| $a_7 = { 558bec6aff68f0224200681cde410064 } | |
| $a_8 = { 558bec6aff6818234200681cde410064 } | |
| $a_9 = { 558bec83ec38535657894dd0c745e400 } | |
| $a_10 = { 558bec6aff6838234200681cde410064 } | |
| $a_11 = { 558becb834200000e8e37f0000535657 } | |
| $a_12 = { 558bec51535657894dfc8b45fcc780f4 } | |
| $a_13 = { 558bec5756538b750c8b7d088d058c98 } | |
| $a_14 = { 558bec81ecf4060000535657c785d0fa } | |
| $a_15 = { 558bec5151833d809842000056577421 } | |
| $a_16 = { 558bec6aff6850234200681cde410064 } | |
| $a_17 = { 558bec6aff6800234200681cde410064 } | |
| $a_18 = { 558bec81ec8c040000535657c685f0fe } | |
| $a_19 = { 558bec83ec08535657837d0800740a8b } | |
| $a_20 = { 558bec81ec9c010000535657898d64fe } | |
| $a_21 = { 558bec51833d9498420000535657751d } | |
| $a_22 = { 558bec81ec90010000535657898d70fe } | |
| $a_23 = { 558bec833d1c9c420000750fff750cff } | |
| $a_24 = { 558bec83ec30535657894dd08b4510c7 } | |
| $a_25 = { 558bec83ec08535657894df88b45f805 } | |
| $a_26 = { 558bec81eca8000000535657a1a07942 } | |
| $a_27 = { 558bec535657556a006a006868954100 } | |
| $a_28 = { 558bec83ec3c535657894dc8c745e000 } | |
| $a_29 = { 558bec83ec14535657894decc745fc00 } | |
| $a_30 = { 558bec81ec80000000535657b9200000 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Plugx_8619d293a2be88df397a0352f3dab68af91e46c991fae4e538f6196f3fad6a59 { | |
| strings: | |
| $a_2 = { 558bec5151b9fcf3000066894dfc0fb7 } | |
| $a_3 = { 558bec5151a1082040008945fc53648b } | |
| $a_4 = { 558b85598b85e04327ec85b6c588c29c } | |
| $a_5 = { 558bec81ec400800000fb70508304000 } | |
| condition: | |
| 4 of them | |
| } | |
| rule BackdoorWin32Plutor_6f28dbd9e96587e2aa7d93e43cfc2c5a554d30863ecb15b2571275d318b83815 { | |
| strings: | |
| $a_2 = { 558b83ec010000e82df8fbff508bc60f } | |
| $a_3 = { 558bec83c4f853bba8974600e863f2fb } | |
| $a_4 = { 558bec53568bd88b4d088b750c8b83f0 } | |
| $a_5 = { 558bec51538d5dfca1c47646008b5508 } | |
| $a_6 = { 558bf28bd833ff8bc3e89fa0ffff508b } | |
| $a_7 = { 558bc38a0d78e94500b201e88effffff } | |
| $a_8 = { 558bec33c05568cdd3410064ff306489 } | |
| $a_9 = { 558bec83c4f433c08945f433c05568a3 } | |
| $a_10 = { 558bec6a00538bd833c0556871734300 } | |
| $a_11 = { 558bec83c4f4a164974600e8fc34feff } | |
| $a_12 = { 558bec51a1f40041005333db3bc3895d } | |
| $a_13 = { 558bec53568b707085f6740c8bd18bc6 } | |
| $a_14 = { 558bec6a0033c055680e1a450064ff30 } | |
| $a_15 = { 558bec83c4c8535657894dfc8955f089 } | |
| $a_16 = { 558bec51538bd868ffff00008bcaa160 } | |
| $a_17 = { 558bec83c4f85356578bd8803d289446 } | |
| $a_18 = { 558b45f88b40608b4008e8e2fcffff59 } | |
| $a_19 = { 558bec83c4f85356578945fca1189646 } | |
| $a_20 = { 558bec535657bfd8974600833f00756c } | |
| $a_21 = { 558bec538b45088b40fce8398600008b } | |
| $a_22 = { 558bec6a006a00538bd833c055689d5a } | |
| $a_23 = { 558bec83c4a053565733c9894da08bda } | |
| $a_24 = { 558bec83c4d85356576a0ea160804600 } | |
| $a_25 = { 558be98bfa8bd88b430ce8520400008b } | |
| $a_26 = { 558bec6a006a006a0053568bf1668955 } | |
| $a_27 = { 558bec833d0897460000740e8b450850 } | |
| $a_28 = { 558bec33c05568ad45460064ff306489 } | |
| $a_29 = { 558bec83c4ec53565733c9894df08bd8 } | |
| $a_30 = { 558bec33c05568e1b0400064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Poebot_f912f74eb4eb4f453fd0ab96ddddec698bf9583afa96101cc37ba9b27be4b35e { | |
| strings: | |
| $a_2 = { 558becb858130000e8ce15010068b902 } | |
| $a_3 = { 558bec5151837d0c007502eb3dff750c } | |
| $a_4 = { 558bec83ec0c837d080074088b45108b } | |
| $a_5 = { 558bec81ecec010000837d0800740b8b } | |
| $a_6 = { 558bec83ec0cff7510e868f000005989 } | |
| $a_7 = { 558bec51518b45088945fc8b45fc8945 } | |
| $a_8 = { 558bec81ece005000068a7010000ff75 } | |
| $a_9 = { 558bec83ec14837d0c007505e9b80000 } | |
| $a_10 = { 558bec81ec4c020000833d1ceb410000 } | |
| $a_11 = { 558bec8b45080fbe008b4d0841894d08 } | |
| $a_12 = { 558bec83ec48837d1000744e8b451083 } | |
| $a_13 = { 558bec518b45080fbe809801000085c0 } | |
| $a_14 = { 558bec81ec94010000837d08007505e9 } | |
| $a_15 = { 558bec5151ff7508e89d7e0000598945 } | |
| $a_16 = { 558bec83ec0c8b45088945f8ff7508e8 } | |
| $a_17 = { 558bec83ec10837d0c0075266a0a8d45 } | |
| $a_18 = { 558beca1a4e941005dc3558bec515183 } | |
| $a_19 = { 558bec81ec940100006a086a04e8c3dc } | |
| $a_20 = { 558becb84c100000e8616000006a0768 } | |
| $a_21 = { 558bec5151837d0c00740dff750ce883 } | |
| $a_22 = { 558bec5356578b750c8b7d088b4d1085 } | |
| $a_23 = { 558bec81ec640700005768c9020000ff } | |
| $a_24 = { 558bec51518365fc008365f800eb078b } | |
| $a_25 = { 558bec535657e88afeffffe8d1660000 } | |
| $a_26 = { 558bec535657e8acfeffffe8f3660000 } | |
| $a_27 = { 558bec81eca801000068a3010000ff75 } | |
| $a_28 = { 558bec51833d80de4100007502eb3e68 } | |
| $a_29 = { 558bec518d45fc50687f660440ff7508 } | |
| $a_30 = { 558bec5356578b750833c933c08a0e85 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Poftsyun_9ff17d8330059e7af7d98ab33548ebcfdeecf8fa407bf97af2640dc8175cbf9c { | |
| strings: | |
| $a_2 = { 558bec83ec14a13040021033c58945fc } | |
| $a_3 = { 558bec83ec10ff750c8d4df0e8f2f7ff } | |
| $a_4 = { 558bec8b4508a348600210a34c600210 } | |
| $a_5 = { 558bec8b4508a3185a02105dc38bff55 } | |
| $a_6 = { 558bec83ec185356ff750c8d4de8e8ca } | |
| $a_7 = { 558bec833d90fa01100074196890fa01 } | |
| $a_8 = { 558bec83ec0c85ff750ae8e4b0ffffe8 } | |
| $a_9 = { 558bec83ec10ff75088d4df0e8a946ff } | |
| $a_10 = { 558bec5633f63935ec5e021075393975 } | |
| $a_11 = { 558bec83ec10a1304002108365f80083 } | |
| $a_12 = { 558bf0e80f02000083c41485c00f8594 } | |
| $a_13 = { 558bac241004000068ff0300008d4424 } | |
| $a_14 = { 558bec833dec5e02100075108b45088d } | |
| $a_15 = { 558bec83ec0ceb0dff7508e87d420000 } | |
| $a_16 = { 558bec565733f6ff750cff7508e82484 } | |
| $a_17 = { 558bec8b4508568d34c580450210833e } | |
| $a_18 = { 558bec538b5d0856578bf9c70764f201 } | |
| $a_19 = { 558bec6a0a6a00ff7508e8337f000083 } | |
| $a_20 = { 558bec83ec30a13040021033c58945fc } | |
| $a_21 = { 558bec833dec5e02100075128b45088b } | |
| $a_22 = { 558bd6e8d9fbffff68c40f00008d4608 } | |
| $a_23 = { 558bec8b45085633f63bc6751de80e3e } | |
| $a_24 = { 558b6c242c565768004001008d45046a } | |
| $a_25 = { 558bec6afe68c82202106830e9001064 } | |
| $a_26 = { 558bec56ff358c4d02108b3554f10110 } | |
| $a_27 = { 558b6c2414568bf08b46188b0e578b38 } | |
| $a_28 = { 558bec83ec1853ff75148d4de8e88660 } | |
| $a_29 = { 558bec8b45085633f63bc6751ce88329 } | |
| $a_30 = { 558bec56e80972ffff8b75083bb09800 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Poison_09a67a58ebc5fbd1b2cfdbae3b366f0c9e8d6300d702f238a9379b26cc519dd0 { | |
| strings: | |
| $a_2 = { 558bec81c4d4feffff568b75086a006a } | |
| $a_3 = { 558bec83c4f08b75088dbeb106000068 } | |
| $a_4 = { 558bec56518b75088b9ed10800008b8e } | |
| $a_5 = { 558bec81c430faffff8b75088d86fb03 } | |
| $a_6 = { 558bec8b750880bef7030000007e0756 } | |
| $a_7 = { 558bec81c4ecfeffff608b7508c785f4 } | |
| $a_8 = { 558bec83c4fc57568b75086a40680030 } | |
| $a_9 = { 558bec56578b75088b7d108b4d0c33d2 } | |
| $a_10 = { 558bec83c4fc8b750868ff0000008dbe } | |
| $a_11 = { 558bec81c420efffff5653575251c785 } | |
| $a_12 = { 558bec83c4ec56535752518b451033d2 } | |
| $a_13 = { 558bec81c430f0ffff6033c08dbd84f0 } | |
| $a_14 = { 558bec81c47cf0ffff8b750868740f00 } | |
| $a_15 = { 558bec81c404faffff5756be39050000 } | |
| $a_16 = { 558bec83c4d08b750868ff0000008dbe } | |
| $a_17 = { 558bec60fc8b7d0c8b75088b6d1081c5 } | |
| $a_18 = { 558bec608b75088b7d0c83c740b90800 } | |
| $a_19 = { 558bec60fc8b7d0c8b75088b6d1083c5 } | |
| condition: | |
| 15 of them | |
| } | |
| rule BackdoorWin32Poison_14be4f8dc02cbfdf1ebcf859fae38f1ff50a3096f77ed3f18c56db83f55fde54 { | |
| strings: | |
| $a_2 = { 558bec81c4f4fdffff535633c9898df4 } | |
| $a_3 = { 558bec33c05568995f410064ff306489 } | |
| $a_4 = { 558bece8acf5ffff5531c968c4394000 } | |
| $a_5 = { 558bec83c4f85356578945fca130f041 } | |
| $a_6 = { 558bec5153568945fc8b45fce8d7fafe } | |
| $a_7 = { 558bec515356578945fc33c05568c0da } | |
| $a_8 = { 558b54241052e828d7ffff83c40c2b7c } | |
| $a_9 = { 558bec83c4f40fb70518f041008945f8 } | |
| $a_10 = { 558bec33c055686913410064ff306489 } | |
| $a_11 = { 558bec81c404f0ffff5083c4d8535689 } | |
| $a_12 = { 558bec51b9fb0000006a006a004975f9 } | |
| $a_13 = { 558bec83c4f8803db0154200000f84e8 } | |
| $a_14 = { 558bec33c055683190400064ff306489 } | |
| $a_15 = { 558bce2bcb418bd38bc7e8888effff5d } | |
| $a_16 = { 558becff7508e8e9feffff5dc2040090 } | |
| $a_17 = { 558bec33c055682d83400064ff306489 } | |
| $a_18 = { 558bec5153568d4dfc89018bc2d1e848 } | |
| $a_19 = { 558bec51538bda8945fc8b45fce85600 } | |
| $a_20 = { 558bec83c4ec538bd8803db015420000 } | |
| $a_21 = { 558bec81c428feffff33d2899528feff } | |
| $a_22 = { 558bec83c4f0538955f88945fc8b45fc } | |
| $a_23 = { 558bec81c4bcfeffff5356578945fc8b } | |
| $a_24 = { 558bec81c488feffff53565733d28995 } | |
| $a_25 = { 558bec81c4fcfeffff538bd8c745fc00 } | |
| $a_26 = { 558bec33c055684d82400064ff306489 } | |
| $a_27 = { 558bec33c055686955400064ff306489 } | |
| $a_28 = { 558bec5153568945fc8b45fc83782800 } | |
| $a_29 = { 558bec33c05568e56b400064ff306489 } | |
| $a_30 = { 558b533452e888f7ffff897368897358 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Popwin_5a0671bc0685258cf02ed92a419568d568b7e3cbdcadb69f66ba80684603a45e { | |
| strings: | |
| $a_2 = { 558bec8b75088b7d0cfcb280a4e86d00 } | |
| $a_3 = { 558befda1c5248c1da2ad1c37190fc92 } | |
| $a_4 = { 558b297144bcea13b3b42ccdb9325446 } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorWin32PowerSpider_8587275d6f0d577a7ed04a5e6f2a8a4c21cf4a161acce7edaa2c42b43da098ff { | |
| strings: | |
| $a_2 = { 558bc24e20d29184f1b9e75a7c515bac } | |
| $a_3 = { 558b75088b7d0cfcb2808a0646880747 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Prisos_a9887cf3a3985618511cbfed5890273a35c3f33621bd86e5503cba34c86cacc6 { | |
| strings: | |
| $a_2 = { 558bec6aff688071400068144f400064 } | |
| $a_3 = { 558bec6aff687071400068144f400064 } | |
| $a_4 = { 558bec6aff68b871400068144f400064 } | |
| $a_5 = { 558bec6aff689871400068144f400064 } | |
| $a_6 = { 558bec51a1b88740005333db3bc3895d } | |
| $a_7 = { 558bec6aff685871400068144f400064 } | |
| $a_8 = { 558bf78bd98bfa83c9fff2ae8bcb4fc1 } | |
| $a_9 = { 558bec5151833dd88740000056577421 } | |
| $a_10 = { 558bec6aff684060400064a100000000 } | |
| $a_11 = { 558bec6aff684071400068144f400064 } | |
| $a_12 = { 558b2d94704000565733db33f633ff3b } | |
| $a_13 = { 558bec51515333db391d888a40005657 } | |
| $a_14 = { 558bec83ec14a1a88a40008b15ac8a40 } | |
| $a_15 = { 558b6c241056578b7c241433db66395f } | |
| $a_16 = { 558bec6aff68a871400068144f400064 } | |
| $a_17 = { 558bec535657556a006a006878294000 } | |
| $a_18 = { 558bec51833db887400000535657751d } | |
| $a_19 = { 558bec6aff68d071400068144f400064 } | |
| $a_20 = { 558bec6aff68d874400068144f400064 } | |
| $a_21 = { 558bec6aff6820224000681616400064 } | |
| condition: | |
| 17 of them | |
| } | |
| rule BackdoorWin32Prorat_08879b44a631674b838544de4aa22e0e17080eb6432c4361b1e5f14faef54508 { | |
| strings: | |
| $a_2 = { 558bec6aff68e850001061fea4651764 } | |
| $a_3 = { 558b3940110e8288a0b9d40d02bc2d3b } | |
| $a_4 = { 558b38ef085b3c5679e308e21e07fa89 } | |
| $a_5 = { 558bec8b45108b5508807d0c007410c6 } | |
| $a_6 = { 558bc0d206dc49c02d7d9b14e4817f32 } | |
| $a_7 = { 558b28ff557c4b51fb131785f13c06f5 } | |
| $a_8 = { 558bf32b61d968683fa1b9cf3234ed79 } | |
| $a_9 = { 558be9922392a7cefa5ac21d3824d5e6 } | |
| condition: | |
| 7 of them | |
| } | |
| rule BackdoorWin32Prosti_475222fe059af6d9ca347d05114763a669da1485b794920c108c6280afa53a00 { | |
| strings: | |
| $a_2 = { 558bec51682cf240006848f240008d45 } | |
| $a_3 = { 558bec83c4f85356578945fca138e041 } | |
| $a_4 = { 558becff3500e94100ff35f0e84100e8 } | |
| $a_5 = { 558bec83c4e4535633c9894de4894de8 } | |
| $a_6 = { 558bec33c05568d18d410064ff306489 } | |
| $a_7 = { 558bec6a00ff750cff7508e88bc033d2 } | |
| $a_8 = { 558bea8bf88bc5e8b1cdffff8bc785c0 } | |
| $a_9 = { 558becff35a4e84100ff3598e84100e8 } | |
| $a_10 = { 558becff35e4e84100ff3598e84100e8 } | |
| $a_11 = { 558bea8bf08bc685c0740583e8048b00 } | |
| $a_12 = { 558b45f8e87aeefeff50e8e403ffff8b } | |
| $a_13 = { 558bec81c4f8feffff538bda8945fc8b } | |
| $a_14 = { 558bec5153568945fc8b45fce8dbd7ff } | |
| $a_15 = { 558becff3534e84100ff35d4e74100e8 } | |
| $a_16 = { 558bec53565733ff8b4510508b450850 } | |
| $a_17 = { 558bce2bcb418bd38bc7e8f8b1feff5d } | |
| $a_18 = { 558bec83c4ec608b550c0355088b0203 } | |
| $a_19 = { 558bec83c4f45356578b7d0c8b750833 } | |
| $a_20 = { 558bec83c4f8535633c08945f88b4508 } | |
| $a_21 = { 558bec51538945fc8b45fce8008cffff } | |
| $a_22 = { 558bec5356578b750833ff33c98b550c } | |
| $a_23 = { 558bec516808004100a1cc3142008b00 } | |
| $a_24 = { 558bec33c9515151515356578b750c33 } | |
| $a_25 = { 558bec83c4ec33c08945eca1d8324200 } | |
| $a_26 = { 558bec81c448feffff535633dbba706a } | |
| $a_27 = { 558bec51538945fc8b45fce8ecb4ffff } | |
| $a_28 = { 558b45ecc1e8028bf04e85f67c48468d } | |
| $a_29 = { 558bec33c05568b508410064ff306489 } | |
| $a_30 = { 558bec5153568955fc8bd88b45fce829 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Prosti_bd50ae68b497d8f2d5b83ca98281e8991571accba7ab17f2e44efd8f03354d06 { | |
| strings: | |
| $a_2 = { 558bec6a005356578bf833c055688016 } | |
| $a_3 = { 558bec515356578bd833c0a3bce54100 } | |
| $a_4 = { 558bec51535684d2740883c4f0e8d6e0 } | |
| $a_5 = { 558bf28bd8eb0853e888eaffff8bd88a } | |
| $a_6 = { 558bec5356578b7d0c8b5d08803d2af9 } | |
| $a_7 = { 558bdf7f0c103fe42a00761c2833c323 } | |
| $a_8 = { 558bec33c055688c7c420064ff306489 } | |
| $a_9 = { 558bec51535684d2740883c4f0e8e6cf } | |
| $a_10 = { 558bec8d4510f6451580740583380075 } | |
| $a_11 = { 558bec6a005333c05568fed5400064ff } | |
| $a_12 = { 558bec51535684d2740883c4f0e8b61a } | |
| $a_13 = { 558bf0bf14f64500bd18f645008b1d0c } | |
| $a_14 = { 558b43045081c700bc00005755e8618e } | |
| $a_15 = { 558bec33c05568b14b420064ff306489 } | |
| $a_16 = { 558bec33c05568b557400064ff306489 } | |
| $a_17 = { 558bec33c05568b86b420064ff306489 } | |
| $a_18 = { 558bec33c05568596a420064ff306489 } | |
| $a_19 = { 558bec51535657894dfc8bfa8bf0e899 } | |
| $a_20 = { 558bec33c05568c9a1450064ff306489 } | |
| $a_21 = { 558bec33c055680bb8420064ff306489 } | |
| $a_22 = { 558bd98bfa8be88bc5e8f36e010084c0 } | |
| $a_23 = { 558bec6a00538bd833c05568cd894100 } | |
| $a_24 = { 558bec53803da8754000000f84cc0000 } | |
| $a_25 = { 558bec515356578945fc33c0556836d1 } | |
| $a_26 = { 558bec53568b5d088d430450e837bcff } | |
| $a_27 = { 558bec33c05568247c420064ff306489 } | |
| $a_28 = { 558bea8bf88bc7e8c5c5ffff8bf0bb01 } | |
| $a_29 = { 558bec83c4f8e87133ffff8855fb8945 } | |
| $a_30 = { 558becff7508e88f00000085c074218b } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Protos_95202076be7bcc349202381ff2fa68ceb563c0c6242d81e41290856d8aec732a { | |
| strings: | |
| $a_2 = { 558bec83c4f8535657e8ee87fcff8855 } | |
| $a_3 = { 558bec81c4f8f7ffff535633c9898df8 } | |
| $a_4 = { 558bfa8bf033ed85ff7e468bc6e8db86 } | |
| $a_5 = { 558bec538b4508837d18007e33837808 } | |
| $a_6 = { 558bec6a00538bd833c05568d8a64100 } | |
| $a_7 = { 558bec33c055687123440064ff306489 } | |
| $a_8 = { 558bec81c4f0f7ffff535633c9898df0 } | |
| $a_9 = { 558bec33c055687d28440064ff306489 } | |
| $a_10 = { 558bec518b4d0c518a4d08518bc887ca } | |
| $a_11 = { 558bec53568bf28bd88b53708bc6e81d } | |
| $a_12 = { 558bec83c4f45356578bfa8bd8c645ff } | |
| $a_13 = { 558bec83c49c5356578bd86a0ee8de4d } | |
| $a_14 = { 558bec6a00538bd833c05568c6f14000 } | |
| $a_15 = { 558bec81c480feffff53565733d28995 } | |
| $a_16 = { 558bec33c05568601a440064ff306489 } | |
| $a_17 = { 558bec33c05568a546450064ff306489 } | |
| $a_18 = { 558bec6a00538bd833c0556871a94100 } | |
| $a_19 = { 558bec515356578b5d084b85db7c7743 } | |
| $a_20 = { 558bfa8bf08bc6e8a1ffffff8bd88bc7 } | |
| $a_21 = { 558bec515356578bda8945fc8b338b45 } | |
| $a_22 = { 558bec33c95151515133c055681ba041 } | |
| $a_23 = { 558bec6a006a0033c055682083430064 } | |
| $a_24 = { 558bec51538bda8945fca160114400e8 } | |
| $a_25 = { 558bce2bcb418bd38bc7e8f8caffff5d } | |
| $a_26 = { 558bec83c4f8803dc4954500000f84e8 } | |
| $a_27 = { 558bec6a005333c95568ea06440064ff } | |
| $a_28 = { 558bec33c05568e999430064ff306489 } | |
| $a_29 = { 558bec5356578bf88bc7e8c52c00008b } | |
| $a_30 = { 558bec33c055683914440064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Protux_b554d4a9f064d2c1ebaa12780bb2e23ff95ad95ddaa27e5897f0446dde90a203 { | |
| strings: | |
| $a_2 = { 558bd8ff15d090001085db5b7454397c } | |
| $a_3 = { 558bee8d4c24102be98a443c108d743c } | |
| $a_4 = { 558bec6aff6830920010686084001064 } | |
| $a_5 = { 558b2d90910010565768c4a4001053ff } | |
| $a_6 = { 558bd9565733ffc7035c9200108d7304 } | |
| $a_7 = { 558b8674020000c7442408000000003d } | |
| $a_8 = { 558b2dfc9100105657b98000000033c0 } | |
| $a_9 = { 558bac24ac0100005685ed570f847f01 } | |
| $a_10 = { 558bac24dc0000008bdf894424148974 } | |
| $a_11 = { 558bec6aff6850920010686084001064 } | |
| $a_12 = { 558b6c240885ed56746d66837d000074 } | |
| $a_13 = { 558bac24a4010000568bb424a0010000 } | |
| $a_14 = { 558bac243c04000033c0565788450089 } | |
| $a_15 = { 558bec6aff6840920010686084001064 } | |
| $a_16 = { 558bc2c1e0068d80286a0110505133c9 } | |
| condition: | |
| 13 of them | |
| } | |
| rule BackdoorWin32ProxyBot_53fe0a45b626fc8d4cdd45d68889f0772fc9941fa844f8ceaab88af3f4c99eb6 { | |
| strings: | |
| $a_2 = { 558bcd75417f2bb2c7337a4556a7cc04 } | |
| $a_3 = { 558b4df489c531c0d3e5e85400000009 } | |
| $a_4 = { 558b981d943d04cb4e7f31995c6a5960 } | |
| $a_5 = { 558b7e29bb22163b4b105df56058a5a3 } | |
| $a_6 = { 558b3e36759a680ee4aeac3c2848ca4f } | |
| $a_7 = { 558bec83c4ecfc5357568945fc8955f8 } | |
| $a_8 = { 558b281952f5f100ecb7973655ea02ce } | |
| $a_9 = { 558b567ed7c304b4cbf1df527a7d17e6 } | |
| $a_10 = { 558b49dc053b3efb479dd35d5b9cfeef } | |
| $a_11 = { 558bb74fdaa3771afcebbd7b4c779823 } | |
| $a_12 = { 558bacdc2297ca84ffe29823eb17c777 } | |
| condition: | |
| 10 of them | |
| } | |
| rule BackdoorWin32Ptakks_262b72408fd118a22cd57e16e5de144bf6c33b3529b6d53958b061238043cc76 { | |
| strings: | |
| $a_2 = { 558bec56578b7d0885ff8bf17f3b57e8 } | |
| $a_3 = { 558bfc28395a8d7b722fed0ae0cc9edf } | |
| $a_4 = { 558bc7b51c6ab1cd8cabb09a552d7688 } | |
| $a_5 = { 558bec515153565733db6a07895df8e8 } | |
| $a_6 = { 5589e5c9e997ebffff90909090909090 } | |
| $a_7 = { 558bec83ec6053568bf1578975f8e84f } | |
| $a_8 = { 558bec81ec20040000a110c841003345 } | |
| $a_9 = { 558bb318e5f43f4606648e8e6b49d4ab } | |
| $a_10 = { 558bcbba010000008bc6e8d4ccffff5d } | |
| $a_11 = { 5589e556538d45f883ec70c745cc90ed } | |
| $a_12 = { 558bec81ec04010000a110c841003345 } | |
| $a_13 = { 558bec53fc8b45088b400483e06685c0 } | |
| $a_14 = { 558bec81ec0c020000a110c841003345 } | |
| $a_15 = { 558bec81ec30010000a110c841003345 } | |
| $a_16 = { 558bec83ec0ca110c841003345045689 } | |
| $a_17 = { 5589e58b40103db0b343007504c9c204 } | |
| $a_18 = { 558bec56576a08e83c24000033f64639 } | |
| $a_19 = { 558bec83ec14a110c84100334504568b } | |
| $a_20 = { 558bec535684d2740883c4f0e86fb4ff } | |
| $a_21 = { 558bece84f1100008b40603b05480c42 } | |
| $a_22 = { 5589e583ec688d55f88b450cc745cc90 } | |
| $a_23 = { 558bec8b414c85c075278b450885c074 } | |
| $a_24 = { 558bec83ec1c5356578b3d986341008b } | |
| $a_25 = { 558bcee84e0e0000ff761cff15906341 } | |
| $a_26 = { 5589e5c9e997eaffff90909090909090 } | |
| $a_27 = { 5589e5c9e977bcffff90909090909090 } | |
| $a_28 = { 558bec6a0053565733c05568df8f4000 } | |
| $a_29 = { 5589e583e4f083ec10e802c00000c704 } | |
| $a_30 = { 558bef38b1890b46542e782878e28ee3 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Ptiger_b5acaefafdfc628e309e86c3cc34967b2cbb51f239fedec56fa81adc1aee58dd { | |
| strings: | |
| $a_2 = { 558bec5657ff750cff7508ff15d47201 } | |
| $a_3 = { 558bec83ec185356576a19e838ffffff } | |
| $a_4 = { 558bec83ec108b450c5356576a0333f6 } | |
| $a_5 = { 558bec83ec60536a0068000000026a03 } | |
| $a_6 = { 558bec6aff68888501106860a8001064 } | |
| $a_7 = { 558bec81ec0c040000535657bf000100 } | |
| $a_8 = { 558bec5153568b3554d8011057837e10 } | |
| $a_9 = { 558bec83ec34e83c2600008945fc8b40 } | |
| $a_10 = { 558bec6aff689874400068b83e400064 } | |
| $a_11 = { 558bec6aff68988501106860a8001064 } | |
| $a_12 = { 558bec6aff68408a01106860a8001064 } | |
| $a_13 = { 558bec515153568b3510b44000578b56 } | |
| $a_14 = { 558bec81ec100900005356576a7f33db } | |
| $a_15 = { 558bec568b750c5733c08b3e85ff761d } | |
| $a_16 = { 558becb8082c0000e84a270000535633 } | |
| $a_17 = { 558bec6aff68c88501106860a8001064 } | |
| $a_18 = { 558bec51576a006a006a026a006a0368 } | |
| $a_19 = { 558bec83ec70535633db5753ff150070 } | |
| $a_20 = { 558bec5153578bd96a10e841f5ffff85 } | |
| $a_21 = { 558bec5356be04af03105756ff15b870 } | |
| $a_22 = { 558bec56ff7514e887560000ff7514ff } | |
| $a_23 = { 558bec5756538b750c8b7d088d0534ae } | |
| $a_24 = { 558bec83ec185356576a19e8fc3e0000 } | |
| $a_25 = { 558bec83ec14a134bf03108b1538bf03 } | |
| $a_26 = { 558bec51833d3cae031000535657751d } | |
| $a_27 = { 558bec81ec2001000053568b750c5756 } | |
| $a_28 = { 558bec83ec288b452053565733db8d75 } | |
| $a_29 = { 558bec6aff68288301106860a8001064 } | |
| $a_30 = { 558bec6aff68c88901106860a8001064 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Pudorat_985b3481b00a492c6cf60dd9e179dbbee2f65106844cfe74182bab041fc58a31 { | |
| strings: | |
| $a_2 = { 558bec83ec64568bf1ff7620ff155412 } | |
| $a_3 = { 558bec83ec145356578bf1e855050000 } | |
| $a_4 = { 558bec83ec608b450825f0ff000083f8 } | |
| $a_5 = { 558bec81eca8000000568bf16a008d8d } | |
| $a_6 = { 558bec81ec100100005356578bd96a01 } | |
| $a_7 = { 558bec515153568b750857ff7510ff75 } | |
| $a_8 = { 558bec81ecc69abfbbb008c745fc29c7 } | |
| $a_9 = { 558bec83ec608d4da0e839fcffff8d4d } | |
| $a_10 = { 558bec6aff6800174000688021400064 } | |
| condition: | |
| 8 of them | |
| } | |
| rule BackdoorWin32Pugeshe_304f533ce9ea4a9ee5c19bc81c49838857c63469e26023f330823c3240ee4e03 { | |
| strings: | |
| $a_2 = { 558bec83ec0c535657c645f449c645f5 } | |
| $a_3 = { 558bec53568b750c5783c60c89750ceb } | |
| $a_4 = { 558bec83ec1c33c0c645f4008945f589 } | |
| $a_5 = { 558bec6aff68f830400068002f400064 } | |
| $a_6 = { 558bec83ec5c535657eb08bd130100fa } | |
| $a_7 = { 558becb8a87c0000e8831b0000b04453 } | |
| $a_8 = { 558bec51535657e9040000009b9b9b9b } | |
| $a_9 = { 558bec81ec140200005657b93f000000 } | |
| $a_10 = { 558bec81ecb005000053568b7508c745 } | |
| $a_11 = { 558bec538b5d08565733f6eb087b5ea5 } | |
| $a_12 = { 558b45bc50ff15983040008b551083c4 } | |
| condition: | |
| 10 of them | |
| } | |
| rule BackdoorWin32Qakbot_3f9cb6467429ac5e28fd5980e67ec38216c7433d1382b97bce006fcdb4e5986c { | |
| strings: | |
| $a_2 = { 558bec8b450883f8fe750fe85450ffff } | |
| $a_3 = { 558bec5356576a0052689691420051e8 } | |
| $a_4 = { 558bec568bf1c7069c934300e88dfa01 } | |
| $a_5 = { 558b6e0c8bd85785db75168b46208b08 } | |
| $a_6 = { 558bec535657e86287ffff83b80c0200 } | |
| $a_7 = { 558bec6aff68487e430064a100000000 } | |
| $a_8 = { 558bec6aff689b7e430064a100000000 } | |
| $a_9 = { 558bec81ec68020000a18014440033c5 } | |
| $a_10 = { 558bec8b450856508bf1e831f90100c7 } | |
| $a_11 = { 558bec6aff68b47d430064a100000000 } | |
| $a_12 = { 558bec515668fcc2430050e863bd0100 } | |
| $a_13 = { 558bec81eca0000000a18014440033c5 } | |
| $a_14 = { 558bec83ec0c5356578b7d0857ff1528 } | |
| $a_15 = { 558becff3544404400ff159491430085 } | |
| $a_16 = { 558bec56576a00e83385010050e82283 } | |
| $a_17 = { 558b6c24208b455433db578bbd900100 } | |
| $a_18 = { 558bec833d143d44000075108b45088d } | |
| $a_19 = { 558bec81ecc8010000a18014440033c5 } | |
| $a_20 = { 558bec6aff681b7e430064a100000000 } | |
| $a_21 = { 558bec568bf1c706d8ad4300e85334ff } | |
| $a_22 = { 558bac2440010000894424108b542420 } | |
| $a_23 = { 558bec83ec24a18014440033c58945fc } | |
| $a_24 = { 558bec6aff686880430064a100000000 } | |
| $a_25 = { 558bec81ec40020000a18014440033c5 } | |
| $a_26 = { 558bec51568b750c56e8d61c00008945 } | |
| $a_27 = { 558bec568b750885f67809e88ca30000 } | |
| $a_28 = { 558bec8b4508568d34c508164400833e } | |
| $a_29 = { 558bec8b450885c07515e8b728ffffc7 } | |
| $a_30 = { 558bec83ec088bc3568d70018d642400 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Qove_12e5702aee6d5ce42b12cdb2925ae3dac8c12a2bc2a46b68ed2f2f0d9489c374 { | |
| strings: | |
| $a_2 = { 558b2d9d050cb808ffba99caa40d6332 } | |
| $a_3 = { 558b36265a6104b57bbac58609bc1a65 } | |
| $a_4 = { 558bf68edea67ea4a4eaacef86feabc0 } | |
| $a_5 = { 558bb71669c0deda0d5f5310628974ad } | |
| $a_6 = { 558be17ef138f2502e780ef1fcfe5f62 } | |
| $a_7 = { 558b50bcb67da128708e029741335d2a } | |
| condition: | |
| 6 of them | |
| } | |
| rule BackdoorWin32Quicdy_a42c0603072c8614a90b2418f3806dfa04bfd30467d7963781eabf8da67ab3e6 { | |
| strings: | |
| $a_2 = { 558bec535657837d0800740c837d0c00 } | |
| $a_3 = { 558bec51688320ded06a07e817e5ffff } | |
| $a_4 = { 558bec6a01e86502000033c0405dc204 } | |
| $a_5 = { 558bec516a08e819f7ffff8945fc6a02 } | |
| $a_6 = { 558bec81eccc040000680c030000e809 } | |
| $a_7 = { 558bec51689029b2ff6a01e82ae3ffff } | |
| $a_8 = { 558bec51ff7508e894ffffff0fb6c085 } | |
| $a_9 = { 558bec5168d1c3ff326a07e8ed6dffff } | |
| $a_10 = { 558bec83ec0cc645ff008365f4006a00 } | |
| $a_11 = { 558bec516811c6e0aa6a09e85752ffff } | |
| $a_12 = { 558bec81ec9401000068900100006a00 } | |
| $a_13 = { 558bec516a0468003000008b450c4050 } | |
| $a_14 = { 558bec5168634e3d436a01e8068cffff } | |
| $a_15 = { 558bec83ec785657ff7508e8052d0000 } | |
| $a_16 = { 558bec51518365fc0068233934c06a01 } | |
| $a_17 = { 558bec5168d718e5ab6a01e8427dffff } | |
| $a_18 = { 558bec83ec108365f400c745f0040100 } | |
| $a_19 = { 558bec51688d0abafa6a01e8648bffff } | |
| $a_20 = { 558bec83ec0c837d100074068b451083 } | |
| $a_21 = { 558bec83ec708365e0008d45e8506a04 } | |
| $a_22 = { 558bec516867d37a426a07e841e4ffff } | |
| $a_23 = { 558becff7508e8b9e1ffff0fb6c085c0 } | |
| $a_24 = { 558becb824000200e827b60000c685ff } | |
| $a_25 = { 558bec518365fc00ff7508e87c8e0000 } | |
| $a_26 = { 558bec5168f08bed446a01e854e3ffff } | |
| $a_27 = { 558bec83ec2856c645ff00a130114100 } | |
| $a_28 = { 558bec51689ad989b26a08e8257bffff } | |
| $a_29 = { 558bec83ec486a04e8f3d5ffff8945f0 } | |
| $a_30 = { 558bec51682529bf0a6a01e88b8bffff } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32R2d2_1d34ed9dca79d3f10eda3cfceb26780e883affa14ec82c2e9880683fbed96cd9 { | |
| strings: | |
| $a_2 = { 558b043e32fd05e8d03acc8602dc2e30 } | |
| $a_3 = { 558b048faa0c760860348b348f3fa087 } | |
| $a_4 = { 558b2dfe8c3fddc21e3cec68f42effd5 } | |
| $a_5 = { 558b14b9b6968427ad2e2d0c6e1f2cec } | |
| $a_6 = { 558bde26ec9f0961d60fbe29d20e1617 } | |
| $a_7 = { 558b6e4403e94289123c03c32dcdfd55 } | |
| $a_8 = { 558b80d36e11a281c1a59c05f1c35d56 } | |
| $a_9 = { 558bac1b56552dd9544b5018b92494f0 } | |
| $a_10 = { 558b07a9bda0b628e097706f2463d702 } | |
| $a_11 = { 558becc3e9425ea5c00ce09aaa8ebf7d } | |
| condition: | |
| 9 of them | |
| } | |
| rule BackdoorWin32Racdr_7af7698570b0b41e04778137fc72a7610405aaa435580996a42e62436e68e3ff { | |
| strings: | |
| $a_2 = { 558bc7a2b0c4f7dede01d9c9cadd078b } | |
| $a_3 = { 558b8cc8ce01508a53b7056afe740182 } | |
| $a_4 = { 558b8a92557b8cd0cefd498657c3096a } | |
| $a_5 = { 558b8448db77cbb59cff5773ce6d054c } | |
| condition: | |
| 4 of them | |
| } | |
| rule BackdoorWin32RDPopen_3301d921b40ab0bee9788c3b88687ebc7dc16a7c6aa3979faa968025c92b8f0a { | |
| strings: | |
| $a_2 = { 558bec8b4d0c83f90477108b048dd425 } | |
| $a_3 = { 558bec83ec20a1bc25410033c58945fc } | |
| $a_4 = { 558bec568b750856e84ecaffff5983f8 } | |
| $a_5 = { 558bec8b4508568d34c5d0314100833e } | |
| $a_6 = { 558bec6858fb4000ff1590f0400085c0 } | |
| $a_7 = { 558bec83ec1853ff75148d4de8e85a94 } | |
| $a_8 = { 558bec8b450883f8fe7518e827bfffff } | |
| $a_9 = { 558bec568b7508b8602741003bf07222 } | |
| $a_10 = { 558bec8b450883f8fe750fe8e7c3ffff } | |
| $a_11 = { 558b3383c304899dd8fdffffe8be4400 } | |
| $a_12 = { 558bec33c03905fc3741007530394508 } | |
| $a_13 = { 558bec8b45088b0dfc05410056395004 } | |
| $a_14 = { 558bec81ec28030000a3a8354100890d } | |
| $a_15 = { 558bec8b4508565785c078593b053c41 } | |
| $a_16 = { 558bec565733f6ff7508e8b92f00008b } | |
| $a_17 = { 558bec5356576a005268c681400051e8 } | |
| $a_18 = { 558bec83ec10ff750c8d4df0e803a9ff } | |
| $a_19 = { 558bec8b4508ff34c5d0314100ff155c } | |
| $a_20 = { 558bec81ecbc07000056578dbd44f8ff } | |
| $a_21 = { 558bec8b4508a3f44041005dc38bff55 } | |
| $a_22 = { 558bec833d88344100017505e8dd3c00 } | |
| $a_23 = { 558bec837d08007515e87b86ffffc700 } | |
| $a_24 = { 558bec81ec1401000056578dbdecfeff } | |
| $a_25 = { 558bec81ec2804000056578dbdd8fbff } | |
| $a_26 = { 558bec81ec78020000a1bc25410033c5 } | |
| $a_27 = { 558bec81ec24020000a1bc25410033c5 } | |
| $a_28 = { 558bec81ec1c050000a1bc25410033c5 } | |
| $a_29 = { 558bec83ec10a1bc2541008365f80083 } | |
| $a_30 = { 558bec81ec440e0000a1bc25410033c5 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Redsip_1a7da53630ac628d7ac9cdae286e8eeab40f96e9c3f3d72390c1b42dd064aaa4 { | |
| strings: | |
| $a_2 = { 558bec515153568b3530990010578b56 } | |
| $a_3 = { 558bec8b4508ff3485c0760010ff15c8 } | |
| $a_4 = { 558bec6aff68d864001068d84c001064 } | |
| $a_5 = { 558bec6aff683064001068d84c001064 } | |
| $a_6 = { 558bec535657556a006a0068f84b0010 } | |
| $a_7 = { 558bec6aff685065001068d84c001064 } | |
| $a_8 = { 558bec83ec14a170a100108b1574a100 } | |
| $a_9 = { 558bec5756538b750c8b7d088d05f09f } | |
| $a_10 = { 558bec83ec185356576a19e84afdffff } | |
| $a_11 = { 558b2da0600010565733db33f633ff3b } | |
| $a_12 = { 558bec51515333db391de8b400105657 } | |
| $a_13 = { 558bec83ec485356576880040000e865 } | |
| $a_14 = { 558bec6aff68c064001068d84c001064 } | |
| $a_15 = { 558b2dbc6000107e40a174a100108b3d } | |
| $a_16 = { 558bec51833df89f00100053751d8b45 } | |
| $a_17 = { 558becb82c120000e84b1900008d8568 } | |
| $a_18 = { 558bec5153568b351479001057837e10 } | |
| $a_19 = { 558bec6aff683865001068d84c001064 } | |
| $a_20 = { 558bec51833df89f001000535657751d } | |
| $a_21 = { 558bec8b450856833c85c0760010008d } | |
| condition: | |
| 17 of them | |
| } | |
| rule BackdoorWin32RedSpy_efe2da1bff5078d2a4650beb0778e54dfb0b66327806a456d500030c9124c711 { | |
| strings: | |
| $a_2 = { 558bec33c055685d86420064ff306489 } | |
| $a_3 = { 558bec6a005333c0556857a9410064ff } | |
| $a_4 = { 558bc3e80eacffff84c07426a1208f45 } | |
| $a_5 = { 558bec51535684d2740883c4f0e8e213 } | |
| $a_6 = { 558bec33c055686b9f420064ff306489 } | |
| $a_7 = { 558bec33c055689137450064ff306489 } | |
| $a_8 = { 558bec33c05568c975400064ff306489 } | |
| $a_9 = { 558bd6a104ac4500e824320000e8532f } | |
| $a_10 = { 558bec5153568bf28945fc8b45fce8c1 } | |
| $a_11 = { 558bec33c05568b54a420064ff306489 } | |
| $a_12 = { 558bec5153568bda8945fc8b45fce8dd } | |
| $a_13 = { 558bec33c055687135450064ff306489 } | |
| $a_14 = { 558bf18bfa8bd8837e6400740aa16c90 } | |
| $a_15 = { 558bec83c4f88945fca1789045008078 } | |
| $a_16 = { 558bec33c05568fd47420064ff306489 } | |
| $a_17 = { 558bec33c055684d06410064ff306489 } | |
| $a_18 = { 558bec5153a17890450080780c000f84 } | |
| $a_19 = { 558bec33c05568258a420064ff306489 } | |
| $a_20 = { 558bec535657a138a6450085c0744b8b } | |
| $a_21 = { 558bec83c4f45356578945fcb201a1a8 } | |
| $a_22 = { 558bec83c4d45756538945fca037a745 } | |
| $a_23 = { 558bec33c05568a53a450064ff306489 } | |
| $a_24 = { 558b45f88b40048bd6e81ac7feffe8c5 } | |
| $a_25 = { 558bec5356578b5d0833c0556816cd41 } | |
| $a_26 = { 558bec6a005633c05568db9e400064ff } | |
| $a_27 = { 558bec51538bd86860aa4500e89f6efe } | |
| $a_28 = { 558bec33c055686953420064ff306489 } | |
| $a_29 = { 558bec33c055685932450064ff306489 } | |
| $a_30 = { 558bec83c4e4535633c9894de48bf233 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Refpron_0cbebb2bd993933451d3d359574bf8694e6e00f16b331691b734cc98f92120c4 { | |
| strings: | |
| $a_2 = { 558bec53803da8254100000f84cc0000 } | |
| $a_3 = { 558bec33c055680748400064ff306489 } | |
| $a_4 = { 558bec83c4f853565733c05568c27540 } | |
| $a_5 = { 558bec33c055688140400064ff306489 } | |
| $a_6 = { 558bec83c4dc53568945fc8b45fce885 } | |
| $a_7 = { 558bec535657a12426410085c0744b8b } | |
| $a_8 = { 558bec83c4dc53568bda8bf08bc38b15 } | |
| $a_9 = { 558bec53568bf28bd88b4d080fb7d68b } | |
| $a_10 = { 558bec6a00538bd833c055687a7b4000 } | |
| $a_11 = { 558bec33c05568d707410064ff306489 } | |
| $a_12 = { 558bec535657bf1c2641008b470885c0 } | |
| $a_13 = { 558bec6a006a006a005356884dfe8855 } | |
| $a_14 = { 558bec83c4f0b8e0074100e81837ffff } | |
| $a_15 = { 558bec83c4f85356578bd8803da82541 } | |
| $a_16 = { 558bf0bffc254100bd002641008b1df4 } | |
| $a_17 = { 558bec515356578bf28bd8803da82541 } | |
| $a_18 = { 558bce2bcb418bd38bc7e844c6ffff5d } | |
| $a_19 = { 558bec33c05568edd0400064ff306489 } | |
| $a_20 = { 558bec83c4d453565733db895dec894d } | |
| $a_21 = { 558bec83c4e05333d28955ec8955e489 } | |
| $a_22 = { 558bec83c4f40fb705101041008945f8 } | |
| $a_23 = { 558bec5356578bf8a1fc1341008b00e8 } | |
| $a_24 = { 558bec81c4b0feffff5333d28995b0fe } | |
| $a_25 = { 558bea8bf88bc7e825c4ffff8bf0bb01 } | |
| $a_26 = { 558bec33d255682a18400064ff326489 } | |
| $a_27 = { 558bec5153565733d25568bd82400064 } | |
| $a_28 = { 558bec83c4f88945fc8b45fc83c01850 } | |
| $a_29 = { 558bec33c05568ad4b400064ff306489 } | |
| $a_30 = { 558bec6a0053568bd8bec02c410033c0 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Regin_6fed6d625eb850dfc6f8795de4887c1c8998e9739e782692d45c3f0f6f7e3ac1 { | |
| strings: | |
| $a_2 = { 558b6c2424568b74241c2beb2bde895c } | |
| $a_3 = { 558b6c241055ff152c5140008bd883c4 } | |
| $a_4 = { 558bac246008000056578bbc24780800 } | |
| $a_5 = { 558b6c240c578b7c242881e7ff000000 } | |
| $a_6 = { 558bec515657c745fc0000020064a130 } | |
| $a_7 = { 558bec6aff684851400068e021400064 } | |
| $a_8 = { 558b6c241c5657880428403d00010000 } | |
| $a_9 = { 558bac24200100008bc72bc683f82076 } | |
| $a_10 = { 558bec6aff689853400068e021400064 } | |
| $a_11 = { 558b6b0c03e833c088440414403d0001 } | |
| $a_12 = { 558bec8b450c53568b75088b551003c6 } | |
| $a_13 = { 558bec6aff68a853400068e021400064 } | |
| $a_14 = { 558b2d24514000565733db8d4424108d } | |
| $a_15 = { 558b6c240c485685c957763f8b4c241c } | |
| condition: | |
| 12 of them | |
| } | |
| rule BackdoorWin32Regiskazi_cecec28fe33c780c2dc6226c30a9f78ee9cbabaf684e3c844bc9f698f6911024 { | |
| strings: | |
| $a_2 = { 5589e55383ec048b5d08c703fce84400 } | |
| $a_3 = { 5589e55383ec048b5d08c703acea4400 } | |
| $a_4 = { 5589e58b450883c00c5dc3905589e5b8 } | |
| $a_5 = { 5589e55383ec148b5d0c891c24e84615 } | |
| $a_6 = { 5589e583ec088b450c890424e8ab02ff } | |
| $a_7 = { 5589e583ec08c7042410314500e8ae52 } | |
| $a_8 = { 5589e55de98785ffff90909090909090 } | |
| $a_9 = { 5589e583ec088b45088d5008c70040e4 } | |
| $a_10 = { 5589e55383ec048b5d08c70344e84400 } | |
| $a_11 = { 5589e583ec088b4508c70064e8440089 } | |
| $a_12 = { 5589e58b450c8b4d088b5004c701c4e7 } | |
| $a_13 = { 5589e583ec28c6442414008b45188944 } | |
| $a_14 = { 5589e55de9a7acfeff90909090909090 } | |
| $a_15 = { 5589e583ec288b4510890424e88b7c01 } | |
| $a_16 = { 5589e58d4de857565381ec7c0100008b } | |
| $a_17 = { 5589e58315f4b04400008305f8b04400 } | |
| $a_18 = { 558b0d6043450089e55dffe190909090 } | |
| $a_19 = { 5589e557565383ec7cc745bcc07c4000 } | |
| $a_20 = { 5589e55383ec048b5d08891c24e8a66a } | |
| $a_21 = { 5589e55383ec048b4508890424e82601 } | |
| $a_22 = { 5589e55383ec048b5d08c7034ce74400 } | |
| $a_23 = { 5589e55383ec548b5d08891c24e8befd } | |
| $a_24 = { 5589e583ec088b4508890424e887ffff } | |
| $a_25 = { 5589e583ec08c7042430f04400e84e8c } | |
| $a_26 = { 5589e5565383ec2031db895c2404c704 } | |
| $a_27 = { 5589e557565381ec8c010000c785acfe } | |
| $a_28 = { 5589e55383ec048b5d08c703ece54400 } | |
| $a_29 = { 5589e583ec088b4508c700fce8440089 } | |
| $a_30 = { 5589e583ec18c7042404000000e8ce24 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Remoab_45dfb601e36378b1afc55ef569cb6a5f7c77850d8f9efe5f0b61aa13ff56a6bb { | |
| strings: | |
| $a_2 = { 558b63270b0bc5ab3a1717c6ebb23f3e } | |
| $a_3 = { 558bed5d1f6da8c33afc5ffb41442f29 } | |
| $a_4 = { 558b38303164a1977499935b029cff76 } | |
| $a_5 = { 558bdb6fa36aef4d0abb344f67f1dcc3 } | |
| $a_6 = { 558b5044ef5025bd61463778d7e3c0b6 } | |
| $a_7 = { 558b9bd2f3ab3dbbf82b4182fd451ef9 } | |
| $a_8 = { 558be2eaddd088c3cb286b05b1a50a8f } | |
| $a_9 = { 558b8e9f187af435ccee3eaa3c3d1829 } | |
| $a_10 = { 558b46931f781c85cacc775ba80604bf } | |
| $a_11 = { 558b3d3c5f29d47a671d1d31ca057174 } | |
| $a_12 = { 558bd082c213d831f1684580844e85bb } | |
| $a_13 = { 558b53676e1cee4771360032ac3c7211 } | |
| $a_14 = { 558b381a5ee46be9af2299d39cd545f9 } | |
| $a_15 = { 558b3d2fd35202b9359413c605fde40e } | |
| $a_16 = { 558b141842c0bc4cd00868ebed12740a } | |
| $a_17 = { 558b7a66a77f5847c067ed4cc1fbb13d } | |
| $a_18 = { 558bc7d724aebb28f2a22d754ac254d8 } | |
| $a_19 = { 558b91fe0d9f45cdf9ccedb20c89de01 } | |
| $a_20 = { 558bec8b75088b7d0cfcb280a4e86d00 } | |
| $a_21 = { 558b7bc0a03502059c181cff87c284a8 } | |
| $a_22 = { 558b5468b18b7e87911634ed11f64353 } | |
| $a_23 = { 558b5da2efed61300e0bc78416540fe9 } | |
| $a_24 = { 558bc1fa1e1393d08ca5d00c6ed836dd } | |
| $a_25 = { 558b9a8294156afe36237c0f77963fe8 } | |
| $a_26 = { 558b061b28dfcf9a4c55937c4c66efef } | |
| $a_27 = { 558b50b2ca90bf77706c8275a4794c81 } | |
| $a_28 = { 558b09480ecb5c8671a1329ab5ce417c } | |
| $a_29 = { 558b58555e8f74d9e5fa8c3f795ea459 } | |
| $a_30 = { 558b6162e5d4a6d6a578b6b9173eebb4 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Remosh_f5debea3b63912c7a9c288947881738a8c60210e33fa895684f976e1205ad100 { | |
| strings: | |
| $a_2 = { 558bec81ec0801000056be1862021057 } | |
| $a_3 = { 558bec518d45085333db506819000200 } | |
| $a_4 = { 558bec83ec7c53568d45845750e853fa } | |
| $a_5 = { 558bec83ec1053568b75080fb746078b } | |
| $a_6 = { 558bec83ec10668b450c8a4d1c535666 } | |
| $a_7 = { 558bec81ec3005000053565733db681f } | |
| $a_8 = { 558bec515133c033c98945f8c645f880 } | |
| $a_9 = { 558bec837d0800c70510620110010000 } | |
| $a_10 = { 558becb898110000e88b160000535657 } | |
| $a_11 = { 558bec8b450c53568b75088b551003c6 } | |
| $a_12 = { 558bec515153568b75085733db395e0a } | |
| $a_13 = { 558bec53568b75085733db33ff385e04 } | |
| $a_14 = { 558bec53568b750c576a006a1056ff75 } | |
| $a_15 = { 558bec83ec24834dfcff53568d45ec57 } | |
| $a_16 = { 558bec81ec04010000535633f656566a } | |
| $a_17 = { 558bec83ec108b45088b0083f8ff742f } | |
| $a_18 = { 558becb824200000e8a81c00005333db } | |
| $a_19 = { 558bec83ec10568b750856e8d2ffffff } | |
| $a_20 = { 558becb800100000e860190000568b75 } | |
| $a_21 = { 558b45fc83c00450ff15d850001085c0 } | |
| $a_22 = { 558bec83ec185333db33c05657895dfc } | |
| $a_23 = { 558bec8b450c53568b750803c6578945 } | |
| $a_24 = { 558bec81ec7c0100005657bf58010000 } | |
| condition: | |
| 19 of them | |
| } | |
| rule BackdoorWin32RemoteHack_8ece8995d18f65119d62223051de6bcec1bff83056563a368a7047ebcdd68cf1 { | |
| strings: | |
| $a_2 = { 558bec83c4f88955f88945fcb2018b45 } | |
| $a_3 = { 558bec83c4e453568bda8bf0c745fc04 } | |
| $a_4 = { 558bea8bf08bc5e8358cfcffbb010000 } | |
| $a_5 = { 558bec83c4f0a184e74700e89c84feff } | |
| $a_6 = { 558bd6a1d0e74700e826300000e8952d } | |
| $a_7 = { 558bec81c4f4fbffff535657668955fa } | |
| $a_8 = { 558bec535657833dcce7470000743c33 } | |
| $a_9 = { 558bec83c4f88945fc833dc4e8470000 } | |
| $a_10 = { 558bec33c05568f1d8410064ff306489 } | |
| $a_11 = { 558bec6a00538bd833c055680b914700 } | |
| $a_12 = { 558bec83c4f45657894df48955f88945 } | |
| $a_13 = { 558bec53565733c05568171f410064ff } | |
| $a_14 = { 558bec83c4f88955f88945fc8b45fc66 } | |
| $a_15 = { 558bec83c4f48955f88945fc833db8e8 } | |
| $a_16 = { 558bec535684d2740883c4f0e80343fa } | |
| $a_17 = { 558bec515356578945fc33c0556862a5 } | |
| $a_18 = { 558bec83c4e0538945fc8b45fc83b850 } | |
| $a_19 = { 558bec83c4f453668955fa8945fc8b45 } | |
| $a_20 = { 558bec89c1dd4508d80d5cb1470083ec } | |
| $a_21 = { 558bec53565733c05568d21d410064ff } | |
| $a_22 = { 558bec33c055681ed3400064ff306489 } | |
| $a_23 = { 558bec33c055681172440064ff306489 } | |
| $a_24 = { 558bec33c05568254f430064ff306489 } | |
| $a_25 = { 558bec518945fceb138b45fce8b7d6ff } | |
| $a_26 = { 558bec83c4f8e87d3dfcff8855fb8945 } | |
| $a_27 = { 558bec33c05568a591440064ff306489 } | |
| $a_28 = { 558bec51832dc4e7470001734fb8acaf } | |
| $a_29 = { 558bec81c4e0feffff538955f88945fc } | |
| $a_30 = { 558bec83c4f484d2740883c4f0e8ce01 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32RemoteManipulator_f8430729dc71ab5d9371943c4979c03e260e57832a917cea9058109c1435ec5d { | |
| strings: | |
| $a_2 = { 558bd19caef6d3bb4777e2856cc00b90 } | |
| $a_3 = { 558bec83c4e8832d98ac4900010f8384 } | |
| $a_4 = { 558bec33c0556851b1420064ff306489 } | |
| $a_5 = { 558bec53565733c05568f7cb410064ff } | |
| $a_6 = { 558be6651eb9d88166bb9a8ccf7af54f } | |
| $a_7 = { 558bec33c055681d5f410064ff306489 } | |
| $a_8 = { 558b92850e6e937737a73098a1e01d20 } | |
| $a_9 = { 558bec33c055681154430064ff306489 } | |
| $a_10 = { 558bec33c05568ad04420064ff306489 } | |
| $a_11 = { 558bec83c4d45756538945fca08ba649 } | |
| $a_12 = { 558bec83c4f88945fcb9b45d4600b201 } | |
| $a_13 = { 558bec83c4f8e8a5e1f8ff8855fb8945 } | |
| $a_14 = { 558bec33c0556825f6420064ff306489 } | |
| $a_15 = { 558b939679f9ba3340afbdba02e0bb21 } | |
| $a_16 = { 558b4d5424dca1b5d9c213b9c15addcf } | |
| $a_17 = { 558b1ce677b808ce4d67ba6d9f1ba860 } | |
| $a_18 = { 558bf28bf88bc6e81d8ff9ff8bd88bc7 } | |
| $a_19 = { 558bec53565784d2740883c4f0e88683 } | |
| $a_20 = { 558bec53568b45088b40fce87495feff } | |
| $a_21 = { 558bec52508b450850516a00a1c0a549 } | |
| $a_22 = { 558bec5356578bf88bc7e8352c00008b } | |
| $a_23 = { 558bec6a0033c055681634420064ff30 } | |
| $a_24 = { 558bec51535684d2740883c4f0e8b6f4 } | |
| $a_25 = { 558bec33c05568514e460064ff306489 } | |
| $a_26 = { 558ba2605d9ac9362aedc0f2c38e24d4 } | |
| $a_27 = { 558bec538bd8a160a84900e850fbffff } | |
| $a_28 = { 558bec33c95151515133c055688bd641 } | |
| $a_29 = { 558bec83c4f884d2740883c4f0e8faf0 } | |
| $a_30 = { 558bec81c468feffff535657c70544a7 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Rescoms_cb94cf445abe2de8bac9b89089646c666dd9e8031e79c553c7c6464057c55208 { | |
| strings: | |
| $a_2 = { 558bb63d5ac20d0b556f16fbf11ea88c } | |
| $a_3 = { 558b4fb773d24da93f95bd667f438b6b } | |
| $a_4 = { 558b0024abc19ce53a0b8886216b9115 } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorWin32Rescoms_ffe7ddcff716708e3fb02c89b5f77e793ed9c56d31d2be50ac8d54a15fbc186b { | |
| strings: | |
| $a_2 = { 558bec83ec148d45ff8d4dec508d45fe } | |
| $a_3 = { 558bec518d45ffb95059410050ff1550 } | |
| $a_4 = { 558bec568b75083b750c74160fb70650 } | |
| $a_5 = { 558bec518d45ffb9f857410050ff1550 } | |
| $a_6 = { 558becff750cff7508e81c2500005dc3 } | |
| $a_7 = { 558bec803d905b4100017525ff75086a } | |
| $a_8 = { 558bec81ec180100008d85e8feffff68 } | |
| $a_9 = { 558bec568b7508578bf93b750c741456 } | |
| $a_10 = { 558bec51515356ff35645741008b358c } | |
| $a_11 = { 558bec568bf1807e3800740d8d45088d } | |
| $a_12 = { 558bec83ec5c53565733ff57575768d4 } | |
| $a_13 = { 558bec81ec20040000538b1d8c014100 } | |
| $a_14 = { 558bec8b450889411433c0505051680a } | |
| $a_15 = { 558becff7508e845000000595dc20400 } | |
| $a_16 = { 558bec83ec148b4d0c53568d45ff5750 } | |
| $a_17 = { 558bec83ec24568d4d08ff15a0024100 } | |
| $a_18 = { 558bec83ec1053bba859410056578bcb } | |
| $a_19 = { 558bec83ec2053bb7057410056578bcb } | |
| $a_20 = { 558bec81ec340300005356be40594100 } | |
| $a_21 = { 558bec566a066a016a00e828d900008b } | |
| $a_22 = { 558bec83ec10566a00ff751c8d4d0cff } | |
| $a_23 = { 558bec568b35380241008d4508684412 } | |
| $a_24 = { 558becff7508e8fbc50000595dc20800 } | |
| $a_25 = { 558bec81ec0c0100005333db391dbc5a } | |
| $a_26 = { 558bec53568d810004000033f65789b1 } | |
| $a_27 = { 558bec81ec0c0400008d450c50681900 } | |
| $a_28 = { 558bec81ece8030000535657ff152801 } | |
| $a_29 = { 558bec81ecfc0000005356578b7d0c83 } | |
| $a_30 = { 558bec83ec30565783ec10bf68524100 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Ripinip_808c4df6a4ba5ef3c53a11a063cbefea099e7096c15140e983b1e2cd846b5410 { | |
| strings: | |
| $a_2 = { 558bec515153568bf157683c404000c7 } | |
| $a_3 = { 558bec6aff680033400068fa2a400064 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Ripinip_e35a3fcc969361ccd63ba68e57688ae8a2f44cc9c5cf253a745ba6e8726f0c73 { | |
| strings: | |
| $a_2 = { 558bec6aff683033400068f42d400064 } | |
| $a_3 = { 558bd95657895c244033f68d4c241089 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32RMFdoor_b77fa739c568465af5c828a94a241aec4404a9b6d3873f97cdff0538912e8a7f { | |
| strings: | |
| $a_2 = { 558be8b76dbc054f288a5cb784431b3f } | |
| $a_3 = { 558b8419d1805c39630e285644a470bb } | |
| $a_4 = { 558bd9b31604c0beb1dd49bd606a044f } | |
| $a_5 = { 558b0d112152be8d63792b15ec650402 } | |
| $a_6 = { 558b75fd3661d680f32eb36f41d867c5 } | |
| $a_7 = { 558b5c04195a45e9c2173c0c0eae636d } | |
| $a_8 = { 558b7818583560550238c0855c72647d } | |
| $a_9 = { 558be9cefa1412c9115a6afdc40d1e73 } | |
| $a_10 = { 558b00306c06e8e7328d37e5392c2466 } | |
| condition: | |
| 8 of them | |
| } | |
| rule BackdoorWin32Rockse_7371667823fec481c4820d73b31ff6a622163cf2a2991a8e6df84d9e5866c228 { | |
| strings: | |
| $a_2 = { 558b34aeb657e88a488e4e81af716870 } | |
| $a_3 = { 558b125cbe4483f1189d688fa7f24dd2 } | |
| $a_4 = { 558b277e5ec5be29672f958d49e6eba5 } | |
| $a_5 = { 558bed4f7b53f3b25d24592b2307b2c8 } | |
| $a_6 = { 558b7758c5ce0297b2d549c5b912e619 } | |
| $a_7 = { 558bcc00260e0f87add3cfc18b731899 } | |
| $a_8 = { 558b25718d9652e3766f0fd90840efb6 } | |
| $a_9 = { 558be2a07e8df7875d5b10627f72537d } | |
| $a_10 = { 558bd94bb4e805c9040e616ad55075a1 } | |
| $a_11 = { 558bcc093006f29b909a78d78609218c } | |
| $a_12 = { 558bce754faea26f036e665948886f94 } | |
| $a_13 = { 558b85203579f08c818a34f07a97fd9a } | |
| $a_14 = { 558b9874d339128492e19870337e5072 } | |
| $a_15 = { 558bcb50bc15acb8e0df001682c9d2cc } | |
| condition: | |
| 12 of them | |
| } | |
| rule BackdoorWin32Ronged_9133f70e059ad71e43ae200f4cf77bcc73b6f39ff6a422922e25edf5eb1f4f12 { | |
| strings: | |
| $a_2 = { 558bec5151a120e1011033c58945fca1 } | |
| $a_3 = { 558bec6afe68d0bc011068a011011064 } | |
| $a_4 = { 558bec83ec10ff75088d4df0e8be99ff } | |
| $a_5 = { 558bec6afe68d0bd011068a011011064 } | |
| $a_6 = { 558bec8b0db8490210a1bc4902106bc9 } | |
| $a_7 = { 558bec8b4508ff34c5c0e20110ff1580 } | |
| $a_8 = { 558bec8b4508a3643702105dc36a1068 } | |
| $a_9 = { 558bec565733f6ff7508e87bcbffff8b } | |
| $a_10 = { 558bec51568b750c56e8eb3f00008945 } | |
| $a_11 = { 558bec6afe6830bd011068a011011064 } | |
| $a_12 = { 558bec81ec28030000a3302f0210890d } | |
| $a_13 = { 558bec83ec14a120e1011033c58945fc } | |
| $a_14 = { 558bec6afe6830be011068a011011064 } | |
| $a_15 = { 558bec6afe68f0be011068a011011064 } | |
| $a_16 = { 558bec8b450883f8fe750fe8d4d1ffff } | |
| $a_17 = { 558bec565733f6ff750cff7508e8222f } | |
| $a_18 = { 558becff354c310210e8961400005985 } | |
| $a_19 = { 558becff051c3702106800100000e8e8 } | |
| $a_20 = { 558bec81ec28030000a120e1011033c5 } | |
| $a_21 = { 558bec8b4508568d34c5c0e20110833e } | |
| $a_22 = { 558bec8b450883f8fe7518e860b3ffff } | |
| $a_23 = { 558bec6a0a6a00ff7508e85bf8ffff83 } | |
| $a_24 = { 558bec83ec10ff75088d4df0e8d9a5ff } | |
| $a_25 = { 558bec6afe6810bc011068a011011064 } | |
| $a_26 = { 558bec6afe68f0bf011068a011011064 } | |
| $a_27 = { 558bec51535657ff35a8490210e8b0d2 } | |
| $a_28 = { 558bec6afe6890bc011068a011011064 } | |
| $a_29 = { 558bec81ec94000000c7856cffffff00 } | |
| $a_30 = { 558bec8b4508a3f43502105dc38bff55 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32RSM_025834c6af8e5f6d563ecf08d7ca85afb60a5956b09d36d13a46bd133895484e { | |
| strings: | |
| $a_2 = { 558bf88e54bbf87e5f9a17f21dcd913e } | |
| $a_3 = { 558be4824c537360c74940aec521c576 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Ruledor_32601a23d2ade3f94bf88c3644434b2b0a82477b63a8e95de730df49455ff21a { | |
| strings: | |
| $a_2 = { 558bec833ddc1e420000750fff750cff } | |
| $a_3 = { 558bec5756538b750c8b7d088d05581d } | |
| $a_4 = { 558bac243c0200008d8c242801000055 } | |
| $a_5 = { 558bec83ec0c53568b7508573b352032 } | |
| $a_6 = { 558bec8b450885c075025dc3833d601d } | |
| $a_7 = { 558bec81ec400300005356578b7d0c83 } | |
| $a_8 = { 558be98d4c24108b451450e8700d0000 } | |
| $a_9 = { 558bec6aff686812400068ec8a410064 } | |
| $a_10 = { 558bec81ec0001000056578b7d0c33f6 } | |
| $a_11 = { 558bec81ec00050000568d8500fbffff } | |
| $a_12 = { 558bec81ec000200005657ff750c8bf9 } | |
| $a_13 = { 558becb800100000e8a086ffff538b5d } | |
| $a_14 = { 558bec5151833d601c42000056577421 } | |
| $a_15 = { 558bec81ec000500008d8500fbffff68 } | |
| $a_16 = { 558bec6aff687016400068ec8a410064 } | |
| $a_17 = { 558bec81ec040100008365fc00538b5d } | |
| $a_18 = { 558bec83ec14a1343242008b15383242 } | |
| $a_19 = { 558bec6aff685013400068ec8a410064 } | |
| $a_20 = { 558bec6aff685816400068ec8a410064 } | |
| $a_21 = { 558bec518365fc00538b5d0c578bfb83 } | |
| $a_22 = { 558bec6aff68c812400068ec8a410064 } | |
| $a_23 = { 558bec81ec000200005733ff57ff7510 } | |
| $a_24 = { 558bec81ec0c01000053565768b84140 } | |
| $a_25 = { 558bec81ec04020000568d450857508d } | |
| $a_26 = { 558bec51515333db391d483242005657 } | |
| $a_27 = { 558bec81ec08020000568d45fc5733f6 } | |
| $a_28 = { 558bec51833d601d42000053751d8b45 } | |
| $a_29 = { 558bec81ec00010000568bf16a00ff15 } | |
| $a_30 = { 558bec81ec4c0a000053568d85b4f5ff } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Runar_0a748183e41b9a1153a28a947f9a9709a1bab146bab23223b638b9addfac68af { | |
| strings: | |
| $a_2 = { 558bec83ec18683615400064a1000000 } | |
| $a_3 = { 558bec83ec0c683615400064a1000000 } | |
| $a_4 = { 558bec83ec08683615400064a1000000 } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorWin32Rupski_d72694857505a54621351b6d479bcdde6eccaa9ea7a7f1a85dfff93102085911 { | |
| strings: | |
| $a_2 = { 558bec8b45088b4008f7401400100000 } | |
| $a_3 = { 558bec568b750833c06689068b460485 } | |
| $a_4 = { 558bec83ec148b4508568bf18945f48b } | |
| $a_5 = { 558bec5153568b35e0f6420032dbc745 } | |
| $a_6 = { 558bec8b4d0c5685c97516e89d070000 } | |
| $a_7 = { 558bec8b550ca1f0b84200f7d28b4d08 } | |
| $a_8 = { 558bec51894dfc6a00ff3504404000ff } | |
| $a_9 = { 558bec83ec188d4de853ff7510e84581 } | |
| $a_10 = { 558becff750c6a00ff75086838474100 } | |
| $a_11 = { 558bec83e4f883ec348b45085668007f } | |
| $a_12 = { 558bec83ec2453568bf1578b3d982042 } | |
| $a_13 = { 558bec5151a178b1420033c58945fc53 } | |
| $a_14 = { 558bec83ec0c578d45f433ff50ff7508 } | |
| $a_15 = { 558bec535657556a006a006828c14100 } | |
| $a_16 = { 558bec8b4508a3a0f142005dc3cccccc } | |
| $a_17 = { 558becb8f01a0000e80c0e0000a178b1 } | |
| $a_18 = { 558bec83ec10ff75108d4df0e891efff } | |
| $a_19 = { 558bec81ec20050000a178b1420033c5 } | |
| $a_20 = { 558bec81ec0c080000a178b1420033c5 } | |
| $a_21 = { 558bec568b7508578bf985f674686683 } | |
| $a_22 = { 558bec0fb745085348565783e8010f84 } | |
| $a_23 = { 558bec8b4d0833c03b0cc51836420074 } | |
| $a_24 = { 558bec83ec10eb0dff7508e827380000 } | |
| $a_25 = { 558becf6450801568bf1c60591354300 } | |
| $a_26 = { 558bec568b7508b940bc42003bf17222 } | |
| $a_27 = { 558bec538bd98b4d08565785c90f84bc } | |
| $a_28 = { 558bec6aff683207420064a100000000 } | |
| $a_29 = { 558bec5151568b75085756e823170000 } | |
| $a_30 = { 558bec83ec088b550c538bd98bca894d } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Sacto_650c3274af494772bc80735dd8a806e540a4b8662c0569512089a0c58e093bfc { | |
| strings: | |
| $a_2 = { 558bec6aff6850f340006894b9400064 } | |
| $a_3 = { 558bac241c1400005633db578b85ac00 } | |
| $a_4 = { 558b6c2438568944240c8944242c8bf1 } | |
| $a_5 = { 558bcbe837e6ffff5f5e5d33c05b81c4 } | |
| $a_6 = { 558bec6aff6808f340006894b9400064 } | |
| $a_7 = { 558bec6aff6828f340006894b9400064 } | |
| $a_8 = { 558bec6aff6878f340006894b9400064 } | |
| $a_9 = { 558bcbe83e0400008983600100005d5b } | |
| $a_10 = { 558bec6aff6860f340006894b9400064 } | |
| $a_11 = { 558bec5153568b35641d410057837e10 } | |
| $a_12 = { 558bec8b450885c075025dc3833d5447 } | |
| $a_13 = { 558b6c24105633f685ed0f8e81000000 } | |
| $a_14 = { 558bec51515333db391d085b41005657 } | |
| $a_15 = { 558bec83ec14a1d45941008b15d85941 } | |
| $a_16 = { 558bec6aff6890f740006894b9400064 } | |
| $a_17 = { 558becb800100000e83096ffff538b5d } | |
| $a_18 = { 558bec535657556a006a00683c7a4000 } | |
| $a_19 = { 558b2d0cf240008b5424108d4c241051 } | |
| $a_20 = { 558bec51568b750885f6745aa1e45941 } | |
| $a_21 = { 558bec51833d544741000053751d8b45 } | |
| $a_22 = { 558bc18bf1c1f80583e61f8d3c85005a } | |
| $a_23 = { 558bec6aff6818f340006894b9400064 } | |
| $a_24 = { 558bec6aff6840f340006894b9400064 } | |
| $a_25 = { 558bec5151833da84541000056577421 } | |
| $a_26 = { 558bec6aff6830f740006894b9400064 } | |
| $a_27 = { 558b2d44f14000565733db33f633ff3b } | |
| $a_28 = { 558becb82c120000e81cbfffff8d8568 } | |
| $a_29 = { 558bec6aff6878f740006894b9400064 } | |
| $a_30 = { 558b6c240c565755e82b44000083c404 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Sakkair_246a7073a4349b9d810416321ee6dbb07bdefd72ca253e10ca6e3fb5e9d95986 { | |
| strings: | |
| $a_2 = { 558bec83ec1053565766c745f0020090 } | |
| $a_3 = { 558bec81ecbc0a0000535657681c0500 } | |
| $a_4 = { 558bec5356576a01583905f44240000f } | |
| $a_5 = { 558bec81ec900100005356579090908b } | |
| $a_6 = { 558bec83ec4c5356578bd99090908b35 } | |
| $a_7 = { 558bec81ec780300005356578d45fc33 } | |
| $a_8 = { 558bec6aff6808314000688a20400064 } | |
| $a_9 = { 558bec83ec1056576a04588945f48945 } | |
| $a_10 = { 558becb8c8100000e8640d0000535657 } | |
| $a_11 = { 558becb858100000e890080000535657 } | |
| $a_12 = { 558bec57ff7508ff15e43040008bf885 } | |
| $a_13 = { 558bec83ec0c8d450c6a04506a0868ff } | |
| condition: | |
| 10 of them | |
| } | |
| rule BackdoorWin32Salamdom_ea10924b0446133bcd1ff9431b9d7e74b773117312d15ca35167f079831e0cd9 { | |
| strings: | |
| $a_2 = { 558bec62d83dc03666c55e49677003bc } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Salsnit_475d6a0dd57fc7f75127054df2758cc5b4c07cd72ffb4079b583815169cc2a10 { | |
| strings: | |
| $a_2 = { 558bec81ec1001000053568bf15780be } | |
| $a_3 = { 558bc8e801e0ffffeb0233c0682c0100 } | |
| $a_4 = { 558bec837d0800568b354cc101107405 } | |
| $a_5 = { 558bec83ec10535657bebc0500008bf9 } | |
| $a_6 = { 558bec83ec108365f800535657bfb405 } | |
| $a_7 = { 558bec83ec448b450c538b5d088365fc } | |
| $a_8 = { 558bec83ec3453568b3550c1011057bf } | |
| $a_9 = { 558bec6aff6880c301106870b6011064 } | |
| $a_10 = { 558bec515356578bf1e8f35b0000f646 } | |
| $a_11 = { 558bec83ec148d45ec50ff157cc10110 } | |
| $a_12 = { 558bec5133d2395108750432c0c9c38b } | |
| $a_13 = { 558bec5153568bf15733db8b86ac0100 } | |
| $a_14 = { 558bec83ec1c535733ff68bae2011089 } | |
| $a_15 = { 558bec5156578bf1e85a35000084c00f } | |
| $a_16 = { 558bec81ec9c000000576a245933c08d } | |
| $a_17 = { 558bec515153565733ff57576a025757 } | |
| $a_18 = { 558bec81ec08010000535633db575368 } | |
| $a_19 = { 558bec6aff6890c401106870b6011064 } | |
| $a_20 = { 558bec81ec28010000807d100056570f } | |
| $a_21 = { 558bec81ec700a00008b45085356834d } | |
| $a_22 = { 558bec807d08ff740b807d08f774058a } | |
| $a_23 = { 558bec51538b5d0856578b03894dfc8b } | |
| $a_24 = { 558bec81ec0c0100008b45205356578b } | |
| $a_25 = { 558bec51518d45f8508b450c668b0050 } | |
| $a_26 = { 558bec518b4d0833c0c645fc018a4137 } | |
| $a_27 = { 558bec51578b7d0c85ffc745fc070000 } | |
| $a_28 = { 558bec568b45148b4d088b1189108b45 } | |
| $a_29 = { 558bec515356578bf1c645ff01e85c28 } | |
| $a_30 = { 558bec51518d4df8e84897ffff8b4508 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Saluchtra_8f522ec9f92a9910cc02073d5cbb43dd8bfd5317db7d66ba0e84a0cdad1bcd0b { | |
| strings: | |
| $a_2 = { 558becff7508ff15ac20420085c07508 } | |
| $a_3 = { 558bec51515633f639750c751de834ca } | |
| $a_4 = { 558bec8b4508ff34c5f0854200ff1598 } | |
| $a_5 = { 558bec83ec10ff750c8d4df0e84fcbff } | |
| $a_6 = { 558bec56fc8b750c8b4e0833cee8cddf } | |
| $a_7 = { 558bec568b75088b460ca8837510e8be } | |
| $a_8 = { 558bec56ff75088bf1e816c3ffffc706 } | |
| $a_9 = { 558beca1e480420085c075065de9c21e } | |
| $a_10 = { 558bec83ec10a19c81420033c58945fc } | |
| $a_11 = { 558bec8b4508568d34c5f0854200833e } | |
| $a_12 = { 558bec8b45088b0885c97411e8b286ff } | |
| $a_13 = { 558bec5151535633f6578b3d4c9e4200 } | |
| $a_14 = { 558bec6aff68f00b420064a100000000 } | |
| $a_15 = { 558bec83ec7ca19c81420033c58945fc } | |
| $a_16 = { 558bec8b4508a37ca142005dc38bff55 } | |
| $a_17 = { 558bec83ec10ff75088d4df0e83cccff } | |
| $a_18 = { 558bec6aff685810420064a100000000 } | |
| $a_19 = { 558bec803dc898420000751268bc8c40 } | |
| $a_20 = { 558bec81ec28030000a3b89a4200890d } | |
| $a_21 = { 558bec565733f6ff750cff7508e8279f } | |
| $a_22 = { 558bec81ec78020000a19c81420033c5 } | |
| $a_23 = { 558bec515156e8ede3ffff8bf085f60f } | |
| $a_24 = { 558bec83ec1853ff75148d4de8e82ffa } | |
| $a_25 = { 558bec81ec98000000a19c81420033c5 } | |
| $a_26 = { 558bec68a42d4200ff150021420085c0 } | |
| $a_27 = { 558bec5356578b7d08837f2000bb208e } | |
| $a_28 = { 558bec568bf1c706ac224200e836ffff } | |
| $a_29 = { 558bec83ec14a178b442008b4d086bc0 } | |
| $a_30 = { 558bec8b4508a310a342005dc36a1068 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32ScarCruft_be35b7882469ae4d9de233f75e7bebf211fddc2c878694479a3e5872a4e78542 { | |
| strings: | |
| $a_2 = { 558bec685c790110e863fdffff83c404 } | |
| $a_3 = { 558bec51837d0c007419a1ccde011089 } | |
| $a_4 = { 558bec8bc18b4d08c700388c01108b09 } | |
| $a_5 = { 558bec83ec10a1f0c801108365f80083 } | |
| $a_6 = { 558bec8b450850e846a3000083c4045d } | |
| $a_7 = { 558bec565733f6ff750cff7508e88b34 } | |
| $a_8 = { 558bec6afe6870a201106860d6001064 } | |
| $a_9 = { 558bec83ec2ca1f0c8011033c58945fc } | |
| $a_10 = { 558becff3520e00110e8532600005985 } | |
| $a_11 = { 558bec51c645ff00681c790110682479 } | |
| $a_12 = { 558bec8b0dfcfb0110a100fc01106bc9 } | |
| $a_13 = { 558bec565733f6ff7508e8aabcffff8b } | |
| $a_14 = { 558bec8b4508a380e901105dc38bff55 } | |
| $a_15 = { 558bec81ec78030000a1f0c8011033c5 } | |
| $a_16 = { 558bec83ec086a006a026a046a006a01 } | |
| $a_17 = { 558bec83ec105333db538d4df0e8cecf } | |
| $a_18 = { 558bec83ec20a1f0c8011033c58945f4 } | |
| $a_19 = { 558bec837d0c00740a8b450c50ff15d4 } | |
| $a_20 = { 558bec81ec10060000a1f0c8011033c5 } | |
| $a_21 = { 558bec83ec20a1f0c8011033c58945f0 } | |
| $a_22 = { 558beca160e9011083ec0c53568b35b8 } | |
| $a_23 = { 558bec81ec48010000a1f0c8011033c5 } | |
| $a_24 = { 558bec83ec38a1f0c8011033c58945f8 } | |
| $a_25 = { 558bec83ec10ff75088d4df0e81f8eff } | |
| $a_26 = { 558beca1f0de011050ff15b07001105d } | |
| $a_27 = { 558bec81ec68030000a1f0c8011033c5 } | |
| $a_28 = { 558bec6a08ff7508e8fb49000059595d } | |
| $a_29 = { 558bec83ec18c745fc00000000e8be4a } | |
| $a_30 = { 558bec81ec28030000a330e10110890d } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Scieron_8125c9699acdda16680faf2f66bc56a53e4fc91eaf27bb4b1815009ef17b4daa { | |
| strings: | |
| $a_2 = { 558b6c241456578bf0e86feeffff8b06 } | |
| $a_3 = { 558b6c241c56578bf0e82ff2ffff6a0c } | |
| $a_4 = { 558bc3e8b10200008bf03bfd740757ff } | |
| $a_5 = { 558b6c241c56578bf00fb64424185550 } | |
| $a_6 = { 558bac24940000005657c74424100000 } | |
| $a_7 = { 558bac241440000056578bf133ffe852 } | |
| $a_8 = { 558bec83e4f881ec3c040000568d7424 } | |
| $a_9 = { 558b6c240c5657558bf0e8a1f9ffff83 } | |
| condition: | |
| 7 of them | |
| } | |
| rule BackdoorWin32SdBot_6688277778394b6e8c6ecac855929e5295e6a474491e45c8c2420a749499e8c3 { | |
| strings: | |
| $a_2 = { 558bec81ec60040000535633f65746bf } | |
| $a_3 = { 558bec5153568b3514ff410057837e10 } | |
| $a_4 = { 558bec6aff6810844100689801410064 } | |
| $a_5 = { 558bec51833d88a9420000535657751d } | |
| $a_6 = { 558bec51515333db391d08bf42005657 } | |
| $a_7 = { 558bec81ec80030000538b1d18814100 } | |
| $a_8 = { 558bec81ec1c0100005356578d85e4fe } | |
| $a_9 = { 558bec81ec0008000056beff03000056 } | |
| $a_10 = { 558bec515153568b35301f4200578b56 } | |
| $a_11 = { 558bec81ecb80500008b450853565733 } | |
| $a_12 = { 558bec6aff68d8844100689801410064 } | |
| $a_13 = { 558bec5756538b750c8b7d088d0580a9 } | |
| $a_14 = { 558bec81ec0c0200005357bf00010000 } | |
| $a_15 = { 558bec6aff68c8884100689801410064 } | |
| $a_16 = { 558bec81ec680c00008065ff00535657 } | |
| $a_17 = { 558bec81ec04030000568d85fcfcffff } | |
| $a_18 = { 558bec83ec2466a188aa410056575066 } | |
| $a_19 = { 558becb8b0100000e84828000053568b } | |
| $a_20 = { 558bec81ec4403000053568d45d05733 } | |
| $a_21 = { 558bec81ec380300005356be00010000 } | |
| $a_22 = { 558bec81eccc0000008d45f050ff155c } | |
| $a_23 = { 558bec83ec388365fc00c745c880ea41 } | |
| $a_24 = { 558b2d70814100565733db33f633ff3b } | |
| $a_25 = { 558bec81eca00000005356be80000000 } | |
| $a_26 = { 558bec83ec28c745f06cf54100c745f4 } | |
| $a_27 = { 558bec833d8cab420000750fff750cff } | |
| $a_28 = { 558bec81ec900000005356576a0e33db } | |
| $a_29 = { 558bec6aff6860884100689801410064 } | |
| $a_30 = { 558bec81ec2c0100005356576a495933 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Sensode_bf34fd12f7b42ff4e440f995eec1a79ee09e732843740284b96a6f92155e4054 { | |
| strings: | |
| $a_2 = { 558becff3578274100e89535000085c0 } | |
| $a_3 = { 558bec8b4508568d34c568194100833e } | |
| $a_4 = { 558bec83ec10ff75088d4df0e82879ff } | |
| $a_5 = { 558bec83ec0ca11015410033c58945fc } | |
| $a_6 = { 558bec5151578d45f850ff15ace04000 } | |
| $a_7 = { 558bec83ec105333db538d4df0e805a9 } | |
| $a_8 = { 558bec5151a11015410033c58945fca1 } | |
| $a_9 = { 558b2e8986920a4205410cc7a006a191 } | |
| $a_10 = { 558bec83ec1456578b4514508b4d1051 } | |
| $a_11 = { 558b0bfd98bd0cb4916602ca5c1e08f1 } | |
| $a_12 = { 558bec515156576810e24000ff7508e8 } | |
| $a_13 = { 558bec83ec0c5333db391d5443410056 } | |
| $a_14 = { 558bec5151568d45f850ff15ace04000 } | |
| $a_15 = { 558bec83ec14833d8825010000750733 } | |
| $a_16 = { 558bec535657556a006a0068ccbb4000 } | |
| $a_17 = { 558bec83ec20a11015410033c58945fc } | |
| $a_18 = { 558bec83ec1053ff75108d4df0e81a70 } | |
| $a_19 = { 558bec83ec1456ff75108d4dece89989 } | |
| $a_20 = { 558bec83ec445657c745c800100000c7 } | |
| $a_21 = { 558bec83ec205333db395d10751de87a } | |
| $a_22 = { 558bca50705800eb29d962c696801a93 } | |
| $a_23 = { 558bec81ec48020000a11015410033c5 } | |
| $a_24 = { 558bec83ec285657a17c25010083c001 } | |
| $a_25 = { 558bec5633f639358430410075303975 } | |
| $a_26 = { 558bec837d100074128b450c8a4d08ff } | |
| $a_27 = { 558bec83ec205657a1602501002b0564 } | |
| $a_28 = { 558bec83ec2456570fb6050025010085 } | |
| $a_29 = { 558bec53568b750c33db3bf3750433c0 } | |
| $a_30 = { 558bec83ec205333db395d0c751de85b } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Sharat_a747aab7d9fa397b28db3b7fbec771ce9b296fc701cc98be6b2d0e44364ce3e6 { | |
| strings: | |
| $a_2 = { 558bec81eca4000000c78560ffffff10 } | |
| $a_3 = { 558bec81ecc4000000c78540ffffff20 } | |
| $a_4 = { 558bec81ec5009000056c785f0f6ffff } | |
| $a_5 = { 558bec81ecc4000000c78540ffffff0e } | |
| $a_6 = { 558bec83ec5c56c745ac000000008b45 } | |
| $a_7 = { 558bec81ec44010000c785c0feffff28 } | |
| $a_8 = { 558bec81ece4000000c7459039000000 } | |
| $a_9 = { 558bec81ec9009000056c785f0f6ffff } | |
| $a_10 = { 558bec81ec44010000c785c0feffff3a } | |
| $a_11 = { 558bec81ec0c01000056c78514ffffff } | |
| $a_12 = { 558bec83ec186804010000e8ad080000 } | |
| $a_13 = { 558bec83ec3056c745e4000000008b45 } | |
| $a_14 = { 558bec81ec880c000056576860ea0000 } | |
| $a_15 = { 558bec81ec14080000c785f4f7ffff0e } | |
| $a_16 = { 558bec6aff689860400068605d400064 } | |
| $a_17 = { 558bec83ec1cc745e400000000eb098b } | |
| condition: | |
| 14 of them | |
| } | |
| rule BackdoorWin32Shark_2f103ecfdc633afd834c024d00c02e322e5fee8dbf901c2fbc636924268726bf { | |
| strings: | |
| $a_2 = { 558bec1583c4d8ee805a81eabd36808b } | |
| $a_3 = { 558bcbd6f3005001c64f58ba311c00f4 } | |
| $a_4 = { 558b1f9ef8b4805ffe90aa45fc01652d } | |
| $a_5 = { 558b549d13c35e4c144b65d111885044 } | |
| $a_6 = { 558b29071a88e01b12f100617b93d9d5 } | |
| $a_7 = { 558baca8ee1649c9cf70b4450001e160 } | |
| $a_8 = { 558b0301fb1ee5bf800dd1ea4b0ed07f } | |
| $a_9 = { 558bc5539061318700f50c9123cbf847 } | |
| $a_10 = { 558b40f09f963d30e3f4ba2e000ac5df } | |
| $a_11 = { 558bf8e180beb6b9fe9dd4c8008971f2 } | |
| $a_12 = { 558b88b315aa0011402f66292d2e5300 } | |
| $a_13 = { 558b01ec83c4fc60c745d28f39a1750c } | |
| $a_14 = { 558bd50054bb8e4b3904eacae60856d5 } | |
| $a_15 = { 558bec7df0000167569cd859974b0082 } | |
| condition: | |
| 12 of them | |
| } | |
| rule BackdoorWin32Shesmi_6cb749af3c4e7eba9fc2b41cce270a3837b2e5d241a05935b0fdf6ffe171d2c1 { | |
| strings: | |
| $a_2 = { 558bec518d45fc568bf150e866420000 } | |
| $a_3 = { 558bec51ff750c8365fc00ff7508e808 } | |
| $a_4 = { 558bec81ec040400008b450c535633db } | |
| $a_5 = { 558bec6aff68188d4000680c72400064 } | |
| $a_6 = { 558bec81ec080200008d85f8fdffff68 } | |
| $a_7 = { 558bec83ec1c568b35e08440005733ff } | |
| $a_8 = { 558becb808200000e8ed5200008d45f8 } | |
| $a_9 = { 558bec83ec10568d45f08bf150ffb680 } | |
| $a_10 = { 558bcee86a4c00006a058bcee82b4c00 } | |
| $a_11 = { 558bec81ec080400005356578bf16a01 } | |
| $a_12 = { 558bec515657e8ea4100008bf08b4510 } | |
| $a_13 = { 558bcbe8bfbbffff8b7c2414396f087e } | |
| $a_14 = { 558bec518d45fc568bf150e82c420000 } | |
| $a_15 = { 558bec81ec14010000568bf15733ff8b } | |
| $a_16 = { 558bec83ec188d45f8568bf150ff15e8 } | |
| condition: | |
| 13 of them | |
| } | |
| rule BackdoorWin32Shoco_3beaaedaf0a99d04b13d9d9b21cd57c4625c96d23f280ef0cc0ae0441d40f93a { | |
| strings: | |
| $a_2 = { 558bec81ecd80000005657b918000000 } | |
| $a_3 = { 558bec6aff68c850400068204d400064 } | |
| $a_4 = { 558bec83ec48535657c645b82bc645b9 } | |
| $a_5 = { 558bec81ec800800005356b2618bf157 } | |
| $a_6 = { 558bec81ec3c030000b03256c645e857 } | |
| $a_7 = { 558bec81ec840000005657b918000000 } | |
| $a_8 = { 558bec83ec0c8b4508894108eb0860d5 } | |
| $a_9 = { 558bec81ecd0020000535657eb08d43a } | |
| $a_10 = { 558becb89c130000e8132b000056eb08 } | |
| $a_11 = { 558bec51568b7508578bfe83c9ff33c0 } | |
| $a_12 = { 558bec5157eb086a2fce922d2f3192c7 } | |
| $a_13 = { 558bec83ec08535657eb08fed06a50b9 } | |
| $a_14 = { 558bec83ec0857eb08a57b6e7fe27b91 } | |
| $a_15 = { 558bec6aff68d850400068204d400064 } | |
| $a_16 = { 558bec81ec1001000057c645f44fc645 } | |
| $a_17 = { 558bec81ec300300005657b909000000 } | |
| $a_18 = { 558bec81ec600800008b45145356576a } | |
| $a_19 = { 558bec81ec8401000066a1006f400056 } | |
| $a_20 = { 558bec83ec0ceb08ca1007a88d10f8a8 } | |
| $a_21 = { 558bec81ecf40000005356578bf1eb08 } | |
| $a_22 = { 558bec5156eb08975c1922d05ce622c7 } | |
| condition: | |
| 18 of them | |
| } | |
| rule BackdoorWin32Shuq_9ba56de38106f6ebf0daa5ec843c7828955b922bda442c1cb292ce61686be6a2 { | |
| strings: | |
| $a_2 = { 558bec51518b450c5356576a0333c999 } | |
| $a_3 = { 558bec81ece8030000ff75088d8518fc } | |
| $a_4 = { 558bec83ec0c56578bf133ff397e0474 } | |
| $a_5 = { 558bec83ec0c535657894dfc33ff33db } | |
| $a_6 = { 558bec518365fc00518b4d08e8650900 } | |
| $a_7 = { 558bec538b5d08565785db8bf1750433 } | |
| $a_8 = { 558bec6aff68a097400068a075400064 } | |
| $a_9 = { 558bec81ec0c0100008b01568985f8fe } | |
| $a_10 = { 558bec81ec2c010000535657682c0100 } | |
| $a_11 = { 558bec81ec900200008d8570fdffff56 } | |
| condition: | |
| 9 of them | |
| } | |
| rule BackdoorWin32Siluhdur_d17d12ae20a06882ccd9c583eed6e32a7f4fe07dc3a77525e64e6fc54474e309 { | |
| strings: | |
| $a_2 = { 558bec33c055680940001064ff306489 } | |
| $a_3 = { 558bec6a006a006a00535657bb789300 } | |
| $a_4 = { 558bec33c055689932001064ff306489 } | |
| $a_5 = { 558bec51b92f0000006a006a004975f9 } | |
| $a_6 = { 558bec33c05568293f001064ff306489 } | |
| $a_7 = { 558bec33c05568412e001064ff306489 } | |
| $a_8 = { 558bec83c4f053568d45088b15d03200 } | |
| $a_9 = { 558bec33c05568d129001064ff306489 } | |
| $a_10 = { 558bec6a00538bd833c0556810470010 } | |
| $a_11 = { 558bec83c4e85356578bf08d7de8b906 } | |
| $a_12 = { 558bec6a006a0053568bf033c0556825 } | |
| $a_13 = { 558bec81c4d0fdffff53565733c9898d } | |
| $a_14 = { 558bec33c05568b92e001064ff306489 } | |
| $a_15 = { 558bec83c4ec53568bf18955fc8bd88b } | |
| $a_16 = { 558bec51538bda8945fc8b45fce80acc } | |
| $a_17 = { 558bec33c05568d13f001064ff306489 } | |
| $a_18 = { 558bec33c055689929001064ff306489 } | |
| $a_19 = { 558bec33c05568f13e001064ff306489 } | |
| $a_20 = { 558bec6a00538bd833c0556898440010 } | |
| $a_21 = { 558bec33c05568792e001064ff306489 } | |
| $a_22 = { 558bec33c05568613f001064ff306489 } | |
| $a_23 = { 558bec83c4d85356578bf18d7dd8b906 } | |
| $a_24 = { 558bec33c055685028001064ff306489 } | |
| $a_25 = { 558bec8b550c8b4508ff15488000105d } | |
| $a_26 = { 558bec33c05568d92b001064ff306489 } | |
| $a_27 = { 558bec33c05568482c001064ff306489 } | |
| $a_28 = { 558bec515356578945fcbe34950010bf } | |
| $a_29 = { 558bec33c05568692f001064ff306489 } | |
| $a_30 = { 558bf98bea8bf0b8101a00103b052c80 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Simbot_95fe8851ac1876f327a3bfb54f4be0e1b8c0ff61cc366b907047543d0cde2e9b { | |
| strings: | |
| $a_2 = { 558bec51518365fc005356576a00ff15 } | |
| $a_3 = { 558bec83ec0c33c03945108945f88945 } | |
| $a_4 = { 558bec81ec000100008b4d0853565733 } | |
| $a_5 = { 558b6c240856578b3d383040005533f6 } | |
| condition: | |
| 4 of them | |
| } | |
| rule BackdoorWin32Simda_a35d681eb54456716bce5c4c6b22ebe4067adb14e9f279d825a5a159c4288463 { | |
| strings: | |
| $a_2 = { 558bec83ec105333db5633f6895dfc39 } | |
| $a_3 = { 558bec81ec180100005768030100008d } | |
| $a_4 = { 558bec518365fc00833db4a942000056 } | |
| $a_5 = { 558bec518365fc0033c039450c742685 } | |
| $a_6 = { 558bec5668040100006808a4420033f6 } | |
| $a_7 = { 558bec6a0068800000006a026a006a03 } | |
| $a_8 = { 558b2a6b2560810a5ffb0909d32a918a } | |
| $a_9 = { 558bec5633f63975087e156a19e81701 } | |
| $a_10 = { 558bec81ec0401000053576a0333ffe8 } | |
| $a_11 = { 558bec812fd349fb530a15013e86f089 } | |
| $a_12 = { 558bec5356578b7d0885ff74148bf28b } | |
| $a_13 = { 558bec5633f6393528a542007405e8c9 } | |
| $a_14 = { 558bec515356576a1058e8161000008b } | |
| $a_15 = { 558bec81ec540400005356576a00ff15 } | |
| $a_16 = { 558bec81ec1002000053565733dbbe03 } | |
| $a_17 = { 558bec5333db568bf0395d087449395d } | |
| $a_18 = { 558bec0f31310500504000ff15b84040 } | |
| $a_19 = { 558bec83ec1053565733f66a0433db5f } | |
| $a_20 = { 558bec81ec2404000053565733db6a3c } | |
| $a_21 = { 558bec81ec1c02000053565733db6803 } | |
| $a_22 = { 558bec83ec1056576a3c33ff58897dfc } | |
| $a_23 = { 558bec81ec58010000681c0100008d85 } | |
| $a_24 = { 558bec535657556a006a0068fc304000 } | |
| $a_25 = { 558bce2bcb03c1a314a542006a1858e8 } | |
| $a_26 = { 558bec81ec08020000535657be030100 } | |
| $a_27 = { 558bec5153568bd885ff744285db743e } | |
| $a_28 = { 558bec51536800614000e8f11900008b } | |
| $a_29 = { 558bec81ec0c020000c745fc01000000 } | |
| $a_30 = { 558bec83ec106a04c745f023000000c7 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Singu_15a6c5e60a453614adec20c5976c5da14db751e24411e7df57fddafd8f456e21 { | |
| strings: | |
| $a_2 = { 558b6bf871f405aade251179a127656b } | |
| $a_3 = { 558be9ce22392279fa5adedc8443dd04 } | |
| $a_4 = { 558bd9b3e8c743807d63bf04e1ffd7b2 } | |
| $a_5 = { 558be955d254e1150564eb7bf04240c0 } | |
| $a_6 = { 558bd9662d0449a51dd89b6dc06a049f } | |
| condition: | |
| 5 of them | |
| } | |
| rule BackdoorWin32Skubur_312ef74898fdeb0c30db67017cd5bf7514d3cd1ff150196d2b0cea3e22b5cfc1 { | |
| strings: | |
| $a_2 = { 558bec83ec1868a614400064a1000000 } | |
| $a_3 = { 558bec83ec0c68a614400064a1000000 } | |
| $a_4 = { 558bec83ec0868a614400064a1000000 } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorWin32Slackbot_d849c54e567a4a76e25e6130da8bb1d3b9fe7264a40aec4b94d6952a32ae78e9 { | |
| strings: | |
| $a_2 = { 5589e55c556a00776fef6e0168925aff } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Smadow_c790c5fe7e6874c32121f05621254b289deeecd6387146bb622efbfaf5f2bd5a { | |
| strings: | |
| $a_2 = { 558bec81ec10010000a1a8fb0100538b } | |
| $a_3 = { 558beca1a8fb010085c0b940bb000074 } | |
| $a_4 = { 558be0e9c63fe30c63bc1016e2fb3e33 } | |
| $a_5 = { 558bec83ec0c8322008365f400568bf1 } | |
| $a_6 = { 558bec51a15cfc010053568b35a4f901 } | |
| $a_7 = { 558bec5156684b73656368180500006a } | |
| $a_8 = { 558bec83ec2057ff750c8d45f850ff15 } | |
| $a_9 = { 558b670d8c692e70a72c719520603ba1 } | |
| $a_10 = { 558bec83ec0c535657bf18fc0100c745 } | |
| $a_11 = { 558bec51833dc8fb01000075238d45fc } | |
| $a_12 = { 558bec83ec188d45e850c745e8010000 } | |
| $a_13 = { 558b0d2572011003c2496bc605290537 } | |
| $a_14 = { 558b7c240c031dce700110891d447001 } | |
| $a_15 = { 558bec83ec64a1a8fb01005356578b5d } | |
| condition: | |
| 12 of them | |
| } | |
| rule BackdoorWin32Small_000b380d1edf16748f19f77a047980eb302b496041ddfc43f75d527b5ef0ee04 { | |
| strings: | |
| $a_2 = { 558b04ab8fefad2d5bc2a2fe0cc62790 } | |
| $a_3 = { 558b1124125d7804da0e0059146e79b3 } | |
| $a_4 = { 558bed0d3871385c29bae97ef0658366 } | |
| $a_5 = { 558b0e80953db70c2aef684c58b9c5f3 } | |
| $a_6 = { 558bf6e7c52b815a83d768cc8e009703 } | |
| $a_7 = { 558ba8b1b5ce86378ba865f413dd1bf7 } | |
| $a_8 = { 558b4d1a4d61eb05502c838abd6e196c } | |
| $a_9 = { 558b8f8c78684057e953280adbfb5206 } | |
| condition: | |
| 7 of them | |
| } | |
| rule BackdoorWin32Sogu_7b0f3360f5d62e74bd38699c5254d61abb144b5792097a3760d3163123a86ec9 { | |
| strings: | |
| $a_2 = { 558bec83ec148d4df8e822ebfeff68c8 } | |
| $a_3 = { 558bec83ec08833d2415051000753b68 } | |
| $a_4 = { 558bec83ec08833d2c83061000753b68 } | |
| $a_5 = { 558bec83ec0cc645fb43c745fc000000 } | |
| $a_6 = { 558bec83ec1c894de4a1cca6031083e0 } | |
| $a_7 = { 558bec83ec08833da0a6031000753b68 } | |
| $a_8 = { 558bec83ec08833d2440081000753b68 } | |
| $a_9 = { 558bec83ec10894df08b45f083785000 } | |
| $a_10 = { 558bec83ec08833d7882061000753b68 } | |
| $a_11 = { 558bec83ec34c645eb8e68001000008d } | |
| $a_12 = { 558bec83ec08833d64a3071000753b68 } | |
| $a_13 = { 558bec8b450c508b4d08e831ffffff5d } | |
| $a_14 = { 558bec83ec08833dc86f041000753b68 } | |
| $a_15 = { 558bec83ec30894dd0b8690800006689 } | |
| $a_16 = { 558bec83ec1cc645fb47c745fc040000 } | |
| $a_17 = { 558bec83ec106a006a006a006a006a64 } | |
| $a_18 = { 558bec83ec0c894df4c645fbe4c745fc } | |
| $a_19 = { 558bec83ec44a1288102108945fcc745 } | |
| $a_20 = { 558bec51c645ffcac70540c808100100 } | |
| $a_21 = { 558bec51b86bc3ffff668945fc8be55d } | |
| $a_22 = { 558bec83ec08a1208102108945fcc745 } | |
| $a_23 = { 558bec83ec2cb8d098ffff668945dc8b } | |
| $a_24 = { 558bec83ec10894df0c645ff6a8b4508 } | |
| $a_25 = { 558bec83ec08833d1c83061000753b68 } | |
| $a_26 = { 558bec83ec08833da41e041000753b68 } | |
| $a_27 = { 558bec83ec08833d98c4041000753b68 } | |
| $a_28 = { 558bec83ec60a1688206108945f88b0d } | |
| $a_29 = { 558bec83ec08833d281d091000753b68 } | |
| $a_30 = { 558bec83ec08894df8b8917800006689 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Spamchn_4b80632df8b5ea9b6614ad4a2d5276cc532c964ceaaadef17a2ea8f36f532855 { | |
| strings: | |
| $a_2 = { 558ba15c85f7b0c6fb240b6405913cb6 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Spindest_b7ecbea66d4c1111ab83611b6013048ae15ba9730281fc71e7a0c8904883a324 { | |
| strings: | |
| $a_2 = { 558bec6aff68df78410064a100000000 } | |
| $a_3 = { 558bec83ec08894df86a14ff15fc4943 } | |
| $a_4 = { 558bec68301b4000e8f745010083c404 } | |
| $a_5 = { 558bec8b450850ff15cc4643008b4d0c } | |
| $a_6 = { 558bec83ec24894ddc6824e341008b4d } | |
| $a_7 = { 558bec33c05dc3558bec81ec88050000 } | |
| $a_8 = { 558bec83ec08894df88b45f8c7402444 } | |
| $a_9 = { 558bec51894dfc8b45fc8a8004170000 } | |
| $a_10 = { 558becb80c280000e860380000898df4 } | |
| $a_11 = { 558bec51894dfc8b4dfce86f0001008b } | |
| $a_12 = { 558bec51894dfc8b4dfc81c1f0050000 } | |
| $a_13 = { 558bec5dc3558bec8b450850e886bcff } | |
| $a_14 = { 558bec518b4510508b4d0c51e824f6ff } | |
| $a_15 = { 558bec83ec18894de88b450cc7000000 } | |
| $a_16 = { 558bec51894dfc837d08007502eb4c8b } | |
| $a_17 = { 558bec8b4d08e85ebcffff5dc3558bec } | |
| $a_18 = { 558bec83ec0c894df48b450805a00000 } | |
| $a_19 = { 558bec83ec485657b910000000be18da } | |
| $a_20 = { 558bec51894dfc8b45fc83b8f8160000 } | |
| $a_21 = { 558bec81ec18040000898de8fbffff68 } | |
| $a_22 = { 558bec51894dfc8b4dfce882b4ffff33 } | |
| $a_23 = { 558bec6aff681876410064a100000000 } | |
| $a_24 = { 558bec83ec0c8b450c0fbe0883f92074 } | |
| $a_25 = { 558bec6aff68b175410064a100000000 } | |
| $a_26 = { 558bec51894dfc8b450883780c007410 } | |
| $a_27 = { 558bec51894dfc6a216a008b45fc50e8 } | |
| $a_28 = { 558bec83ec18894de88b45e883781400 } | |
| $a_29 = { 558bec81ec500a00005657898db0f5ff } | |
| $a_30 = { 558becff15804b43006828004200ff15 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32SpyAgent_d031a0c13774cdf4db243e37fd2c7638cb478f5adf523abccdb6aea732be039c { | |
| strings: | |
| $a_2 = { 558bec81ec000100008d8500ffffff56 } | |
| $a_3 = { 558bec535657837d10008b4508765a0f } | |
| $a_4 = { 558bec51538b4508648b1d2c0000008b } | |
| $a_5 = { 558bec8b450853568b5d18578b7d10a3 } | |
| $a_6 = { 558bec837d0c0053565774558b55088b } | |
| $a_7 = { 558bec81ec000200008d8500feffff50 } | |
| $a_8 = { 558bec81ec1003000053568d8584fdff } | |
| $a_9 = { 558bec81ec1c02000053568d85e4fdff } | |
| $a_10 = { 558b6320a64f2f884123ecb71dbb6ee7 } | |
| $a_11 = { 558bec81ec0002000053568d8500feff } | |
| condition: | |
| 9 of them | |
| } | |
| rule BackdoorWin32Spybot_f2e8eebd7a86069a3331fff2e6d51a859f31d2e23af69dcb89fd7065e62f054e { | |
| strings: | |
| $a_2 = { 5589e583ec10ff750cff7508e890ffff } | |
| $a_3 = { 5589e5515356578b5d0831f68b450c8b } | |
| $a_4 = { 5589e5b828160000e895ceffff56578b } | |
| $a_5 = { 5589e583ec30db6d08db2d3c294200de } | |
| $a_6 = { 5589e5b8000000005dc3000000d9ecdb } | |
| $a_7 = { 5589e581ec1005000056578b7d08c785 } | |
| $a_8 = { 5589e551f64510100f84b50000008b45 } | |
| $a_9 = { 5589e583ec0c5356578b75088b5d188b } | |
| $a_10 = { 5589e5b850230000e86d930000535657 } | |
| $a_11 = { 5589e5b8a49d0000e837e60000535657 } | |
| $a_12 = { 5589e583ec5c5756538d7dc4b90e0000 } | |
| $a_13 = { 5589e581ec10010000578dbdf7feffff } | |
| $a_14 = { 5589e581ec000800005356578b5d088b } | |
| $a_15 = { 5589e551535657837d1800753cdb6d08 } | |
| $a_16 = { 5589e581ec1402000083a5f0fdffff00 } | |
| $a_17 = { 5589e583ec185356578d0d4c26420083 } | |
| $a_18 = { 5589e556578b75088b7d0c89f84850ff } | |
| $a_19 = { 5589e551578b7d088b470c8945fceb0d } | |
| $a_20 = { 5589e583ec14578b45088945fc837d0c } | |
| $a_21 = { 5589e583ec185356578b75088b5d1083 } | |
| $a_22 = { 5589e556578d7d0c6a0057ff7508684e } | |
| $a_23 = { 5589e55356578b7d08833d14e5410000 } | |
| $a_24 = { 5589e583ec0c535657c745fc00000000 } | |
| $a_25 = { 5589e581ecfc0f000056578b7d0c6803 } | |
| $a_26 = { 5589e581ec00020000578b7d10681a13 } | |
| $a_27 = { 5589e55731ff69c718030000833c0598 } | |
| $a_28 = { 5589e581ec20050000578b7d0889bde8 } | |
| $a_29 = { 5589e581ecf8010000535657834dd4ff } | |
| $a_30 = { 5589e56a00ff750cff750868cb2a4100 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Stradatu_e749c814db32bc589bbf6dc0592a1b1b04db6f0f2a18c8cdd0b3d2a852be565a { | |
| strings: | |
| $a_2 = { 558b7104bd70d1410085f674038d2c3e } | |
| $a_3 = { 558b6c2418568b47088b3564d141008b } | |
| $a_4 = { 558bac24c0000000578bbc24bc000000 } | |
| $a_5 = { 558bcee8488effff84c074228b430485 } | |
| $a_6 = { 558b6f048b47083be8895c24300f836b } | |
| $a_7 = { 558bec83ec18dd0530d34100dd5df8dd } | |
| $a_8 = { 558bec51833d8835420000535657751d } | |
| $a_9 = { 558becb82c120000e888b7ffff8d8568 } | |
| $a_10 = { 558bec833d3c39420000750fff750cff } | |
| $a_11 = { 558bec83ec0c53568b7508573b352039 } | |
| $a_12 = { 558bec83ec14a10c3842008b15103842 } | |
| $a_13 = { 558b4524890d0c3042006bc03c034528 } | |
| $a_14 = { 558bec6aff6818d74100687860410064 } | |
| $a_15 = { 558bec6aff68e0d24100687860410064 } | |
| $a_16 = { 558bec6aff6830b7410064a100000000 } | |
| $a_17 = { 558b6c24105657742aa1a83542008b5c } | |
| $a_18 = { 558bec6aff6870d74100687860410064 } | |
| $a_19 = { 558b46643bc7764e899c244801000089 } | |
| $a_20 = { 558bec6aff68d0d24100687860410064 } | |
| $a_21 = { 558bec51568b750885f6745aa11c3842 } | |
| $a_22 = { 558bec5151833d743542000056577421 } | |
| $a_23 = { 558bcfe88ac7ffff83ec108d5424338b } | |
| $a_24 = { 558bec6aff68f0d24100687860410064 } | |
| $a_25 = { 558bcee8afa0ffff5f5e5d5b8b4c2404 } | |
| $a_26 = { 558bec83ec0c53bb2032420033c983eb } | |
| $a_27 = { 558bec8b450885c075025dc3833d8835 } | |
| $a_28 = { 558bec515153568b3594374200578b7d } | |
| $a_29 = { 558bcbe83a95ffff84c074278b76043b } | |
| $a_30 = { 558b6c24305633db57535353536aff55 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Subot_dfa1ac63e9ef8672eb01f4cf75855c00ca3dcd67fdee58ca2acccc6bce8cec87 { | |
| strings: | |
| $a_2 = { 558bec83e4f86aff68000123db64a100 } | |
| $a_3 = { 558b9ab08e3742dcce57cf3f6d5b3460 } | |
| $a_4 = { 558b6c24108bd955361c5d084eb87a89 } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorWin32SuperMM_8ef7855ead4f6f3fc312f9fc553a0d0b68768f1ea4e6b2713f682aea43e6747e { | |
| strings: | |
| $a_2 = { 558bec81eccc0000008d45f050ff15a8 } | |
| $a_3 = { 558bec5151568bf1578b3d8cb903108b } | |
| $a_4 = { 558bec535657556a006a0068f0300010 } | |
| $a_5 = { 558bec6aff6810f9021068c48f001064 } | |
| $a_6 = { 558bec51518365fc005356578b3d905a } | |
| $a_7 = { 558b2decbd031056578b7c24148bf157 } | |
| $a_8 = { 558bec6aff68b000031068c48f001064 } | |
| $a_9 = { 558bec6aff68d0f3021068c48f001064 } | |
| $a_10 = { 558bec83ec6053568bf1578975f8e8a7 } | |
| $a_11 = { 558bec83ec2c5356578bf1e876e5ffff } | |
| $a_12 = { 558bec83ec34e81edd00008945fc8b40 } | |
| $a_13 = { 558bec5657ff750cff7508ff15acbe03 } | |
| $a_14 = { 558bec515153568b7508578bcee8804c } | |
| $a_15 = { 558bec51833de495031000535657751d } | |
| $a_16 = { 558bec51518d45fe568bf150e88bfefd } | |
| $a_17 = { 558bec5133c057390570ac03108945fc } | |
| $a_18 = { 558bec518d45fc689825031050c745fc } | |
| $a_19 = { 558bec6aff6828f9021068c48f001064 } | |
| $a_20 = { 558bec5151568bf1578b3d74b903108b } | |
| $a_21 = { 558bec518365fc008d45fc5068f80003 } | |
| $a_22 = { 558bec5151568bf1578b3d9cb903108b } | |
| $a_23 = { 558b2d98bb03105657689ce202108bf1 } | |
| $a_24 = { 558bec515356578bf9e868fb00008bf0 } | |
| $a_25 = { 558bf0e8d61a000068e49603106a1057 } | |
| $a_26 = { 558bec81ec0001000056ff750cff1554 } | |
| $a_27 = { 558bec83ec1053568b35905a03105733 } | |
| $a_28 = { 558bec6aff68e8f5021068c48f001064 } | |
| $a_29 = { 558bec5633f63935fcac0310750fff75 } | |
| $a_30 = { 558bec51515333db391d2caf03105657 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Suslix_f29a3bb47e720b17287943018e4dcf18fa66d0464b877b0d7fc43d3324d4ac1e { | |
| strings: | |
| $a_2 = { 558bec33c055689546400064ff306489 } | |
| $a_3 = { 558bec83c4f85356578945fca1246040 } | |
| $a_4 = { 558bec33d25568a218400064ff326489 } | |
| $a_5 = { 558bec83c4b85333c08945b88945c089 } | |
| $a_6 = { 558bec535657a12876400085c0744b8b } | |
| $a_7 = { 558bec83c4f05333d28955f48955f089 } | |
| $a_8 = { 558bec518945fc33d25568e83a400064 } | |
| $a_9 = { 558bec33c055681946400064ff306489 } | |
| $a_10 = { 558b44241450e83af1ffff833e007617 } | |
| $a_11 = { 558bece814f6ffff5531c9683c2f4000 } | |
| $a_12 = { 558bec33c05568613e400064ff306489 } | |
| $a_13 = { 558bec51538bda8945fc8b45fce8aeeb } | |
| $a_14 = { 558bec53565784d2740883c4f0e8e6e5 } | |
| $a_15 = { 558bec535657bf207640008b470885c0 } | |
| $a_16 = { 558bec83c4f8538945fc8b45fcc64010 } | |
| $a_17 = { 558bec33c05568ca3b400064ff306489 } | |
| $a_18 = { 558bec33c05568d13f400064ff306489 } | |
| $a_19 = { 558bec53803dac754000000f84cc0000 } | |
| $a_20 = { 558bec81c454ffffff535657c78554ff } | |
| $a_21 = { 558bec83c4f88945fc8b45fce87becff } | |
| $a_22 = { 558bec33c05568993e400064ff306489 } | |
| $a_23 = { 558bf28bd8eb0853e87ceaffff8bd88a } | |
| $a_24 = { 558bec83c4f40fb705106040008945f8 } | |
| $a_25 = { 558bec33c055685d46400064ff306489 } | |
| $a_26 = { 558bec83c4f85356578bd8803dac7540 } | |
| $a_27 = { 558bec33c055685444400064ff306489 } | |
| $a_28 = { 558b44241850e812f1ffff807b10000f } | |
| $a_29 = { 558bec515356578bd833c0a3b0754000 } | |
| $a_30 = { 558bec33c05568e949400064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Swz_b4ef75a3590db52e5a4c5754552920327cd6cb9e36abd9a56ef7c84a79adbdae { | |
| strings: | |
| $a_2 = { 558becff7508e885fdffff5dc2040090 } | |
| $a_3 = { 558bec51535657894dfc8bfa8bf0e8e9 } | |
| $a_4 = { 558bec83c4f05356578955f88945fc6a } | |
| $a_5 = { 558bec53565733c05568be78410064ff } | |
| $a_6 = { 558bec83c4f85356578b450ce89f2bff } | |
| $a_7 = { 558bec81c4b0fdffff53565733d28995 } | |
| $a_8 = { 558bec51535657894dfc8bfa8bf0e891 } | |
| $a_9 = { 558bec5dc2080090558bec53565733c0 } | |
| $a_10 = { 558bec83c4f48955fc8945f88b45fce8 } | |
| $a_11 = { 558be833db6a006a006a006a00689c05 } | |
| $a_12 = { 558bec51535657894dfc8bfa8bd80fb6 } | |
| $a_13 = { 558bec83c4e8538955e88945ec8b45e8 } | |
| $a_14 = { 558bec81c498fdffff53565733c9898d } | |
| $a_15 = { 558bec33c055682f3b400064ff306489 } | |
| $a_16 = { 558bec83c4e85356e8ffe4ffff50e859 } | |
| $a_17 = { 558bec33c05568457f410064ff306489 } | |
| $a_18 = { 558bec6a0053565733c055682f294100 } | |
| $a_19 = { 558bec83c4c4b8a4364000e8f0ecffff } | |
| $a_20 = { 558bec33c055683f22400064ff306489 } | |
| $a_21 = { 558bec53565733c05568c134400064ff } | |
| $a_22 = { 558be833db6a006a006a006a00685006 } | |
| $a_23 = { 558bec33c05568d4ad400064ff306489 } | |
| $a_24 = { 558becb9a80000006a006a004975f953 } | |
| $a_25 = { 558bec33c05568b525400064ff306489 } | |
| $a_26 = { 558bec33c055687887400064ff306489 } | |
| $a_27 = { 558bec53565733c05568a373410064ff } | |
| $a_28 = { 558bec515356578b75108b5d088bc685 } | |
| $a_29 = { 558bec51535657c645ff006a0a8b4508 } | |
| $a_30 = { 558bec6a005356578bf833c055686bb6 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Syrutrk_3d491a09794d1877f3abd1635c0eb017f4defde676579d1d0de51170d365456e { | |
| strings: | |
| $a_2 = { 558bec5733c08b4d0c8b7d08fcf3aa5f } | |
| $a_3 = { 558bec81ec3c0200005356be01010000 } | |
| $a_4 = { 558bec81ec40070000538b1d88104000 } | |
| $a_5 = { 558bece807000000e8120000005dc355 } | |
| $a_6 = { 558bec81ec8c0a0000535657ff155c10 } | |
| $a_7 = { 558becb9400a4100ff15541040005dc3 } | |
| $a_8 = { 558bec83ec5456e882feffffe81ffeff } | |
| $a_9 = { 558bec81ec24070000538b1d88104000 } | |
| $a_10 = { 558bec81ec8001000056578d8580feff } | |
| $a_11 = { 558bec8d45085033c05050ff75085050 } | |
| $a_12 = { 558bec81ec0001000056578d8500ffff } | |
| $a_13 = { 558becb9410a4100ff154c1040005dc3 } | |
| $a_14 = { 558bec81ec9c00000056578b35681040 } | |
| $a_15 = { 558bec6861054100e8ca04000083c404 } | |
| $a_16 = { 558bec83ec60566a0633f66a016a0289 } | |
| $a_17 = { 558bec68a2054100e88904000083c404 } | |
| $a_18 = { 558bec516a008d45ff6a0150ff7508ff } | |
| $a_19 = { 558bec81ec840300005657bf00010000 } | |
| $a_20 = { 558bec81ec080200005356be04010000 } | |
| $a_21 = { 558becb884010100e8c50c000053568b } | |
| $a_22 = { 558bec81ec50080000535657e8dbfeff } | |
| condition: | |
| 18 of them | |
| } | |
| rule BackdoorWin32Takit_aefa24a4eede7bdeabb881530f04705df4d0aa2df8dbcb0a572b0a833e2eff55 { | |
| strings: | |
| $a_2 = { 558bec81ecd00000000fb74d0c535657 } | |
| $a_3 = { 558becb8ec140000e8ba1e0000a17089 } | |
| $a_4 = { 558bec81ec44020000535657ff156c70 } | |
| $a_5 = { 558bec83ec148d45ec6a1250ff35e0af } | |
| $a_6 = { 558b4d0068e8030000894c2424c74424 } | |
| $a_7 = { 558bec6aff68f0e11403681cab140364 } | |
| $a_8 = { 558bec83ec0c53bb9008150333c983eb } | |
| $a_9 = { 558bec81ecf40100006850ad4000e884 } | |
| $a_10 = { 558bec51a108b64000830da0b44000ff } | |
| $a_11 = { 558b6c24105657742aa1681e25038b5c } | |
| $a_12 = { 558bac24b8000000568bc5579983e207 } | |
| $a_13 = { 558b0d180015030fb6c3f64441018074 } | |
| $a_14 = { 558bec81ec100100008b450c5683e830 } | |
| $a_15 = { 558bec83ec0c5657ff35ecaf4000e861 } | |
| $a_16 = { 558bec83ec18dd0580e21403dd5df8dd } | |
| $a_17 = { 558bec83ec0c66a188b04000538b1d84 } | |
| $a_18 = { 558bec81ec0c03000053565733db6a22 } | |
| $a_19 = { 558b2856578d70046a2c56e8052c0000 } | |
| $a_20 = { 558bec515166a188b04000538b1d84b0 } | |
| $a_21 = { 558bec803d641e250300535674278b5d } | |
| $a_22 = { 558b2dbce01403565733f6a04a1e2503 } | |
| $a_23 = { 558bec83ec20568b3594714000ff7508 } | |
| $a_24 = { 558bec81ec08020000803d60ae400000 } | |
| $a_25 = { 558b6c2410568b7424185733ff897c24 } | |
| $a_26 = { 558bec51515633f66689358cb0400066 } | |
| $a_27 = { 558bc18bf7bf281e2103c1e902f3a58b } | |
| $a_28 = { 558bec81ec400100005333db391d1c89 } | |
| $a_29 = { 558bec83ec0c53568b7508573b35c033 } | |
| $a_30 = { 558bec81ec240100008d85dcfeffff50 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Tapazom_8fd2ed6d308cad4c86085443720fca5ec785e7ba38a0567f82c647daba4237eb { | |
| strings: | |
| $a_2 = { 558bec81c4acfeffff53565733c9894d } | |
| $a_3 = { 558bec83c4ec538bd8803dbcd5400000 } | |
| $a_4 = { 558bec515356578bda8bc833c05568ce } | |
| $a_5 = { 558bec33c055685e51400064ff306489 } | |
| $a_6 = { 558bec538b5d085368b2d70000684c2f } | |
| $a_7 = { 558bec33c055688da1400064ff306489 } | |
| $a_8 = { 558bec33c055683156400064ff306489 } | |
| $a_9 = { 558bec83c4f8803dbcd54000000f84e8 } | |
| $a_10 = { 558bec5133d25568bc1a400064ff3264 } | |
| $a_11 = { 558bec33c05568a155400064ff306489 } | |
| $a_12 = { 558bec5153568b750c8b5d0885db750c } | |
| $a_13 = { 558bec83c4f40fb70514c040008945f8 } | |
| $a_14 = { 558bec83c4d45756538945fca08fd640 } | |
| $a_15 = { 558bec33c0556887ae400064ff306489 } | |
| $a_16 = { 558bec83c4f85356578d7dfc8b45088b } | |
| $a_17 = { 558bec33c055680492400064ff306489 } | |
| $a_18 = { 558bec33c0556855a1400064ff306489 } | |
| $a_19 = { 558bec6a006a006a005333c0556838a9 } | |
| $a_20 = { 558bec83c4f853568bf28bd8803dbcd5 } | |
| $a_21 = { 558bec8bc88b018b510403450813550c } | |
| $a_22 = { 558bec33c055689191400064ff306489 } | |
| $a_23 = { 558bec6a005633c055682f78400064ff } | |
| $a_24 = { 558bec83c4f0538bd833c0a3c0d54000 } | |
| $a_25 = { 558bec81c4b4feffff5356578bd833c0 } | |
| $a_26 = { 558bec8bc88b018b51042b45081b550c } | |
| $a_27 = { 558bec33c055686955400064ff306489 } | |
| $a_28 = { 558bec33c05568115a400064ff306489 } | |
| $a_29 = { 558bec33c05568b953400064ff306489 } | |
| $a_30 = { 558bec83c4e0535657ba050000008b45 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Tarctox_a3f989f3a3cf4dbe86decbe0c36de261510eeca9ad62bea74fdb7eb26cbda1d3 { | |
| strings: | |
| $a_2 = { 558bec83c4fc8b450c2b4508c1e80289 } | |
| $a_3 = { 558beca1d0e4410083ec0c53568b3560 } | |
| $a_4 = { 558bec8b450833c93b04cdf0d3410074 } | |
| $a_5 = { 558bece817e3000033c05dc20400cccc } | |
| $a_6 = { 558bec8b4508a388e64100a38ce64100 } | |
| $a_7 = { 558bec568b750856e8af2b000050e845 } | |
| $a_8 = { 558bec83ec20a1f0dd410033c58945fc } | |
| $a_9 = { 558bec83ec10a1f0dd410033c58945fc } | |
| $a_10 = { 558bec81ec28030000a1f0dd410033c5 } | |
| $a_11 = { 558bec83ec10ff75088d4df0e8f498ff } | |
| $a_12 = { 558bec83ec14535657e819deffff8365 } | |
| $a_13 = { 558becff3578e04100e8461100005985 } | |
| $a_14 = { 558bec5356576a006a0068a35a410051 } | |
| $a_15 = { 558bec833df0eb410000741968f0eb41 } | |
| $a_16 = { 558bec83ec10ff75088d4df0e8f39aff } | |
| $a_17 = { 558bec81ec28030000a3e0e74100890d } | |
| $a_18 = { 558bec8b45085633f63bc6751de864e3 } | |
| $a_19 = { 558bec565733f6ff7508e8022e00008b } | |
| $a_20 = { 558bec81ec1c050000a1f0dd410033c5 } | |
| $a_21 = { 558bec51568b750c56e8a3beffff8945 } | |
| $a_22 = { 558b3383c304899de4fbffffe8a32f00 } | |
| $a_23 = { 558bec83ec14a1bcea41008b4d086bc0 } | |
| $a_24 = { 558bec6878114000ff153410400085c0 } | |
| $a_25 = { 558bec68d65a0000e8e3ffffff506860 } | |
| $a_26 = { 558bec83ec10ff750c8d4df0e84ac7ff } | |
| $a_27 = { 558bec56891d2fc641008bf2891d5bc7 } | |
| $a_28 = { 558bec833d68e04100017505e8f91900 } | |
| $a_29 = { 558bec6afe6830a8410068602e410064 } | |
| $a_30 = { 558bec81ec74040000a1f0dd410033c5 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Taroca_074c472406e38385fe769fbaaa72c7259247f42ef1b9140f31228afc66afbc67 { | |
| strings: | |
| $a_2 = { 558b482072283250ddc7a6cd023eb6ca } | |
| $a_3 = { 558b0043f5cfd1440f46ae0010eb21fd } | |
| $a_4 = { 5589e5f7ec1b751c3ffc593980b2808a } | |
| $a_5 = { 558b2af87053bcf61afa8de791d63181 } | |
| $a_6 = { 558b81f8c6ae476eedad536d674fcfa3 } | |
| $a_7 = { 558bb913f4829b7055ee26a244117963 } | |
| condition: | |
| 6 of them | |
| } | |
| rule BackdoorWin32Tartober_c1e28e070fb45531dd43cd6431698345041fd3daf64a6edb4aa67ce0dd2f8fa7 { | |
| strings: | |
| $a_2 = { 558b6c24148d4510508944240cff15bc } | |
| $a_3 = { 558b284c166efbedf8edb463dfcdec87 } | |
| $a_4 = { 558b6c2414560fbfdd660fb6740b088d } | |
| $a_5 = { 558bcee86ef8ffff8b4424104581e5ff } | |
| $a_6 = { 558b6c24105633f685ed0f8e81000000 } | |
| $a_7 = { 558bcee8c7f8ffff0fbfcd6683fd3b8d } | |
| $a_8 = { 558b6c24148b8388830000568b35bc40 } | |
| $a_9 = { 558b6c241055ff15bc4040008bd883c4 } | |
| $a_10 = { 558b717caf44334e247560f2f5ae2bab } | |
| $a_11 = { 558bec6aff682041400068003a400064 } | |
| condition: | |
| 9 of them | |
| } | |
| rule BackdoorWin32Teldoor_fcc4655af3312ade0fb2f84c82831b66bffdc6255b7387f95131b04f372f7771 { | |
| strings: | |
| $a_2 = { 558bec83ec48535657ff15bc28410089 } | |
| $a_3 = { 558beca1b87e450085c0740e6a00ff75 } | |
| $a_4 = { 558becff7508e8f7070000595dc3558b } | |
| $a_5 = { 558bec8b450883c02050ff1558214200 } | |
| $a_6 = { 558bec51a1607945008b4d08565783f8 } | |
| $a_7 = { 558b3e7cbb51b0474b4e9d0d823126b6 } | |
| $a_8 = { 558becb800120000e81fa300005356ff } | |
| $a_9 = { 558bec51535657ff355c3a4100e88661 } | |
| $a_10 = { 558beceb1fff7508e85e8500005985c0 } | |
| $a_11 = { 558bd9cb5e253ea94dab4bbf559980f7 } | |
| $a_12 = { 558becff7508b9a87e4500e899ffffff } | |
| $a_13 = { 558becb800100000e8f9ac000056be00 } | |
| $a_14 = { 558b6bec50446433b19e4d8c3b3cdfc2 } | |
| $a_15 = { 558bec807d0800752756be2882450083 } | |
| $a_16 = { 558b6d1ed31e484b3ea4da34e0022578 } | |
| $a_17 = { 558bec5156ff15242841008bf085f674 } | |
| $a_18 = { 558bec568bf1ff36e8773500008b5508 } | |
| $a_19 = { 558bec6a0068001000006a00ff153427 } | |
| $a_20 = { 558b7920701856c8dc6d227f87885451 } | |
| $a_21 = { 558bec81ec28030000a1a8b0420033c5 } | |
| $a_22 = { 558b479202b3dbec1e3265906cfc88db } | |
| $a_23 = { 558bec83ec10a0eb8e42008b550c8bca } | |
| $a_24 = { 558bec83ec28ff7508e8b7ffffff8b55 } | |
| $a_25 = { 558bec83ec10ff750c8d4df0e853b1ff } | |
| $a_26 = { 558becb810140000e8af01ffffa1a8b0 } | |
| $a_27 = { 558bec51a1503a41002b450c8945fc8b } | |
| $a_28 = { 558bec8b450c83ec205685c07516e8d9 } | |
| $a_29 = { 558becff7508e860faffff59a3b07e45 } | |
| $a_30 = { 558bec535657ff35043b4100e8e74900 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Temratanam_2a82ba4b0e1c8c4dffc24b969075458f430b0245069dfb10621402be772d977c { | |
| strings: | |
| $a_2 = { 558bdaf3ebaf8f9fc9ae9c919cf5a32a } | |
| $a_3 = { 558bec83ec10ff75088d4df0e85767ff } | |
| $a_4 = { 558becb800200000e80adf0000538bd9 } | |
| $a_5 = { 558becb800100000e860a8000056be00 } | |
| $a_6 = { 558bec685cc94200ff1580b0420085c0 } | |
| $a_7 = { 558bec83ec185356ff750c8d4de8e867 } | |
| $a_8 = { 558bfeff8b4df083c134e94a8bfeff8b } | |
| $a_9 = { 558becb800280000e8fbe200008b4508 } | |
| $a_10 = { 558bec515156e8f8b1ffff8bf085f60f } | |
| $a_11 = { 558ba07e64f26034437b7ed5f5ca0926 } | |
| $a_12 = { 558b54fd35a1d15dd48b5d5cd43bba8b } | |
| $a_13 = { 558bec8b4508ff34c528144300ff1510 } | |
| $a_14 = { 558bec83ec14535657e8da8dffff8365 } | |
| $a_15 = { 558bec53568b359cb14200578b7d0857 } | |
| $a_16 = { 558bec83ec2ca1a812430033c58945fc } | |
| $a_17 = { 558b2111bd54ca1469562e68602d60fc } | |
| $a_18 = { 558bec5333db56391da8994300750ab9 } | |
| $a_19 = { 558becb800200000e8c5180100538b5d } | |
| $a_20 = { 558bec5151a1a812430033c58945fca1 } | |
| $a_21 = { 558becb8d0b30000e8c8a70000535657 } | |
| $a_22 = { 558bec8b4508a36c0b45005dc38bff55 } | |
| $a_23 = { 558bec515356576840274300894dfce8 } | |
| $a_24 = { 558becb804100000e85d230100568b75 } | |
| $a_25 = { 558b2bcb7bd58b2456f6ab165a96d656 } | |
| $a_26 = { 558bec568b75085756e81cf9ffff5983 } | |
| $a_27 = { 558bec565733f6ff7508e82abcffff8b } | |
| $a_28 = { 558bec83ec1056ff750c8d4df0e8c9a4 } | |
| $a_29 = { 558bec81ec28030000a330114500890d } | |
| $a_30 = { 558b206341cfae243921097625cc9722 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Tenpeq_9ac0b1157679d5c0c58267c6c1207c861ddb7d2802fd20141a4f3ef206cd7a2d { | |
| strings: | |
| $a_2 = { 558bec81c468feffff535657c705f437 } | |
| $a_3 = { 558bec6a00538bd833c055686dcf4100 } | |
| $a_4 = { 558bec83c4f4535657a1e8394a00e8d1 } | |
| $a_5 = { 558bec53568bf28bd88b53708bc6e81d } | |
| $a_6 = { 558b4334e8d5bdffff50e88fd7fbff59 } | |
| $a_7 = { 558bec53565784d2740883c4f0e8fa35 } | |
| $a_8 = { 558bec33c055680631410064ff306489 } | |
| $a_9 = { 558bec33c055689859480064ff306489 } | |
| $a_10 = { 558bec83c4b8535633c9894db8894df8 } | |
| $a_11 = { 558bec6a0053568bf033c05568ec1b49 } | |
| $a_12 = { 558bec5356578bd885db740433c08903 } | |
| $a_13 = { 558bec538b4508668378320074528b45 } | |
| $a_14 = { 558bec33c055688143410064ff306489 } | |
| $a_15 = { 558bec51538945fcb2028b45fce8c2fc } | |
| $a_16 = { 558bec81c454faffff5356578bd833c0 } | |
| $a_17 = { 558bec33c05568f091400064ff306489 } | |
| $a_18 = { 558bec33c055688519420064ff306489 } | |
| $a_19 = { 558bec6a0053568bd833c05568e0d043 } | |
| $a_20 = { 558bec51535684d2740883c4f0e8aaa8 } | |
| $a_21 = { 558bec53568b75088b450ce86881faff } | |
| $a_22 = { 558bec6a00538bd833c0556823b54100 } | |
| $a_23 = { 558bec83c4e453568bf28bd8c745fc04 } | |
| $a_24 = { 558bec83c4f48955f88945fca1e8394a } | |
| $a_25 = { 558bec53565733d255686d1d480064ff } | |
| $a_26 = { 558bec8b45088b40f4e8b20d0000a114 } | |
| $a_27 = { 558bec51538bd86a208bcaa1f8524100 } | |
| $a_28 = { 558bec53565784d2740883c4f0e8b26f } | |
| $a_29 = { 558b490064ff306489206a008d952cea } | |
| $a_30 = { 558bec5356578bf28bd88b460883f815 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Tenrite_0be882daffb462c46dabe1a3fdd3030c37e5a04403a0d5835f2f80239bcea62f { | |
| strings: | |
| $a_2 = { 558bec81ec08090000535633f6573975 } | |
| $a_3 = { 558bec81ec900100008d8570feffff50 } | |
| $a_4 = { 558bec83ec0c5657bea84100108d7df4 } | |
| $a_5 = { 558bec81ec4c0a000080a5f4feffff00 } | |
| $a_6 = { 558bec81ec28010000566a006a02e863 } | |
| $a_7 = { 558bec81ec1005000053568b75085769 } | |
| $a_8 = { 558bec538b5d08568b357420001057bf } | |
| $a_9 = { 558bec81ec200a0000538d45f4575033 } | |
| $a_10 = { 558bec81ec08020000568b3534200010 } | |
| $a_11 = { 558bec81ecf803000057e8b7ffffffe8 } | |
| $a_12 = { 558bec81ec0801000080a5f8feffff00 } | |
| condition: | |
| 10 of them | |
| } | |
| rule BackdoorWin32Tetris_456e18d3171333611c839e2ae7537717c33e2e496d8a464758a0748f6ee53cc9 { | |
| strings: | |
| $a_2 = { 558bec33c05568447a440064ff306489 } | |
| $a_3 = { 558bec53568bf28bd88b53708bc6e8d1 } | |
| $a_4 = { 558bec33c05568feb6400064ff306489 } | |
| $a_5 = { 558bec8b450883c00450e871c0ffff5d } | |
| $a_6 = { 558bec33c055683810450064ff306489 } | |
| $a_7 = { 558b45f88b40048bd6e84ad1feffe8c5 } | |
| $a_8 = { 558bec33c05568bded420064ff306489 } | |
| $a_9 = { 558bec83c49c5356578bd86a0ee8bed6 } | |
| $a_10 = { 558bec51535684d2740883c4f0e822c9 } | |
| $a_11 = { 558bec6a006a0033c05568a595400064 } | |
| $a_12 = { 558bec83c4f453568955fc8bf08a4610 } | |
| $a_13 = { 558bec53565733c05568ca0a410064ff } | |
| $a_14 = { 558bec6a00538bd833c05568ec1e4100 } | |
| $a_15 = { 558bec83c4f853568855ff8bf08bc666 } | |
| $a_16 = { 558bec83c4f8e8bd57ffff8855fb8945 } | |
| $a_17 = { 558bec51535684d2740883c4f0e8be3b } | |
| $a_18 = { 558bec33c05568511a450064ff306489 } | |
| $a_19 = { 558bec6a005356578bd833c0556893f4 } | |
| $a_20 = { 558bec33c055684c0e450064ff306489 } | |
| $a_21 = { 558b342485f6742f8bc666bbdbffe87c } | |
| $a_22 = { 558bec33c05568e50d450064ff306489 } | |
| $a_23 = { 558bec518945fc33d25568cc51400064 } | |
| $a_24 = { 558bec33c05568916a400064ff306489 } | |
| $a_25 = { 558bec535684d2740883c4f0e80732ff } | |
| $a_26 = { 558bec51535684d2740883c4f0e82e7e } | |
| $a_27 = { 558bec8b45088b40f4e8320d0000a144 } | |
| $a_28 = { 558bec6a005356578bf833c0556813d9 } | |
| $a_29 = { 558bec83c4ec538945ec8b45ece8fef3 } | |
| $a_30 = { 558bec538b5d08803dd8664500007520 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Thoper_15db5d3f627f50d7e86adc14403444e20e20fda2aaaace043f51f52617a9373e { | |
| strings: | |
| $a_2 = { 558bec51c645ffc80fbe45ff83e80e88 } | |
| $a_3 = { 558bec83ec08833de078091000753b68 } | |
| $a_4 = { 558bec0fbe051d80041035be000000a2 } | |
| $a_5 = { 558bec83ec08b871c6ffff668945f88b } | |
| $a_6 = { 558bec83ec08833d4ce0041000753b68 } | |
| $a_7 = { 558bec51894dfc8b4dfce831a5ffff8b } | |
| $a_8 = { 558bec83ec286810f00000e8a04ffdff } | |
| $a_9 = { 558bec81ec80000000b8a28dffff6689 } | |
| $a_10 = { 558bec83ec40c745f000000000a15481 } | |
| $a_11 = { 558bec83ec08833d705c051000753b68 } | |
| $a_12 = { 558bec83ec08833d601d071000753b68 } | |
| $a_13 = { 558bec83ec08833dd478091000753b68 } | |
| $a_14 = { 558bec83ec0cc745f8d79e5d428b45f8 } | |
| $a_15 = { 558bec83ec08833d28e0041000753b68 } | |
| $a_16 = { 558bec83ec08a1cc8104102d4fe61c51 } | |
| $a_17 = { 558bec51c745fcd8fbc84d8b45fc0de9 } | |
| $a_18 = { 558bec83ec08c645ffc38b45088945f8 } | |
| $a_19 = { 558bec83ec08833d88260a1000753b68 } | |
| $a_20 = { 558bec83ec0c894df4c645fba7c745fc } | |
| $a_21 = { 558bec51c645ff590fb645ff83e00988 } | |
| $a_22 = { 558bec83ec10894df0c745f8100cd5bf } | |
| $a_23 = { 558bec81ec94000000c745ac00000000 } | |
| $a_24 = { 558bec83ec18c745fc62631d298b450c } | |
| $a_25 = { 558bec83ec08894df8c645ffc58b45f8 } | |
| $a_26 = { 558bec83ec08833db8aa0b1000753b68 } | |
| $a_27 = { 558bec83ec64c645f7a80fb645f72597 } | |
| $a_28 = { 558bec83ec088b45088945fc8b0d9c81 } | |
| $a_29 = { 558bec83ec10c745fceb2a49c9837d0c } | |
| $a_30 = { 558bec51c745fc1940ea318b45fcc1e0 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Thunk_a8e977a3c023d630710dd82852f74e17555c38ee9b571e275532e3e81a0c631c { | |
| strings: | |
| $a_2 = { 5589e55153568b75088b450c6689450c } | |
| $a_3 = { 5589e55156578b7d08ff750c681f2240 } | |
| $a_4 = { 5589e551505356578b750c8365f80031 } | |
| $a_5 = { 5589e55356578b5d0831f6eb25e80e06 } | |
| $a_6 = { 5589e5535657556a006a006892100010 } | |
| $a_7 = { 5589e551578365fc008d45fc50683f00 } | |
| $a_8 = { 5589e583ec1c57683a5100106a006801 } | |
| $a_9 = { 5589e5b8a00d0100e851110000535657 } | |
| $a_10 = { 5589e55150578365fc008d45f8508d45 } | |
| $a_11 = { 5589e5b848d00700e8ab120000535657 } | |
| $a_12 = { 5589e583ec0c578365fc008d45f8508d } | |
| $a_13 = { 5589e583ec1c578b4508a32c30001068 } | |
| $a_14 = { 5589e5b800000100e833140000535657 } | |
| $a_15 = { 5589e55156578b7d08ff750c68b35200 } | |
| $a_16 = { 5589e583ec288d050b5200108945fca1 } | |
| $a_17 = { 5589e581ec14020000535657ff7508e8 } | |
| $a_18 = { 5589e551505356578b7d148365fc008d } | |
| $a_19 = { 5589e583ec0c57689651001068155200 } | |
| $a_20 = { 5589e583ec6c56578b450c83f810746b } | |
| $a_21 = { 5589e583ec0c576a006af6e8441b0000 } | |
| $a_22 = { 5589e5ff3548350010e8b8feffffff35 } | |
| $a_23 = { 5589e5b804110000e83a020000535657 } | |
| $a_24 = { 5589e56aff681c204000689a10400050 } | |
| $a_25 = { 5589e581ec24020000535657ff7508e8 } | |
| $a_26 = { 5589e551505356578b750c8365f80083 } | |
| $a_27 = { 5589e5535657837d0c017505e8230000 } | |
| $a_28 = { 5589e581ec94010000e88c080000a3d4 } | |
| $a_29 = { 5589e5b8bc190000e8b60e0000535657 } | |
| $a_30 = { 5589e581ec10010000578b7d108365fc } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Tiny_5db31a002a2b2208ce5601755ff81c44ac204dabaf229a66c28e27a42c475983 { | |
| strings: | |
| $a_2 = { 558bec83c4ecc745f40c000000c745f8 } | |
| $a_3 = { 558bec83c4f0c745f40c000000c745f8 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Tofsee_e662e70e27915adc0109e0411d3e9eab2d191fd3f871785e3cfdc98485ebf051 { | |
| strings: | |
| $a_2 = { 558bf33939dcc94e449c5cdb6113336b } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Tofsee_f186efa205444eaa56fbe93ff53784972328703fd71b6d681b294b677d006a4e { | |
| strings: | |
| $a_2 = { 558b83bf3fc44250568f0d1039c0cc5e } | |
| $a_3 = { 558baa87d40651b56b7ac0772aeff90e } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Tompai_831f9232a9278a758adbbf4dc3ceb000f90c5611686af5afd36d89aa5529f3cb { | |
| strings: | |
| $a_2 = { 558bec81ec900100005657e808f9ffff } | |
| $a_3 = { 558bec81ec88010000837d0c00535657 } | |
| $a_4 = { 558bec53ff750ae8727800008b4d208b } | |
| $a_5 = { 558bec81ec80000000535733ff33db39 } | |
| $a_6 = { 558bec83ec0c53568b750c8bd985f67d } | |
| $a_7 = { 558bec538b1da8101722568b7510ff75 } | |
| $a_8 = { 558b6c240c568bf1578bfd8d5e048bcb } | |
| $a_9 = { 558bec5153568bf1578b7d088b46303b } | |
| $a_10 = { 558bec515153568b750c33db57538b06 } | |
| $a_11 = { 558bec8b450856578b484885c9752c83 } | |
| $a_12 = { 558bec8b450c2d100100007420487517 } | |
| $a_13 = { 558b6c240c568b74240c578bd18b063d } | |
| $a_14 = { 558bec83ec18535657ff7508ff15c012 } | |
| $a_15 = { 558bec83ec20535657be6c6917228d7d } | |
| $a_16 = { 558bec8b450c2d130100000f84784600 } | |
| $a_17 = { 558b860801000085c0755aff35302018 } | |
| $a_18 = { 558bec518365fc008d45fc5083c104ff } | |
| $a_19 = { 558bec83ec1c5356576a648b75085b6a } | |
| $a_20 = { 558bec83ec145733c08d7decc745fc10 } | |
| $a_21 = { 558bec81ec1804000053565768182018 } | |
| $a_22 = { 558bec83ec1056578bf1e82b0a000033 } | |
| $a_23 = { 558bec81ecd00000008365fc0056578b } | |
| $a_24 = { 558bec83ec28578b7d088bcfe8cee8ff } | |
| $a_25 = { 558bec515156576a3f8bf1ff7508e837 } | |
| $a_26 = { 558bec568b750866813e0c4075038b76 } | |
| $a_27 = { 558bec83ec10568b7514578b7d08ffb7 } | |
| $a_28 = { 558bec83ec28576a0a5933c08d7dd868 } | |
| $a_29 = { 558bd956576a3f8dab180600005933c0 } | |
| $a_30 = { 558becff751483493001ff7510ff7518 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Tomyjery_45677e827ed6836744e58884a353a8a5399d23ba12539b05e964b77707913d42 { | |
| strings: | |
| $a_2 = { 5589e583ec688b45088b008945f48b45 } | |
| $a_3 = { 5589e5575381ec300500008d95f4fbff } | |
| $a_4 = { 5589e581ecb8000000c7442418000000 } | |
| $a_5 = { 5589e58b4508c74014000000008b4508 } | |
| $a_6 = { 5589e55383ec74c645e200c645e300c6 } | |
| $a_7 = { 5589e583ec10c745fc00000000eb6ac7 } | |
| $a_8 = { 5589e55383ec24c744240810000000c7 } | |
| $a_9 = { 5589e583ec088b45088845fc0fb645fc } | |
| $a_10 = { 5589e583ec28c645f7008b450c8d0c85 } | |
| $a_11 = { 5589e583ec488b4510890424e8956400 } | |
| $a_12 = { 5589e55383ec24c7042400000000e8f1 } | |
| $a_13 = { 5589e583ec788d45a0890424e8dcfdff } | |
| $a_14 = { 5589e557565383ec4cc70518c0d06201 } | |
| $a_15 = { 5589e583ec48c745f401000000c74424 } | |
| $a_16 = { 5589e581ec880300008b450889442404 } | |
| $a_17 = { 5589e55383ec088b45088845f80fb645 } | |
| $a_18 = { 5589e5575383ec50c745e300000000c7 } | |
| $a_19 = { 5589e55383ec34c745f400000000eb41 } | |
| $a_20 = { 5589e58b450c83f801740f83f801720d } | |
| $a_21 = { 5589e583ec20c745fc00000000eb41c7 } | |
| $a_22 = { 5589e583ec388b4508890424a124e3d0 } | |
| $a_23 = { 5589e55dc35589e5b8000000005dc355 } | |
| $a_24 = { 5589e583ec388b450c8945f08b55f08b } | |
| $a_25 = { 5589e55383ec20c745f800000000eb41 } | |
| $a_26 = { 5589e583ec10c745fc00000000c745f8 } | |
| $a_27 = { 5589e583ec38c745f000000000c745e8 } | |
| $a_28 = { 5589e58b45080fb650018b450c88108b } | |
| $a_29 = { 5589e583ec488b4510890424e8266d00 } | |
| $a_30 = { 5589e583ec28c745f4000000008b55f4 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Tosct_ab3ee0f2914deb0098a2cbf756cf0fa06db71427a8c9b18a72942ef41014543e { | |
| strings: | |
| $a_2 = { 558be98d7c240cc1e902f3a58bcd5d83 } | |
| $a_3 = { 558bec6aff688841400068e03c400064 } | |
| $a_4 = { 558bac241c0500005657c744240c0000 } | |
| $a_5 = { 558b6c24185633c033f64025ff000080 } | |
| condition: | |
| 4 of them | |
| } | |
| rule BackdoorWin32Touasper_fae496f90cb3c41dc314ff1802900740a9588e90d71d00db3c9dcd10b3069ab6 { | |
| strings: | |
| $a_2 = { 558b2d14c006108b0356575033f6ffd5 } | |
| $a_3 = { 558b5424246a015257e8a7df01008bd8 } | |
| $a_4 = { 558b085357528b165152e8a3f5ffff8b } | |
| $a_5 = { 558b6c2448565733dbb05c6803800000 } | |
| $a_6 = { 558bd8e8113bfeff8b57108944242052 } | |
| $a_7 = { 558bf0e876bc000083c410f6c701741d } | |
| $a_8 = { 558bec81eca8030000535657b9100000 } | |
| $a_9 = { 558bec83e4f8b8d0040000e800b6fcff } | |
| $a_10 = { 558b6c2418565755e8a820ffff83c404 } | |
| $a_11 = { 558b2d00c206108d94248400000066ab } | |
| $a_12 = { 558bac245401000055e8a8f2fcff55e8 } | |
| $a_13 = { 558bac24f00000005668a87f08105553 } | |
| $a_14 = { 558b6c240c568b450050e811f3fcff8b } | |
| $a_15 = { 558b2d14c006108b0356575033ffffd5 } | |
| $a_16 = { 558bd8ffd668644808105589442418ff } | |
| $a_17 = { 558bec6aff68b0b0061064a100000000 } | |
| $a_18 = { 558b6c24505755e8a67afcff55e8f07b } | |
| $a_19 = { 558bf8e88208feff558bf0e87a08feff } | |
| $a_20 = { 558b2da4c106108d4c24148d54242051 } | |
| $a_21 = { 558b6c2438578d7807896c2408c1ef03 } | |
| $a_22 = { 558bec6aff6880b1061064a100000000 } | |
| $a_23 = { 558b2d84c20610568b305750ffd556e8 } | |
| $a_24 = { 558b6c24105755e8f35600008bd883c4 } | |
| $a_25 = { 558b6c240c566a7d687c0d07108b7510 } | |
| $a_26 = { 558b34b85651e8c5db01008bd08b0b0f } | |
| $a_27 = { 558b28568b035785c00f84150200008b } | |
| $a_28 = { 558b065057e8b56bfdff83c40c85c075 } | |
| $a_29 = { 558bec6aff68e0c30610688ad0011064 } | |
| $a_30 = { 558b138b07565250e8e8b3ffff8b0f89 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Toyecma_962ef3e069a0340e45045db4e86c011341443cbd66c23ee063de799ecfbefebf { | |
| strings: | |
| $a_2 = { 558bec83ec48a13055410033c58945fc } | |
| $a_3 = { 558bec8b45086a0050ff15706441005d } | |
| $a_4 = { 558bec6afe68d83f4100681035400064 } | |
| $a_5 = { 558bec83ec7ca13055410033c58945fc } | |
| $a_6 = { 558bec83ec248b4d1453565768000002 } | |
| $a_7 = { 558bec8b450885c07515e8099affffc7 } | |
| $a_8 = { 558bec83ec1056ff750c8d4df0e8f5c7 } | |
| $a_9 = { 558bec56ff75088bf1e8e5410000c706 } | |
| $a_10 = { 558bec83ec10a1305541008365f80083 } | |
| $a_11 = { 558bec515356576a0068800000006a04 } | |
| $a_12 = { 558bec837d08007515e865a6ffffc700 } | |
| $a_13 = { 558bec51538b5d0c8d4b02b8abaaaaaa } | |
| $a_14 = { 558bec51833d38644100fe7505e87a1e } | |
| $a_15 = { 558bec8b450885c07515e8b5030000c7 } | |
| $a_16 = { 558bec83ec1056ff750c8d4df0e869c8 } | |
| $a_17 = { 558bec81ecac030000a13055410033c5 } | |
| $a_18 = { 558bec83ec20a13055410033c58945fc } | |
| $a_19 = { 558bec833dc437410000741968c43741 } | |
| $a_20 = { 558bec83ec10ff75088d4df0e8f3d6ff } | |
| $a_21 = { 558bec535657556a006a0068788d4000 } | |
| $a_22 = { 558bec56ff75088bf1e86e350000c706 } | |
| $a_23 = { 558bec83ec0c85ff750ae80d0f0000e8 } | |
| $a_24 = { 558becff35e0e44500ff15ec10410085 } | |
| $a_25 = { 558bec6afe68083b4100681035400064 } | |
| $a_26 = { 558bec81ec74030000a13055410033c5 } | |
| $a_27 = { 558bec6afe6890394100681035400064 } | |
| $a_28 = { 558bec8b4508568d34c5105b4100833e } | |
| $a_29 = { 558bec8b4508565785c078593b0574ee } | |
| $a_30 = { 558bec33c08b4d083b0cc50822410074 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Trenk_fe97e8625ab8c90419bfca784ab4aa6363702beeca46f9e51ec8e3e0eecae0a6 { | |
| strings: | |
| $a_2 = { 558bec83ec0c68e610400064a1000000 } | |
| $a_3 = { 558b130232cc4023201c0028b856e249 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Trochil_559a1810001e85a59e29f62a1c028459ebbd3d9862ef20a18acdeabb04634bf6 { | |
| strings: | |
| $a_2 = { 558bec51a1502c01108b0d582c01108b } | |
| $a_3 = { 558bec837d0800742d8b501483fa0872 } | |
| $a_4 = { 558bec837d10007515e87a0f0000c700 } | |
| $a_5 = { 558bec515356578bf98bd88d4802668b } | |
| $a_6 = { 558bece83cbdffff8b8098000000eb0a } | |
| $a_7 = { 558bec568bf1c70604f80010e8e875ff } | |
| $a_8 = { 558bec83ec10ff750c8d4df0e88bbdff } | |
| $a_9 = { 558bec51515356578b3d4c2c01106a04 } | |
| $a_10 = { 558bec576a00ff75146a036a00ff7510 } | |
| $a_11 = { 558bec83ec20a18010011033c58945fc } | |
| $a_12 = { 558bec51568b750c56e84ce9ffff8945 } | |
| $a_13 = { 558bec81ec1c050000a18010011033c5 } | |
| $a_14 = { 558becff35e0280110ff15c0d0001085 } | |
| $a_15 = { 558bec5356576a0052682693001051e8 } | |
| $a_16 = { 558bec83ec105333db538d4df0e84ccc } | |
| $a_17 = { 558becff750cff7508ff3514290110ff } | |
| $a_18 = { 558bec83ec10ff75088d4df0e81897ff } | |
| $a_19 = { 558bec6afe6858fd001068b04a001064 } | |
| $a_20 = { 558bec56e814bdffff8b75083bb09800 } | |
| $a_21 = { 558bec8b4508a3e02801105dc38bff55 } | |
| $a_22 = { 558bec568bf1c706f0d10010e8ad1400 } | |
| $a_23 = { 558bec833d7c1e01100074318b450848 } | |
| $a_24 = { 558bec8b450833c93b04cd8810011074 } | |
| $a_25 = { 558bec8b450c8d4802668b1083c00266 } | |
| $a_26 = { 558bec8b4508a3902b01105dc38bff55 } | |
| $a_27 = { 558bec83ec0c5356ff1544d100108bd8 } | |
| $a_28 = { 558becb8e41a0000e8201e0000a18010 } | |
| $a_29 = { 558bec83ec28a18010011033c58945fc } | |
| $a_30 = { 558becff05e42801106800100000e89a } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Trubsil_0915f2f9a3678dc4968052a5a7f2b6c86e4632432367ed4170990c6c5f70bd72 { | |
| strings: | |
| $a_2 = { 558bec568bf1e887010000f645080174 } | |
| $a_3 = { 558b21d14c08bd97483e9d20c7864a16 } | |
| $a_4 = { 558bec81ecfc010000a19004420033c5 } | |
| $a_5 = { 558bec83ec28a19004420033c58945fc } | |
| $a_6 = { 558bec51568b750c56e8b7baffff8945 } | |
| $a_7 = { 558bec83ec10ff75088d4df0e8b28bff } | |
| $a_8 = { 558bec8b4508a3c81c42005dc38bff55 } | |
| $a_9 = { 558bec83ec18a1900442008365e8008d } | |
| $a_10 = { 558bec6aff685091410064a100000000 } | |
| $a_11 = { 558bec5151535633f6578b3dc0134200 } | |
| $a_12 = { 558bec5151a19004420033c58945fc53 } | |
| $a_13 = { 558bec833de431420000568b35b81342 } | |
| $a_14 = { 558bec83ec2ca19004420033c58945fc } | |
| $a_15 = { 558bec56ff75088bf1e8d3010000c706 } | |
| $a_16 = { 558becb8e41a0000e8df320000a19004 } | |
| $a_17 = { 558bec5633f6397508751ae8a5f3ffff } | |
| $a_18 = { 558bec6aff684091410064a100000000 } | |
| $a_19 = { 558bec33c039054c2042007530394508 } | |
| $a_20 = { 558bec51833d300e4200fe7505e89e1d } | |
| $a_21 = { 558bec837d0800750bff750ce8d07dff } | |
| $a_22 = { 558bec83ec14565733ff6890a341008d } | |
| $a_23 = { 558becff35a0134200ff1598a1410085 } | |
| $a_24 = { 558bec81ece40d00008b55088b450853 } | |
| $a_25 = { 558bec83ec30a19004420033c58945fc } | |
| $a_26 = { 558bec8b4508b9100242003bc1721f3d } | |
| $a_27 = { 558bec535657e8fc78ffff83b80c0200 } | |
| $a_28 = { 558bec833d4c2042000075108b45088d } | |
| $a_29 = { 558bec6864a44100ff1578a1410085c0 } | |
| $a_30 = { 558bec568bf1c706b8c94100e8903fff } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Truebot_60706983b0fd6ae95f982c9b63c9fdbb5cb10e65b2ee654f10581e41dd032a58 { | |
| strings: | |
| $a_2 = { 558bec83ec108d4df056ff750ce89f64 } | |
| $a_3 = { 558bec565733f6ff750cff7508e8d26f } | |
| $a_4 = { 558becff7508ff15dce041005dc3558b } | |
| $a_5 = { 558bec8b4d0c5685c97516e86810ffff } | |
| $a_6 = { 558bec8b550ca1408542008b4d08234d } | |
| $a_7 = { 558bec8b4508a37cac42005dc3558bec } | |
| $a_8 = { 558bec83ec108d45f050c745f0204642 } | |
| $a_9 = { 558bec83ec448d45bc50ff15f8e04100 } | |
| $a_10 = { 558bec8b4d08565785c9750433f6eb0b } | |
| $a_11 = { 558bec6aff68c8ce410064a100000000 } | |
| $a_12 = { 558bec56e8f3fdffff8bf085f60f8445 } | |
| $a_13 = { 558bece8095e00008b809800000085c0 } | |
| $a_14 = { 558bec568b7508b9908f42003bf17222 } | |
| $a_15 = { 558bec6a006a00ff7508ff15d8a24200 } | |
| $a_16 = { 558becff7508ff15a4e041005dc3558b } | |
| $a_17 = { 558bec81ec34020000a13085420033c5 } | |
| $a_18 = { 558bec83ec14a1308542008365f40083 } | |
| $a_19 = { 558becb8f01a0000e8cb330000a13085 } | |
| $a_20 = { 558bec81ecec020000a13085420033c5 } | |
| $a_21 = { 558bec8b4d0c568b7508890ee87a5e00 } | |
| $a_22 = { 558bec56fc8b750c8b4e0833cee823e5 } | |
| $a_23 = { 558bec83ec10ff75088d4df0e876eaff } | |
| $a_24 = { 558bec83ec28a13085420033c58945fc } | |
| $a_25 = { 558bec833db8ae42000075758b550885 } | |
| $a_26 = { 558bec5157ff1544e141008bf833c085 } | |
| $a_27 = { 558bec56578b7d0857e83fd4ffff5983 } | |
| $a_28 = { 558bec83ec0c8b450853568bf1576a00 } | |
| $a_29 = { 558bec6aff68c1cf410064a100000000 } | |
| $a_30 = { 558bec8b4508b9908f42003bc1721f3d } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Truvasys_1aef507c385a234e8b10db12852ad1bd66a04730451547b2dcb26f7fae16e01f { | |
| strings: | |
| $a_2 = { 558bec6a005356578bf033c05568194b } | |
| $a_3 = { 558bec83c4ec5356578bd8e810c5feff } | |
| $a_4 = { 558bec33c055683964420064ff306489 } | |
| $a_5 = { 558b45f0508b45f88b4038058e4379a6 } | |
| $a_6 = { 558bec83c4f88955f88945fcb2018b45 } | |
| $a_7 = { 558bec53565784d2740883c4f0e83eca } | |
| $a_8 = { 558bea8bf08a86360500003c05741f3c } | |
| $a_9 = { 558bec518945fc8b45fc508b45fc8b40 } | |
| $a_10 = { 558bec6a0053565733c055688c0a4400 } | |
| $a_11 = { 558bec81c4fcfeffff5356898d08ffff } | |
| $a_12 = { 558bec33c05568a566400064ff306489 } | |
| $a_13 = { 558bec51535684d2740883c4f0e83e8e } | |
| $a_14 = { 558b45e8508b45f88b000578a46ad750 } | |
| $a_15 = { 558b45f0508b45f88b400c058530efd4 } | |
| $a_16 = { 558bec83c4f88955f88945fc8b45f850 } | |
| $a_17 = { 558becb9080000006a006a004975f933 } | |
| $a_18 = { 558b45f0508b45f88b401805134630a8 } | |
| $a_19 = { 558bec83c4f88945fc8b45fc8b403083 } | |
| $a_20 = { 558bec83c4f0e849dff8ff8855fb8945 } | |
| $a_21 = { 558b45ec508b45f88b0005fa27a1ea50 } | |
| $a_22 = { 558bec51538bda8945fc8b45fce822e8 } | |
| $a_23 = { 558bec5356578bf8a160784b00e84ad1 } | |
| $a_24 = { 558beca1547a4b00e8abffffff33c055 } | |
| $a_25 = { 558bec83c4bc53568b45088b501c8955 } | |
| $a_26 = { 558b45ec508b45f88b401005a9cfde4b } | |
| $a_27 = { 558bda8be88bc5e8d91f020084c0743a } | |
| $a_28 = { 558b45e8508b45f88b4020054f7ea86f } | |
| $a_29 = { 558bec33c05568f19c490064ff306489 } | |
| $a_30 = { 558bec51538bd8e8d8fcffff33c05568 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Tuopab_476fdf2f06f4567fa2a813d05e8b9383d65a84417e0d50290468be58319f49f7 { | |
| strings: | |
| $a_2 = { 558bec6aff687091400068608a400064 } | |
| $a_3 = { 558bec6aff68908c400064a100000000 } | |
| $a_4 = { 558bec6aff686091400068608a400064 } | |
| $a_5 = { 558bec6aff689891400068608a400064 } | |
| $a_6 = { 558bec6aff68108d400064a100000000 } | |
| $a_7 = { 558bec6aff68708c400064a100000000 } | |
| $a_8 = { 558bec6aff68608c400064a100000000 } | |
| $a_9 = { 558bec6aff68808c400064a100000000 } | |
| $a_10 = { 558b2d0c90400056578bf98d4424188d } | |
| $a_11 = { 558bac2438040000568bb42438040000 } | |
| $a_12 = { 558b350c90400068c8a140006868a040 } | |
| $a_13 = { 558b2d0c90400056576828a140008bf1 } | |
| $a_14 = { 558bec6aff68f08d400064a100000000 } | |
| $a_15 = { 558bf0e805fbffff83c40485c0750d55 } | |
| $a_16 = { 558b6c240c56578b3d8890400033db8b } | |
| $a_17 = { 558b2d0c9040003bc7743d8b460c85c0 } | |
| $a_18 = { 558b6c241c8a442f018a141e4732d06a } | |
| $a_19 = { 558bec6aff688091400068608a400064 } | |
| $a_20 = { 558be9b9400000008dbc242c01000068 } | |
| $a_21 = { 558b4e3c03ca8bd1c1e902f3a58bca83 } | |
| $a_22 = { 558bec6aff68508e400064a100000000 } | |
| $a_23 = { 558bec6aff68e08d400064a100000000 } | |
| $a_24 = { 558b2d109040005683c310eb048b7c24 } | |
| $a_25 = { 558b2d0c904000565768f0a340006868 } | |
| $a_26 = { 558b2d1090400056578db11403000068 } | |
| $a_27 = { 558b6c24145657681cab4000c7030000 } | |
| $a_28 = { 558b2d0c90400056576818a44000684c } | |
| $a_29 = { 558be956578d75548bcee84df3ffff8b } | |
| condition: | |
| 23 of them | |
| } | |
| rule BackdoorWin32Turkojan_54807d5bbec65c9e23aef0b8ce5a5ba633c304dbfa125b4e35cfd637e2bf8ee4 { | |
| strings: | |
| $a_2 = { 558bec83c4ac53565733d28955b48955 } | |
| $a_3 = { 558bec83c4f85356578945fca12c8040 } | |
| $a_4 = { 558bec6a005356578b5d108b750c33c0 } | |
| $a_5 = { 558bec83c4f85356578bd8803dac9540 } | |
| $a_6 = { 558bec535657bf209640008b470885c0 } | |
| $a_7 = { 558bce2bcb418bd38bc7e8a0e8ffff5d } | |
| $a_8 = { 558bec6a0053565733c05568804a4000 } | |
| $a_9 = { 558bec6a00538bda33d255685f554000 } | |
| $a_10 = { 558bec33c951515151515333c0556828 } | |
| $a_11 = { 558bf0bf00964000bd049640008b1df8 } | |
| $a_12 = { 558bec8b4510508b450c508b450850a1 } | |
| $a_13 = { 558bec33c055688e42400064ff306489 } | |
| $a_14 = { 558bec518945fc33d25568543f400064 } | |
| $a_15 = { 558bec33c05568f951400064ff306489 } | |
| $a_16 = { 558bec33c055684372400064ff306489 } | |
| $a_17 = { 558bec6a0053568b750c33c05568cd65 } | |
| $a_18 = { 558bec535657a12896400085c0744b8b } | |
| $a_19 = { 558bec515356578bf28bd8803dac9540 } | |
| $a_20 = { 558bec81c4fcfeffff5356578b5d108b } | |
| $a_21 = { 558bec83c4f45356578b7d0833c08945 } | |
| $a_22 = { 558bec83c4f08945fc8b45fce857dbff } | |
| $a_23 = { 558bec8b45088bd0668138ff2575058b } | |
| $a_24 = { 558bec53803dac954000000f84cc0000 } | |
| $a_25 = { 558bec33c055685d45400064ff306489 } | |
| $a_26 = { 558bec33c055682545400064ff306489 } | |
| $a_27 = { 558bec33c05568854d400064ff306489 } | |
| $a_28 = { 558bec83c4f40fb705188040008945f8 } | |
| $a_29 = { 558bec5356578b5d0c538b450850ff15 } | |
| $a_30 = { 558bec53568b5d088d8330010000506a } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Turla_39a8cf3f2916daea03f8b8600e202725101b338a67fc4a7d1b9c48ff5239293f { | |
| strings: | |
| $a_2 = { 558b2d541200105650578d8c24600200 } | |
| $a_3 = { 558bec83ec10ff75088d4df0e82e22ff } | |
| $a_4 = { 558bec8b4508a3285003105dc38bff55 } | |
| $a_5 = { 558bec83ec20a1f0f4021033c58945fc } | |
| $a_6 = { 558bec535657556a006a006810460210 } | |
| $a_7 = { 558b3383c304899de4fbffffe81dcbff } | |
| $a_8 = { 558bec83ec18a1f0f4021033c58945fc } | |
| $a_9 = { 558bec8b4508b900f002103bc1721f3d } | |
| $a_10 = { 558bec83ec10ff750c8d4df0e8efe8ff } | |
| $a_11 = { 558bec8b45085633f63bc6751de8a585 } | |
| $a_12 = { 558bec8b45088b0d2cfd021056395004 } | |
| $a_13 = { 558bec83ec10ff750c8d4df0e85f62ff } | |
| $a_14 = { 558bec51518b45245333db89188b451c } | |
| $a_15 = { 558bec83e4f86aff64a100000000680a } | |
| $a_16 = { 558bec5633f63935dc4a031075393975 } | |
| $a_17 = { 558becb8e41a0000e8cb0c0000a1f0f4 } | |
| $a_18 = { 558bece8e30900008b4d0889085dc38b } | |
| $a_19 = { 558bec5151535633f6578b3d74470310 } | |
| $a_20 = { 558bec81ec1808000068bcf04000ff15 } | |
| $a_21 = { 558bec833ddc4a03100075128b45088b } | |
| $a_22 = { 558bec83ec10ff75088d4df0e8a62cff } | |
| $a_23 = { 558bec56e86a8300008bf085f67413ff } | |
| $a_24 = { 558bec8b45085633f63bc6751de8bf8b } | |
| $a_25 = { 558bec81ec38010000a1f0f4021033c5 } | |
| $a_26 = { 558bec535657e84753ffff83b80c0200 } | |
| $a_27 = { 558bec83ec0c5333db5657391d0c6303 } | |
| $a_28 = { 558bec6860130010ff152811001085c0 } | |
| $a_29 = { 558bec83ec10ff75088d4df0e8df1dff } | |
| $a_30 = { 558bec6aff68c0a8021064a100000000 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Turla_dfba4970bff7d9032c4785c1e2a1a332593b316c3fc21e70a601c4c2bf858160 { | |
| strings: | |
| $a_2 = { 558bec833db4d872000075148b45088b } | |
| $a_3 = { 558bec8b45085633f63bc6751de84e87 } | |
| $a_4 = { 558b3783c70489bddcfdffffe8506700 } | |
| $a_5 = { 558bec83ec248365f8008365f4008d45 } | |
| $a_6 = { 558bec83ec1853ff75108d4de8e86165 } | |
| $a_7 = { 558becb810200000e8e37500005657c7 } | |
| $a_8 = { 558bec83ec205333db395d0c751de89c } | |
| $a_9 = { 558bece8584b0000e84d4b000050e82d } | |
| $a_10 = { 558bec8b0dd4f07200a1d8f072006bc9 } | |
| $a_11 = { 558bec81ec1c050000a1f084720033c5 } | |
| $a_12 = { 558bec83ec20a1f084720033c58945fc } | |
| $a_13 = { 558bec6aff68a034720064a100000000 } | |
| $a_14 = { 558bec6aff682638720064a100000000 } | |
| $a_15 = { 558bec51518b45245333db89188b451c } | |
| $a_16 = { 558bec6afe68483d7200681043710064 } | |
| $a_17 = { 558bec535657e85752ffff83b80c0200 } | |
| $a_18 = { 558bec81ec1808000068bcf04000ff15 } | |
| $a_19 = { 558bec5633f63975087524e83480ffff } | |
| $a_20 = { 558bec565733f6ff7508e8d2a7ffff8b } | |
| $a_21 = { 558bec83ec10ff750c8d4df0e8ebe9ff } | |
| $a_22 = { 558bec5356576a006a0068bb93710051 } | |
| $a_23 = { 558bec8b450883f8fe7518e80672ffff } | |
| $a_24 = { 558bec83ec30a1f084720033c58945fc } | |
| $a_25 = { 558bec83ec34a1f084720033c58945fc } | |
| $a_26 = { 558bec81ec8c000000c645d043c645d1 } | |
| $a_27 = { 558bec83e4f86aff681a39720064a100 } | |
| $a_28 = { 558bec83ec14a1d4f072008b4d086bc0 } | |
| $a_29 = { 558bec56e85b5fffff8b75083bb09800 } | |
| $a_30 = { 558bece8e30900008b4d0889085dc38b } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Ubriel_58a526da76883b6ad40a121821bb05a4682595bb1762fef49fe798cf980fdacb { | |
| strings: | |
| $a_2 = { 558bec81c444fdffff535633c9898d64 } | |
| $a_3 = { 558bec33c05568b166400064ff306489 } | |
| $a_4 = { 558bec6a006a0053568bf033c05568c6 } | |
| $a_5 = { 558bec8d4510f6451580740583380075 } | |
| $a_6 = { 558bec5356578bd833c0556800824000 } | |
| $a_7 = { 558bec518b4d085356578b018bd08bf0 } | |
| $a_8 = { 558bec51535657894dfc8bfa8bf0e809 } | |
| $a_9 = { 558bec81c4d8fdffff53565733c08985 } | |
| $a_10 = { 558bec33c05568295a400064ff306489 } | |
| $a_11 = { 558becff7508e8d1fdffff5dc2040090 } | |
| $a_12 = { 558becff7508e88f00000085c074218b } | |
| $a_13 = { 558bec81c4bcfeffff53565733d28955 } | |
| $a_14 = { 558bec33c055685881400064ff306489 } | |
| $a_15 = { 558bec81c4b0feffff53565733c08985 } | |
| $a_16 = { 558b6c24145685ed570f84db0300008b } | |
| $a_17 = { 558bec6a006a07dd4508e80dc5ffff83 } | |
| $a_18 = { 558bec33c0556873b5400064ff306489 } | |
| $a_19 = { 558bec81c40cf8ffff53565733d28995 } | |
| $a_20 = { 558bec33c055680804410064ff306489 } | |
| $a_21 = { 558bec83c4e45752ff75106a008d7de4 } | |
| $a_22 = { 558bec33c05568f966400064ff306489 } | |
| $a_23 = { 558bec83c4e053565733d28955f88bf0 } | |
| $a_24 = { 558bec33c055680526410064ff306489 } | |
| $a_25 = { 558bec33c055683d43400064ff306489 } | |
| $a_26 = { 558bec81c468feffff535657894df889 } | |
| $a_27 = { 5589e581c4f4ffffff894df88955f489 } | |
| $a_28 = { 558becff7508e85901000085c074268b } | |
| $a_29 = { 558bec33c055685d6f400064ff306489 } | |
| $a_30 = { 558bec33c05568e1b0400064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Unskal_2e6b68a19694842b3b2606c21ecf815c8251bcfb8aca46eac0ac2c8f132836b9 { | |
| strings: | |
| $a_2 = { 558bec81ecec00000068c88f4700ff15 } | |
| $a_3 = { 558bec83ec24c645f3fdc645f3fd8bc9 } | |
| $a_4 = { 558bec81eca0000000c1e100c64588c9 } | |
| $a_5 = { 558b9a02000000000000000000000000 } | |
| $a_6 = { 558bec83ec0ceb00a114904700030540 } | |
| $a_7 = { 558bec83ec20c745f800000000a12490 } | |
| $a_8 = { 558bec81ec88000000a1608f47008945 } | |
| $a_9 = { 558bec83ec14a1182045008945fc6a00 } | |
| $a_10 = { 558bec81ecc80100008b45088945fc8b } | |
| $a_11 = { 558bec83ec18c745f002000000c705f8 } | |
| $a_12 = { 558bc29b3fd70e000000000000000000 } | |
| $a_13 = { 558bec83ec14c745fc41000000c745f4 } | |
| $a_14 = { 558bec5168bc8f4700ff1598214500a3 } | |
| condition: | |
| 11 of them | |
| } | |
| rule BackdoorWin32Ursnif_571daddf5f60b0a936a57d5d7533b342890f413b70ccef0a48523777e5305295 { | |
| strings: | |
| $a_2 = { 558bec538b5d0885db7454f6431a0475 } | |
| $a_3 = { 558bec83c4f85356578b5d0c8b7508bf } | |
| $a_4 = { 558bec8a4508a274b0410084c0740980 } | |
| $a_5 = { 558bec538b5d08807b1300742af6431a } | |
| $a_6 = { 558bec803d495e420001750ae8fb5f00 } | |
| $a_7 = { 558bec53568b4d0c8b75088bd633c0eb } | |
| $a_8 = { 558bec6633c0668b5508ec5dc3558bec } | |
| $a_9 = { 558bec5356578b7d108b5d08ff750c53 } | |
| $a_10 = { 558bec83c4e8535657803d495e420000 } | |
| $a_11 = { 558bec5657fc8b7d0c8bf78b45108bc8 } | |
| $a_12 = { 558bec81c400ffffff68000100008d85 } | |
| $a_13 = { 558bec8d450c506a00ff7508e818ffff } | |
| $a_14 = { 558bec53568b75086a2e56e823e40000 } | |
| $a_15 = { 558bec53568b750c8b5d0853e8bfffff } | |
| $a_16 = { 558bec535657c705dc194200c0884000 } | |
| $a_17 = { 558bec535633dbc605e0194200016a00 } | |
| $a_18 = { 558bec5356578b750c8b45088b400a8b } | |
| $a_19 = { 558bec53568b750cbb0c1b4200680c1b } | |
| $a_20 = { 558bec8b450c8b550883f8017c043b02 } | |
| $a_21 = { 558bec83c4f853568b750c8b5d08f643 } | |
| $a_22 = { 558bec6a0068fd26410068e5e74100e8 } | |
| $a_23 = { 558bec83c49c5356578b750c8a068845 } | |
| $a_24 = { 558bec53e8cc72ffffe89fffffff8bd8 } | |
| $a_25 = { 558bec833d5461420000742ae81c49ff } | |
| $a_26 = { 558bec53803d495e420001754a833d54 } | |
| $a_27 = { 558bec5356578b7d108b5d0c8b75083b } | |
| $a_28 = { 558bec8b45080fbe501252ff700ee859 } | |
| $a_29 = { 558bec6a00a1c819420083c00c50e8dd } | |
| $a_30 = { 558bec538b5d08c6051c5e42000153ff } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Vatos_e8bb544de80805899353aba9f9345e7c58aeb88e09c0afe78d38c652039f8978 { | |
| strings: | |
| $a_2 = { 558bd9662d044a45c06a049f473bb037 } | |
| $a_3 = { 558be9cefa130e89e45add048a307b73 } | |
| $a_4 = { 558b9737ac873869801cf23450acac90 } | |
| $a_5 = { 558bcf3061c40dc154d78233526d2daa } | |
| $a_6 = { 558b323b3075a57204595edee23b7004 } | |
| $a_7 = { 558bc4e7071694759ba3ea34be5b8c23 } | |
| $a_8 = { 558be44110673caf05ed05c98caf9cc7 } | |
| $a_9 = { 558b6c110dedd626d14f04d7f01cc29f } | |
| $a_10 = { 5589e537603d0bdf8f541b108e653f83 } | |
| $a_11 = { 558b846a496632a4005c6ed9620c5eb8 } | |
| $a_12 = { 558b046748aa80bda8824680d007b057 } | |
| $a_13 = { 558baee1d73b5d0c5d6f7fa34167ffff } | |
| $a_14 = { 558b14996da9a2bb1be06bd69f7c4454 } | |
| $a_15 = { 558b080ec8693a791507661705fa1c92 } | |
| $a_16 = { 558b991f089ed6f861b02828ce3c8e38 } | |
| condition: | |
| 13 of them | |
| } | |
| rule BackdoorWin32Vawtrak_6aa2917fd4bccc0c4d6c88466552b1d8e694660a5755ef2a10f5f06554ba1e90 { | |
| strings: | |
| $a_2 = { 558bec8b3a3689c88b3a8b3a36c88b3a } | |
| $a_3 = { 558bec5636363a363a36898a8a8a0036 } | |
| $a_4 = { 558bec833d20014300267e19a1bc0043 } | |
| $a_5 = { 558bec8b0d280143005683f93957b838 } | |
| $a_6 = { 558bec6aff68c0f142006840c7420064 } | |
| $a_7 = { 558bec8b008a893a3ac8c88bc889893a } | |
| $a_8 = { 558bd747005300750189533dfe00eb81 } | |
| $a_9 = { 558bec33c83a3a3689363a3a00363a8b } | |
| $a_10 = { 558bec6a363a368a8a36c88a8bc88bc8 } | |
| $a_11 = { 558bec6a8a363ac8363ac836c8368a3a } | |
| $a_12 = { 558bec8b0ddc004300a1bc00430083c9 } | |
| $a_13 = { 558bec6a898ac8363a898a3a3636893a } | |
| $a_14 = { 558beca1dc004300568b3528014300ba } | |
| $a_15 = { 558becff3ac88a8b36c88b89c8898a36 } | |
| $a_16 = { 558becff36c8c8c8368b8ac8c889c836 } | |
| $a_17 = { 558beca1180143008b0dec004300d3e0 } | |
| $a_18 = { 558beca1bc004300568b351801430057 } | |
| $a_19 = { 558bec563a3a3a368a3689c88b3a898b } | |
| $a_20 = { 558bec8b898b363ac88b8ac836c83a3a } | |
| $a_21 = { 558be2dc6235239e0f4027e605744ddc } | |
| $a_22 = { 558bec6a368a898b36c836c88a8b8a89 } | |
| $a_23 = { 558bec83ec108b15100143008b0df400 } | |
| $a_24 = { 558bec8b8a008a8b368b3a3ac889363a } | |
| $a_25 = { 558bec51a1dc0043008b0dc800430053 } | |
| $a_26 = { 558bec518b003a3689c83a36c8c83a8b } | |
| $a_27 = { 558bec568bc836368b89368b8b8b36c8 } | |
| $a_28 = { 558bec83ec10a1c80043008b0dd40043 } | |
| $a_29 = { 558bec518b15e8004300a12401430033 } | |
| $a_30 = { 558bec56c8c8c8c88a3a368a36363a89 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Venik_949fdc49c44a1f83612296f1c5e387f4ac2956040ca9939339bc0a174d628270 { | |
| strings: | |
| $a_2 = { 558b39ec83001c5356576a065910be30 } | |
| $a_3 = { 558b425cfd782807117f877543619565 } | |
| $a_4 = { 558bec41451056be449b01a1b95fe949 } | |
| $a_5 = { 558bcadfba3a5506234e4576145ed0b2 } | |
| $a_6 = { 558b01176395e6bafba3f0cbcf0f99c3 } | |
| $a_7 = { 558bcf03000df7ad0f7c26897300588d } | |
| $a_8 = { 558b0cd96653f843021a7e1332339357 } | |
| $a_9 = { 558b2d12d4617bcd00382958c9db4899 } | |
| condition: | |
| 7 of them | |
| } | |
| rule BackdoorWin32Vharke_8596d1c58f413374d681e0c80de7bfcf70e540882088b2d7278fb5dc61fd84f2 { | |
| strings: | |
| $a_2 = { 558b3f3335ac446b4f99865aef7fb968 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Vinself_5c57417bbe94941611c7890c5026894ec7fc8f0968b7928f6f39f0458eef1876 { | |
| strings: | |
| $a_2 = { 558bec5756538b750c8b7d088d0540c3 } | |
| $a_3 = { 558bec6aff6830a50010683089001064 } | |
| $a_4 = { 558bec56ff7508e873040000ff7510ff } | |
| $a_5 = { 558bec8b450856833c8580bb0010008d } | |
| $a_6 = { 558bec5151536a066a016a02ff1548a1 } | |
| $a_7 = { 558bec535657556a006a006850880010 } | |
| $a_8 = { 558bec515153568b352cc30010578b7d } | |
| $a_9 = { 558becb8a0290000e857090000535657 } | |
| $a_10 = { 558becb880300000e8ef220000806580 } | |
| $a_11 = { 558bec81ec4c0100008065b800535657 } | |
| $a_12 = { 558bec56ff7514e80d070000ff7514ff } | |
| $a_13 = { 558becb80c300000e85d180000535657 } | |
| $a_14 = { 558bec81ec78010000538d45cc5750ff } | |
| $a_15 = { 558bc1c1f8058d3c8520c700108bc183 } | |
| $a_16 = { 558bec56ff7514e846080000ff7514ff } | |
| $a_17 = { 558bec83ec10568b750c56ff155ca100 } | |
| $a_18 = { 558bec51833d48c3001000535657751d } | |
| $a_19 = { 558bec81ec0c0100005356576a3f33db } | |
| $a_20 = { 558becb804380000e8691a000080a5fc } | |
| $a_21 = { 558bec81eca001000053565733db33c0 } | |
| $a_22 = { 558bec5356beb4c400105756ff1520a1 } | |
| $a_23 = { 558becb86c310000e8c30c0000535657 } | |
| $a_24 = { 558bec6aff68e8a40010683089001064 } | |
| $a_25 = { 558bec56ff7508e8090900008d451050 } | |
| $a_26 = { 558bec8b450885c075025dc3833d48c3 } | |
| $a_27 = { 558bec81eca00100008065f0005733c0 } | |
| $a_28 = { 558b0d20b700100fb6c3f64441018074 } | |
| $a_29 = { 558bec81ec080200005356576a7f33db } | |
| $a_30 = { 558bec81ec7001000053566a0133db5e } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Visel_f21a2fed5f79834aebb4538d6822537646a46464a00966731f60942ab41efc72 { | |
| strings: | |
| $a_2 = { 558bec83e4f8b8a4160000e830880000 } | |
| $a_3 = { 558b6c2408568bf1396e14577305e83c } | |
| $a_4 = { 558bec83ec105333db391d64ab400056 } | |
| $a_5 = { 558bec83ec10f605281a02100156be78 } | |
| $a_6 = { 558bec535657556a006a006830d20010 } | |
| $a_7 = { 558bec83ec3c8b450c5356578b3d4412 } | |
| $a_8 = { 558b6c240c8bc34856570f840c010000 } | |
| $a_9 = { 558bec83e4f86aff68f361011064a100 } | |
| $a_10 = { 558bec515153565733ff393d0caf4000 } | |
| $a_11 = { 558bac242040000085ed750d50e8818e } | |
| $a_12 = { 558bcbe8a9fdffff566a008bcbe89ffd } | |
| $a_13 = { 558bac24280e000056576a006a006a03 } | |
| $a_14 = { 558bec515153565733ff393d90320210 } | |
| $a_15 = { 558beca18ce8010085c0b940bb000074 } | |
| $a_16 = { 558bec6aff68c05f011064a100000000 } | |
| $a_17 = { 558bec83ec4c5356576a0458e8c8f1ff } | |
| $a_18 = { 558bec83ec14538365fc00833dc0e801 } | |
| $a_19 = { 558bec6aff6840724000682c29400064 } | |
| $a_20 = { 558bece88603000050e8ccfbffff85c0 } | |
| $a_21 = { 558bec83e4f881ec9c080000a1a0c501 } | |
| $a_22 = { 558bec83e4f881ec54040000a1a0c501 } | |
| $a_23 = { 558bec83ec0ca1a0c501106a068945fc } | |
| $a_24 = { 558bcf8944242ce803d7ffff8d54241c } | |
| $a_25 = { 558bec83e4f86aff689b62011064a100 } | |
| $a_26 = { 558bec83e4f881ec2c0e0000a1a0c501 } | |
| $a_27 = { 558bec83e4f881ece80c0000a1a0c501 } | |
| $a_28 = { 558bec83ec105333db391d781d021056 } | |
| $a_29 = { 558bec566a016800000080688e100100 } | |
| $a_30 = { 558bec83e4f8b8883e0000e840970000 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Votwup_6bfe476bce7541c6f3d4fbd28ae4104cde059fd9fd7f9eb360c4f9d41ef2bf1a { | |
| strings: | |
| $a_2 = { 558bec6a0033c0556879a1400064ff30 } | |
| $a_3 = { 558bec33c05568c963400064ff306489 } | |
| $a_4 = { 558bce2bcb418bd38bc7e8585bffff5d } | |
| $a_5 = { 558bec538b5d085368b2d7000068702f } | |
| $a_6 = { 558bec33c055689a5e400064ff306489 } | |
| $a_7 = { 558bea8bf88bc7e81d3dffff8bf0bb01 } | |
| $a_8 = { 558bec33c95151515133c0556894db40 } | |
| $a_9 = { 558bec5153568945fc8b45fce8ab74ff } | |
| $a_10 = { 558bec81c4d8feffff535633d28995e0 } | |
| $a_11 = { 558bec33c055682571400064ff306489 } | |
| $a_12 = { 558bec33c055681097400064ff306489 } | |
| $a_13 = { 558bec5153568945fc8b45fce83b65ff } | |
| $a_14 = { 558bec83c4dc535633d28955dc8bf033 } | |
| $a_15 = { 558bec83c4f8535657be207641008b46 } | |
| $a_16 = { 558bec33c05568c2cd400064ff306489 } | |
| $a_17 = { 558bec83c4f853568bf28bd8803dac75 } | |
| $a_18 = { 558bce2bcb418bd38bc7e82cdcffff5d } | |
| $a_19 = { 558bec83c4f8535657bf207641008b47 } | |
| $a_20 = { 558bec33c055685d74400064ff306489 } | |
| $a_21 = { 558bec6a0033c055687a08410064ff30 } | |
| $a_22 = { 558bec6a006a00538bd833c055680c89 } | |
| $a_23 = { 558bec33c05568a5bf400064ff306489 } | |
| $a_24 = { 558bec81c414feffff53565733d28995 } | |
| $a_25 = { 558bec51538945fc8b45fce858baffff } | |
| $a_26 = { 558bec33c05568c753410064ff306489 } | |
| $a_27 = { 558bec33c055681d70400064ff306489 } | |
| $a_28 = { 558bec33c05568e985400064ff306489 } | |
| $a_29 = { 558bec33c95151515133c055687b2441 } | |
| $a_30 = { 558bec33c05568f2e7400064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Wabot_8beea498c00555d76f0877b0cb55e213f2b6b40d494ef2a2dee1dcb65a35259e { | |
| strings: | |
| $a_2 = { 558b969a4280ec9c84fe33fd58533b2b } | |
| $a_3 = { 558b832df405d7dbd9aa8ea944dfec67 } | |
| $a_4 = { 558bc8b0109f9330e0b352f25704dd56 } | |
| $a_5 = { 558bf28bd8eb0853e86ceaffff8bd88a } | |
| $a_6 = { 558bd14304627667bd7b355a6868bc7c } | |
| $a_7 = { 558b78719d772f00bca56d2b8c850f4b } | |
| $a_8 = { 558b3fae2c5f96ba0b1e044b656759ab } | |
| $a_9 = { 558bd6fd6174e777d25a4aefc4c32d8a } | |
| $a_10 = { 558bec515356578bd833c0a3acf54000 } | |
| $a_11 = { 558bec33c05568414a400064ff306489 } | |
| $a_12 = { 558bb43797c99cfe36012289bff37c25 } | |
| $a_13 = { 558b8e28d47b8fda08ee2755d56e2b2f } | |
| $a_14 = { 558b940fb20def704f25c4ad6cecbbb2 } | |
| $a_15 = { 558bf481550d992da2d927f5af0a0940 } | |
| $a_16 = { 558b1fa144801933579d7f02eba08236 } | |
| $a_17 = { 558bece89cf6ffff5531c96814394000 } | |
| $a_18 = { 558bec515356578bf28bd8803da8f540 } | |
| $a_19 = { 558b2dce98c6b67fa673360ccaae1799 } | |
| $a_20 = { 558bc4ca4f9f44d9255aadba2be1fdb3 } | |
| $a_21 = { 558b90c9609c9f2cfdf769f865c18127 } | |
| $a_22 = { 558b5d009f4a3b0738195250e036036d } | |
| $a_23 = { 558bec538b5d085368b1d7000068642b } | |
| $a_24 = { 558bec33c0556801d8400064ff306489 } | |
| $a_25 = { 558bec51538bda8945fc8b45fce862f3 } | |
| $a_26 = { 558bec33c055680647400064ff306489 } | |
| $a_27 = { 558bec51538bda8945fc8b45fce83edb } | |
| $a_28 = { 558b9a6a07de2e0d8a16b991ed0ce631 } | |
| $a_29 = { 558b492676f59bbc67fed66c81de54c7 } | |
| $a_30 = { 558bccf85dfcacee30d1a1bb2e9025bc } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Wabot_ed86fcebd48b06c85689b9a9a136ee12e47c329982bccece1f1afe802a7b80ed { | |
| strings: | |
| $a_2 = { 558bec33c05568644d400064ff306489 } | |
| $a_3 = { 558bec81c498feffff53565733db899d } | |
| $a_4 = { 558b5f222408c17d97d12a106db5d297 } | |
| $a_5 = { 558bc9fe3afee6de0469525f3b84b1a8 } | |
| $a_6 = { 558b7d116a4a2e43cf3148daa312fad5 } | |
| $a_7 = { 558b4a6ab37cb2b549f24c2ae6365707 } | |
| $a_8 = { 558bec33c05568d382400064ff306489 } | |
| $a_9 = { 558bec538b5d085368b1d7000068642b } | |
| $a_10 = { 558beeaf258d306f6c6f9f9207c33c6e } | |
| $a_11 = { 558bec51538bda8945fc8b45fce8dad5 } | |
| $a_12 = { 558b4780cd2062897fda4b1a5d5ddc51 } | |
| $a_13 = { 558b5f583b462d8c7d7720a57e0fb491 } | |
| $a_14 = { 558b887b006d8dda86a8627b562412ec } | |
| $a_15 = { 558bec33c0556801d8400064ff306489 } | |
| $a_16 = { 558b25d4530c9e2bd33f7a4123a5bdbe } | |
| $a_17 = { 558b6adbf2729f1d02de6a7232c33d39 } | |
| $a_18 = { 558bec33c05568dd4b400064ff306489 } | |
| $a_19 = { 558bec33c055680647400064ff306489 } | |
| $a_20 = { 558bec51538bda8945fc8b45fce83edb } | |
| $a_21 = { 558bec33c05568b148400064ff306489 } | |
| $a_22 = { 558b3e05acca77ffc49eda7f98e55aef } | |
| $a_23 = { 558bc3522649fa2b708fa92b4283a5b2 } | |
| $a_24 = { 558bec33c05568e948400064ff306489 } | |
| $a_25 = { 558bbb76d1b00366b002a8dd7b94ca1a } | |
| $a_26 = { 558b41f6fd760c5a2e35e29d6aa10bf2 } | |
| $a_27 = { 558bec535657bf1cf640008b470885c0 } | |
| $a_28 = { 558bec515356578bd833c0a3acf54000 } | |
| $a_29 = { 558bf998fd9bc7d0bccd48d3fa4039fe } | |
| $a_30 = { 558bec33c05568414a400064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Wakbot_f60d20f420e2860759944bb47b0c3e6a8a09dd5f609f07c63f33b5bcc0077509 { | |
| strings: | |
| $a_2 = { 558b6c240c568bd1578db3160100008b } | |
| $a_3 = { 558bec6aff68a043011068c82d011064 } | |
| $a_4 = { 558b6c24105633f6578b7c2420897424 } | |
| $a_5 = { 558bac24100100008bd985ed750d5d33 } | |
| $a_6 = { 558bec6aff681044011068c82d011064 } | |
| $a_7 = { 558be956578b85201500008d9d201500 } | |
| $a_8 = { 558bec6aff689044011068c82d011064 } | |
| $a_9 = { 558b2d384201108d4c24746a0a51ffd6 } | |
| $a_10 = { 558bac241001000056578bfdf2aef7d1 } | |
| $a_11 = { 558bec6aff685034011064a100000000 } | |
| $a_12 = { 558b2d8042011033c98bfb8a8c069401 } | |
| $a_13 = { 558bec6aff684044011068c82d011064 } | |
| $a_14 = { 558b6c24145685ed578bd9b801000000 } | |
| $a_15 = { 558bec6aff68db30011064a100000000 } | |
| $a_16 = { 558bf0ff15d44201106a018bd8ff15d4 } | |
| $a_17 = { 558b6c2410568b7424185733ff897c24 } | |
| $a_18 = { 558bec6aff68e043011068c82d011064 } | |
| $a_19 = { 558bec6aff683044011068c82d011064 } | |
| $a_20 = { 558bec6aff68f044011068c82d011064 } | |
| $a_21 = { 558bec6aff68d043011068c82d011064 } | |
| $a_22 = { 558bec6aff689043011068c82d011064 } | |
| $a_23 = { 558bec6aff682044011068c82d011064 } | |
| $a_24 = { 558bceff52348d8424200500006a0050 } | |
| $a_25 = { 558bec6aff68b043011068c82d011064 } | |
| $a_26 = { 558bec6aff68d044011068c82d011064 } | |
| $a_27 = { 558bac24c0010000565755536a596800 } | |
| $a_28 = { 558bec6aff686044011068c82d011064 } | |
| $a_29 = { 558bec6aff685044011068c82d011064 } | |
| $a_30 = { 558be95657c7442414000000008b8504 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32War_a40b45d6f9944834662a3fa1edabeefc7d3c996673b41dfb8e67a257d8a4cc10 { | |
| strings: | |
| $a_2 = { 558b6c24188bd9b801000000568b7424 } | |
| $a_3 = { 558bd95657c1e9028bf28d7c2414f3a5 } | |
| $a_4 = { 558bac246c0300002be88b042e8b4c2e } | |
| $a_5 = { 558b6c240c56578b7c24188bd933f68a } | |
| $a_6 = { 558b6c24108bd98bcd33c056578b7c24 } | |
| $a_7 = { 558bd9568b8c24840000008d44244057 } | |
| condition: | |
| 6 of them | |
| } | |
| rule BackdoorWin32Wavipeg_dfddb34d9212a55141ea5b594073abe7ce7d97a3ed06659026e9ea0e6bd8c78f { | |
| strings: | |
| $a_2 = { 5589e557565381ec8c0300008b5d080f } | |
| $a_3 = { 558b442440506a00e8c44dfbff83c420 } | |
| $a_4 = { 558b1f53e85debffff83c4208b4f0485 } | |
| $a_5 = { 558b4c240889c829d88b142429c2807c } | |
| $a_6 = { 5589e557565383ec0c8b5d088b83f882 } | |
| $a_7 = { 558b6c2444558b5424448b442440e812 } | |
| $a_8 = { 558b74243c56e8def4ffff89c383c410 } | |
| $a_9 = { 5589e583ec08c7042400000000e88eb1 } | |
| $a_10 = { 5589e58b450c8b55108b4d088981f001 } | |
| $a_11 = { 5589e55de93742010090909090909090 } | |
| $a_12 = { 558b7c2424578b6c24185551e8b0c40a } | |
| $a_13 = { 5589e55689d65383ec108b9868010000 } | |
| $a_14 = { 5589e574075db801000000c35dc605e0 } | |
| $a_15 = { 558b4c243451e8b204f9ff8b500883c4 } | |
| $a_16 = { 558b6c2430556a00e8aa9ffbff83c410 } | |
| $a_17 = { 5589e55de9b73d01008db42600000000 } | |
| $a_18 = { 558b4c241851e8ea45000083c41085c0 } | |
| $a_19 = { 558b54243c528b4c243451e888da0200 } | |
| $a_20 = { 5589e583ec088b4508c700cc52530089 } | |
| $a_21 = { 5589e55de947f7ffff8db42600000000 } | |
| $a_22 = { 5589e557bfffffffff5631f65383ec2c } | |
| $a_23 = { 558b15108d530052e8f7b8030083c410 } | |
| $a_24 = { 558b4c241451e8a20df9ff89c38b4004 } | |
| $a_25 = { 5589e583ec08c7042400000000e8ae8d } | |
| $a_26 = { 5589e55383ec048b5d088b837c010000 } | |
| $a_27 = { 5589e557565383ec3c8965d4e80f2e00 } | |
| $a_28 = { 5589e583ec08c7042414000000e8beee } | |
| $a_29 = { 5589e557565383ec1c8b7d0c8b551089 } | |
| $a_30 = { 558b5c2438538b84249400000050e878 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Wavipeg_e492fa2c55e11f7b2447779e56739ee5b1b000ffc560b4f5837a7c4e6699863e { | |
| strings: | |
| $a_2 = { 5589e557565381ec8c0300008b5d080f } | |
| $a_3 = { 558b442440506a00e8c44dfbff83c420 } | |
| $a_4 = { 5589e55383ec048b5d08c70324535300 } | |
| $a_5 = { 558b1f53e85debffff83c4208b4f0485 } | |
| $a_6 = { 558b4c240889c829d88b142429c2807c } | |
| $a_7 = { 5589e557565383ec0c8b5d088b83f882 } | |
| $a_8 = { 558b6c2444558b5424448b442440e812 } | |
| $a_9 = { 558b74243c56e8def4ffff89c383c410 } | |
| $a_10 = { 558b842400010000ba5ef45200e85ef0 } | |
| $a_11 = { 5589e58b450c8b55108b4d088981f001 } | |
| $a_12 = { 5589e55de93742010090909090909090 } | |
| $a_13 = { 558b7c2424578b6c24185551e8b0c40a } | |
| $a_14 = { 5589e583ec08c7042400000000e81ede } | |
| $a_15 = { 5589e55689d65383ec108b9868010000 } | |
| $a_16 = { 5589e574075db801000000c35dc605e0 } | |
| $a_17 = { 558b4c243451e8b204f9ff8b500883c4 } | |
| $a_18 = { 558b6c2430556a00e8aa9ffbff83c410 } | |
| $a_19 = { 5589e55de9b73d01008db42600000000 } | |
| $a_20 = { 558b4c241851e8ea45000083c41085c0 } | |
| $a_21 = { 558b54243c528b4c243451e888da0200 } | |
| $a_22 = { 5589e583ec088b4508c700cc52530089 } | |
| $a_23 = { 5589e55de947f7ffff8db42600000000 } | |
| $a_24 = { 5589e557bfffffffff5631f65383ec2c } | |
| $a_25 = { 558b15108d530052e8f7b8030083c410 } | |
| $a_26 = { 558b4c241451e8a20df9ff89c38b4004 } | |
| $a_27 = { 5589e55383ec048b5d088b837c010000 } | |
| $a_28 = { 558b0d0007540089e55dffe190909090 } | |
| $a_29 = { 5589e55de927090f0090909090909090 } | |
| $a_30 = { 558b5c2438538b84249400000050e878 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Way_2d065febe338c14fb2ac33fc86e77af956cdb2a540d8bec4c897cc8e171b73fa { | |
| strings: | |
| $a_2 = { 558bc7bdebd70035ea9ae68679639aae } | |
| $a_3 = { 558b5c5c05e92159c440b327211f90cb } | |
| $a_4 = { 558b0c938e6000ac1b726aef06defd59 } | |
| $a_5 = { 558b68adf1066dafff142507e307eafb } | |
| $a_6 = { 558b7998a55d14c35abceb7547eed843 } | |
| $a_7 = { 558b2c93f0987477bba9a947ee80367b } | |
| $a_8 = { 558b1fc54d0ab3942c7d88faf4372b94 } | |
| $a_9 = { 558bd50bb3c52a776e57c9cf35c92b87 } | |
| $a_10 = { 558b5d3d9f04d392d8cb46fe32d3fe18 } | |
| $a_11 = { 558bec5356578b7d108b5d0c8b75087f } | |
| condition: | |
| 9 of them | |
| } | |
| rule BackdoorWin32Wencho_7223d8df3938edb71f606baf197fcf5e06b06689d0a199808fb6fe4d6aabb6de { | |
| strings: | |
| $a_2 = { 5589e55de997edffff90909090909090 } | |
| $a_3 = { 5589e557565383ec4c8b1d9c73400085 } | |
| $a_4 = { 5589e583e4f083ec10e882010000c704 } | |
| $a_5 = { 5589e583ec18a12c30400085c0743cc7 } | |
| $a_6 = { 5589e583ec28c70520734000090400c0 } | |
| condition: | |
| 5 of them | |
| } | |
| rule BackdoorWin32Wingbird_e43c196919b802cae4a37bc2027de68ba353ba6f46ecacf88c6f369237291f3c { | |
| strings: | |
| $a_2 = { 558beccbc2731bf1bbece853f210b03d } | |
| $a_3 = { 558b0c853c8ed5b1e0a9153b871a7256 } | |
| $a_4 = { 558b5620a1302d32d3eb49f7b522f570 } | |
| $a_5 = { 558bc5e8714b0f43cc7aab3a8ca66945 } | |
| $a_6 = { 558bb2f561f4eedc44166e6950509d84 } | |
| $a_7 = { 558b8db3aa46556e549480a7aa5a516e } | |
| $a_8 = { 558b9b6a87ff553384ec7fde570af377 } | |
| $a_9 = { 558b198bfd796370f21f824c4cbba791 } | |
| $a_10 = { 558b856736af68df19c233d861195d97 } | |
| $a_11 = { 558bfb14660042ce434feab995fca01f } | |
| $a_12 = { 558b980c4a7f3f8f978f4000f562be7c } | |
| $a_13 = { 558b0bc27672ae0f88023dbc4513c135 } | |
| $a_14 = { 558beb14d20edc13b8da9e7bc56117dd } | |
| $a_15 = { 558b040acf740384a73051d04d1e1fcd } | |
| $a_16 = { 558b3b9a289329515fb29f33cb366b99 } | |
| $a_17 = { 558bb83e5d26479ba49e58665c210b9a } | |
| $a_18 = { 558bec83ec48a104307b0233c58945fc } | |
| $a_19 = { 558bce7da4ce95af597301d2e16a8d63 } | |
| $a_20 = { 558ba9f1519f781f0292ad1ad2062edb } | |
| $a_21 = { 558b45b3d80b7ee73d18e133dd640e5b } | |
| $a_22 = { 558b29f1ad769b8ba015b2d0e6385f0d } | |
| $a_23 = { 558b54b959012735a4a903b25a23cd4f } | |
| $a_24 = { 558b3fa35e838878c7785b2fefceaafa } | |
| $a_25 = { 558be8ad53e13fabaf3f180969558e40 } | |
| $a_26 = { 558b8155a4ea455cdfcd840e6183c4f8 } | |
| $a_27 = { 558b5324c809be32124f511fa4d80736 } | |
| $a_28 = { 558bf2f758292dcfa65cabb096b7f6bc } | |
| $a_29 = { 558b591dcb0be0fea737b074d8b8b14d } | |
| $a_30 = { 558b1bbf1ab5673746c2d94f4dfe6c26 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Winker_f16f8416bd35e1ecc250b7998341893f81466f0adbbd1928b2856141a6b42ab9 { | |
| strings: | |
| $a_2 = { 558bec83ec1c568b35baeffedb3ce13c } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Winsec_50974c15a546e961fbee8653e5725960a77b79e0f7c8eadf3b6d35ba3a46dd57 { | |
| strings: | |
| $a_2 = { 558b6c241056578b7c241c33f685ff7e } | |
| $a_3 = { 558b6c243056884424218844242457b0 } | |
| $a_4 = { 558bef5681e5ffff000050508bf38bc5 } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorWin32Winshell_2edddc06731bb68d69b8d3f6c387620a00061084237d4e60edfcf3148fb5975b { | |
| strings: | |
| $a_2 = { 558ba40000004cff4a01ffffffff0100 } | |
| $a_3 = { 558b7c0200004cff4a01540000000000 } | |
| $a_4 = { 558bec880100004cff4a01ffffffff05 } | |
| $a_5 = { 558ba7a835d3c6179edd7dc643f26886 } | |
| $a_6 = { 558b000400004cff4a01040000000000 } | |
| $a_7 = { 558ba83800004cff4a01ffffffff0100 } | |
| $a_8 = { 558b524d8c7577c7e9f4ff05772f252a } | |
| $a_9 = { 558b997ab39c0559d89ed7b49115d62d } | |
| $a_10 = { 558bc00100004cff4a01ffffffff0d00 } | |
| $a_11 = { 558bec140500004cff4a011800000000 } | |
| condition: | |
| 9 of them | |
| } | |
| rule BackdoorWin32Winterlove_bd27b6d8f008c1614acce5f1c0afb75bf272366400f2b27311ee08c13bbf4aca { | |
| strings: | |
| $a_2 = { 558bec51833d2ca641000053751d8b45 } | |
| $a_3 = { 558bec83ec14a1b4bb41008b15b8bb41 } | |
| $a_4 = { 558bac24100600005657689407410055 } | |
| $a_5 = { 558bec515153568b3560a74100578b7d } | |
| $a_6 = { 558b2d6ce14000565733db33f633ff3b } | |
| $a_7 = { 558bec833d5ca8410000750fff750cff } | |
| $a_8 = { 558bec6aff6858e2400068a86b400064 } | |
| $a_9 = { 558bac2418020000565766894424108b } | |
| $a_10 = { 558bec6aff68f0e2400068a86b400064 } | |
| $a_11 = { 558bec51833d2ca6410000535657751d } | |
| $a_12 = { 558bec5756538b750c8b7d088d0524a6 } | |
| $a_13 = { 558b2ddce14000568bb424a005000057 } | |
| $a_14 = { 558bec6aff6848e2400068a86b400064 } | |
| $a_15 = { 558bec6aff6828e3400068a86b400064 } | |
| $a_16 = { 558bec83ec0c833d5ca8410000535657 } | |
| $a_17 = { 558bec51515333db391dc4bb41005657 } | |
| $a_18 = { 558bec6aff68c8e2400068a86b400064 } | |
| $a_19 = { 558becb800100000e833a4ffff538b5d } | |
| $a_20 = { 558bec6aff68d8e2400068a86b400064 } | |
| $a_21 = { 558bec5151833dc4a541000056577421 } | |
| $a_22 = { 558b2d1ce240008b43045685c057740c } | |
| $a_23 = { 558bec6aff6800e3400068a86b400064 } | |
| $a_24 = { 558bac24bc08000056578bfdf2ae8bb4 } | |
| $a_25 = { 558b4524890dac1841006bc03c034528 } | |
| $a_26 = { 558bec6aff6850e6400068a86b400064 } | |
| $a_27 = { 558b2de8e140005633d2578b7c243889 } | |
| $a_28 = { 558bec6aff68b8e2400068a86b400064 } | |
| $a_29 = { 558bec535657556a006a0068fc694000 } | |
| $a_30 = { 558bec33c039055ca84100750fff750c } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32WipBot_0c02e49d3924b04c6bc42515cc926e59bf319f42f55afcc0b0da14d228bcbd7a { | |
| strings: | |
| $a_2 = { 5589e557565389c383ec6c85c08955a0 } | |
| $a_3 = { 5589e583ec10e84d0b000085c0750431 } | |
| $a_4 = { 5589e583ec088b4508e85203000031d2 } | |
| $a_5 = { 5589e557565389c383ec7c85c07505e9 } | |
| $a_6 = { 5589e55653e8060c000085c0742c8b40 } | |
| $a_7 = { 5589e583ec2885c0750ae8c9e2ffffe9 } | |
| $a_8 = { 5589e55689d653ba40d4417c83ec1089 } | |
| $a_9 = { 5589e55389c383ec2485c0750431c0eb } | |
| $a_10 = { 5589e557565389c383ec1c85c0750431 } | |
| $a_11 = { 5589e5e818ecffff85c074058b4060eb } | |
| $a_12 = { 558b510489e58b450856538b198b3089 } | |
| $a_13 = { 5589e583ec2829ca8945f0b8d7816a87 } | |
| $a_14 = { 5589e55789c75653e86b13000085c074 } | |
| $a_15 = { 5589e5e88cfcffff85c074058b4030eb } | |
| $a_16 = { 5589e55789cf5689c65331db83ec2c8d } | |
| $a_17 = { 5589e574068339000f94c00fb6c05dc3 } | |
| $a_18 = { 5589e557565389c383ec6c85c0894dc4 } | |
| $a_19 = { 5589e5e8000000005805001040002d68 } | |
| $a_20 = { 5589e5e89c08000085c074058b4034eb } | |
| $a_21 = { 5589e557565389cbe8f715000085c075 } | |
| $a_22 = { 5589e557565389c383ec108955e8e885 } | |
| $a_23 = { 5589e5575631f65389cb83ec4ce81e23 } | |
| $a_24 = { 558bcebb624ae7f24bf29bcaa966df1b } | |
| $a_25 = { 5589e5565383ec208b5d088d45f4c745 } | |
| $a_26 = { 5589e55689d653ba80a6b4c983ec3089 } | |
| $a_27 = { 5589e557565383ec3c8945d4b87dd1a8 } | |
| $a_28 = { 5589e557565383ec34837d08000f9445 } | |
| $a_29 = { 5589e557565381ecac0100008b581801 } | |
| $a_30 = { 5589e557565389c383ec1085c08955e8 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Wisdoor_4061d0e08ee4c180d1c1ef5f1d7df3f34e8e8b8d0e1dcd41fb190677a3c107b8 { | |
| strings: | |
| $a_2 = { 558bec51894dfc8b45fc8b4dfc8b5014 } | |
| $a_3 = { 558bec83ec1c894de48b45e48b4d0889 } | |
| $a_4 = { 558bec83ec6456576a00ff15f0504100 } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorWin32Wisvereq_93060c5eebb5bd0601c5e96ce96d99edd7be229403de06f4db846109469c4c07 { | |
| strings: | |
| $a_2 = { 558bec8b4508a30c3c01105dc38bff55 } | |
| $a_3 = { 558becff35e4104100e8040300005985 } | |
| $a_4 = { 558bec8b45088b0dd824011056395004 } | |
| $a_5 = { 558b2d60f00010ffd56a0056ffd58b54 } | |
| $a_6 = { 558bec5356576a006a0068c787400051 } | |
| $a_7 = { 558b2da8f1001033c05633f656894424 } | |
| $a_8 = { 558bec8b4508a364154100a368154100 } | |
| $a_9 = { 558bec535657e865d5ffff83b80c0200 } | |
| $a_10 = { 558b6c24148a442c208d6c2c203c3b75 } | |
| $a_11 = { 558bec515156e8dadbffff8bf085f60f } | |
| $a_12 = { 558bec568b7508b8002201103bf07222 } | |
| $a_13 = { 558bec8b0d341b4100a1381b41006bc9 } | |
| $a_14 = { 558bec8b450c565783f801757c50e8cc } | |
| $a_15 = { 558bec51518d45f850ff15a0d040008b } | |
| $a_16 = { 558beca1c019410083ec0c53568b3510 } | |
| $a_17 = { 558b28568b70048b40088944240cc744 } | |
| $a_18 = { 558bec5633f63935c43b011075393975 } | |
| $a_19 = { 558bec83ec385357ff75088d4dc8e80a } | |
| $a_20 = { 558becb8e41a0000e81e320000a11c00 } | |
| $a_21 = { 558bec8b45085633f63bc6751de8f5c2 } | |
| $a_22 = { 558b3783c70489bddcfdffffe893eaff } | |
| $a_23 = { 558bec83ec14535657e80bb7ffff8365 } | |
| $a_24 = { 558bac243c20000033c05633f6568944 } | |
| $a_25 = { 558bec8b4508b9400041003bc1721f3d } | |
| $a_26 = { 558bec83ec0c85ff750ae84ee8ffffe8 } | |
| $a_27 = { 558bec5356576a006a0068cf77001051 } | |
| $a_28 = { 558bec83ec34a11c00410033c58945fc } | |
| $a_29 = { 558bec568b75085756e817fcffff5983 } | |
| $a_30 = { 558bec83ec18a11c0041008365e8008d } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Wkysol_d540ea2cc78d46ae63f1b33e9bcdb6b54faff6c657ff335e074109ee18a2b461 { | |
| strings: | |
| $a_2 = { 558b94242c060000568d842498000000 } | |
| $a_3 = { 558b08568b35d4500010578b50048b84 } | |
| $a_4 = { 558bec81ec30010000570f014df88b45 } | |
| $a_5 = { 558be9568d442410578d4c24585051b9 } | |
| $a_6 = { 558b6c24105733ff85ed7e53538b5c24 } | |
| $a_7 = { 558b3da05000108d9424180300006838 } | |
| $a_8 = { 558b6c24585657894c241033db8d4424 } | |
| $a_9 = { 558b6c2450565733f68d7c241433dbb8 } | |
| $a_10 = { 558bac2458030000565768887f001055 } | |
| condition: | |
| 8 of them | |
| } | |
| rule BackdoorWin32Wolyx_94ab459624798d9f1ca384c7308c9f124fb53573b07a93b71415af10a6297f07 { | |
| strings: | |
| $a_2 = { 558bec535657a128b6400085c0744b8b } | |
| $a_3 = { 558bec33c05568ed48400064ff306489 } | |
| $a_4 = { 558bec83c4f853c645ff0068d85d4000 } | |
| $a_5 = { 558bec83c4f40fb70518a040008945f8 } | |
| $a_6 = { 558bec515356578bf28bd8803dacb540 } | |
| $a_7 = { 558bec83c4e853894df88bda8945fc8b } | |
| $a_8 = { 558bec6a005333c05568a486400064ff } | |
| $a_9 = { 558bec518945fc33d25568e83b400064 } | |
| $a_10 = { 558bec33c05568f97d400064ff306489 } | |
| $a_11 = { 558bea8bf88bc7e8c5ddffff8bf0baf8 } | |
| $a_12 = { 558bea8bf88bc7e8b9e5ffff8bf0bb01 } | |
| $a_13 = { 558bec515356578bd833c0a3b0b54000 } | |
| $a_14 = { 558bec83c4f053b890914000e80facff } | |
| $a_15 = { 558bec33c05568415f400064ff306489 } | |
| $a_16 = { 558bec538bd833c055680f6d400064ff } | |
| $a_17 = { 558bec33c055688791400064ff306489 } | |
| $a_18 = { 558bec33c05568f63c400064ff306489 } | |
| $a_19 = { 558bec83c4f85356578bd8803dacb540 } | |
| $a_20 = { 558bec81c4f0feffff53568bd98955f8 } | |
| $a_21 = { 558bec33c05568195e400064ff306489 } | |
| $a_22 = { 558bec83c4f453568bd8c645ff008d45 } | |
| $a_23 = { 558becff7508e8e9feffff5dc2040090 } | |
| $a_24 = { 558bec83c4dc8945fc8b45fce84bdbff } | |
| $a_25 = { 558bec33c055682968400064ff306489 } | |
| $a_26 = { 558bec33c055682587400064ff306489 } | |
| $a_27 = { 558bcb2bce41ba010000008bc7e8f5dd } | |
| $a_28 = { 558bec83c4f8535633c08945fc8b5d10 } | |
| $a_29 = { 558bec81c4a0feffff538bda8945f88b } | |
| $a_30 = { 558bec83c4f8538945fc8b45fce852c8 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Wondufi_cbb03a616861052012d42976ba47e09c1dec66f716fc60cfea47f2c70fa879c5 { | |
| strings: | |
| $a_2 = { 558bec515333db5633c057391d30cb41 } | |
| $a_3 = { 558bec83ec08a10ccb41000345088945 } | |
| $a_4 = { 558bba8b455cc70044000044c7403020 } | |
| $a_5 = { 558b6c240c565785ed7505bd1a104100 } | |
| $a_6 = { 558b2e8d7e08ff1578c4410039077533 } | |
| $a_7 = { 558b0c5a8b043283c72985c9c1450874 } | |
| $a_8 = { 558b6c600401cb0fbf7d3d0049c381e3 } | |
| $a_9 = { 558beca190c24100506a008b0da0cb41 } | |
| $a_10 = { 558bec518365fc00833dd8c841000075 } | |
| $a_11 = { 558bd883c4c5538b1d0c03523c838ba0 } | |
| $a_12 = { 558bec60c745cb00004c00832b0c0020 } | |
| $a_13 = { 558b7cfc8bdf33c09fe5e8fb0000540b } | |
| $a_14 = { 558bdb81ec480100565733ab397d4d74 } | |
| $a_15 = { 558bec5156ff15ecc441008bf085f674 } | |
| $a_16 = { 558bb851ff74d8d20400e85e080039eb } | |
| $a_17 = { 558bd583c4a45356578b553d03520b83 } | |
| $a_18 = { 558bec51516a088d45f86a0050e89dff } | |
| $a_19 = { 558bdb5052cf7d08567413df4508116a } | |
| $a_20 = { 558bdb8b4544d1e0dd0db08640006ac8 } | |
| $a_21 = { 558b65a0cc40006a316a0061526a4c51 } | |
| $a_22 = { 558b710c8d34a7833e37740bc7368368 } | |
| $a_23 = { 558bad8b454c0bc0400e66b8384a0b75 } | |
| $a_24 = { 558bec83f5d053bc5d08c145f8910061 } | |
| $a_25 = { 558bec568b7508837e1400741c56e8f3 } | |
| $a_26 = { 558bec51834dfcff5357ff7508e80ec0 } | |
| $a_27 = { 558bec538b640c03653c66bb42165620 } | |
| $a_28 = { 558bdd81c45fffffb35356018b455025 } | |
| $a_29 = { 558bec6a0068001000006a00ff1568c4 } | |
| $a_30 = { 558ba85183490c004d3d8b0d0c50e841 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Wonip_ccb6b920ad401d572a1b37c9b5483694da03dc45c676ecc2f4cb1acbd35737c8 { | |
| strings: | |
| $a_2 = { 558bec81ec98000000535657683f000f } | |
| $a_3 = { 558bec6aff689072400068682c400064 } | |
| $a_4 = { 558bec51833dd8b0400000535657751d } | |
| $a_5 = { 558bec8b4508ff348578864000ff154c } | |
| $a_6 = { 558bec5153568b35348b400057837e10 } | |
| $a_7 = { 558bec6aff68f877400068682c400064 } | |
| $a_8 = { 558bec5756538b750c8b7d088d05d0b0 } | |
| $a_9 = { 558bec6aff688076400068682c400064 } | |
| $a_10 = { 558bec8b450885c075025dc3833dd8b0 } | |
| $a_11 = { 558bec83ec485356576880040000e8bf } | |
| $a_12 = { 558bec51833dd8b040000053751d8b45 } | |
| $a_13 = { 558bec83ec7ca10cb0400085c0740750 } | |
| $a_14 = { 558bec6aff686076400068682c400064 } | |
| $a_15 = { 558bec535657556a006a0068882b4000 } | |
| $a_16 = { 558bec51515333db391dd0b640005657 } | |
| $a_17 = { 558bec83ec14a198b540008b159cb540 } | |
| $a_18 = { 558bec6aff688072400068682c400064 } | |
| $a_19 = { 558bec515356e891fcffff8bf0ff7650 } | |
| $a_20 = { 558bec5356bec8b640005756ff159c70 } | |
| $a_21 = { 558bec515153568b3550ab4000578b56 } | |
| $a_22 = { 558bec83ec185356576a19e8d0d4ffff } | |
| $a_23 = { 558bec8b450856833c8578864000008d } | |
| $a_24 = { 558becb82c120000e8182b00008d8568 } | |
| $a_25 = { 558bec6aff681073400068682c400064 } | |
| $a_26 = { 558bec6aff682873400068682c400064 } | |
| $a_27 = { 558b2db0704000565733db33f633ff3b } | |
| $a_28 = { 558bec83ec6853566820af4000ff1530 } | |
| $a_29 = { 558bec83ec7c535657683f000f006a00 } | |
| $a_30 = { 558bec83ec7c53565733f66a025656ff } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Wykcores_8bbecd4ff3be53b09a2549ed24604d6e554df995b2e5418f602b205c9c008e92 { | |
| strings: | |
| $a_2 = { 558bec33c0556865bb400064ff306489 } | |
| $a_3 = { 558becff7508e899feffff5dc2040090 } | |
| $a_4 = { 558bec6a0053568bda8bf033c0556888 } | |
| $a_5 = { 558bec81c4acfdffff53568945fc8d45 } | |
| $a_6 = { 558bec33c055683943400064ff306489 } | |
| $a_7 = { 558bec33c05568c7be400064ff306489 } | |
| $a_8 = { 558becc700785634128950048948088b } | |
| $a_9 = { 558bec33c05568d98f400064ff306489 } | |
| $a_10 = { 558becb9101100006a006a004975f953 } | |
| $a_11 = { 558bec33c05568a180400064ff306489 } | |
| $a_12 = { 558bec83c4f40fb7050cd040008945f8 } | |
| $a_13 = { 558bec81c49cfdffff53565733c9898d } | |
| $a_14 = { 558bec83c4f8535657894dfc8bf2c645 } | |
| $a_15 = { 558bec515356578bf28bd8803da8e540 } | |
| $a_16 = { 558bec51536a006a006a006a00e8d685 } | |
| $a_17 = { 558bec33c05dc204008d400053565755 } | |
| $a_18 = { 558bec33c05568b954400064ff306489 } | |
| $a_19 = { 558bec33c055687143400064ff306489 } | |
| $a_20 = { 558bec81c404f0ffff5083c4f453e849 } | |
| $a_21 = { 558bec53565733c0556836bd400064ff } | |
| $a_22 = { 558bf0bffce54000bd00e640008b1df4 } | |
| $a_23 = { 558bec518945fc33d255686840400064 } | |
| $a_24 = { 558bec535657a124e6400085c0744b8b } | |
| $a_25 = { 558bec52508b450850516a006a00e8d1 } | |
| $a_26 = { 558bec83c4a8535633db895da8895dec } | |
| $a_27 = { 558bec83c4f8535657894dfc8bdac645 } | |
| $a_28 = { 558bec33c05568414d400064ff306489 } | |
| $a_29 = { 558bec33c055680241400064ff306489 } | |
| $a_30 = { 558bec538b4508bbd0e74000c7032000 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Xiclog_5a9defe0567831daf606231c8b20574f5cf9a2e3b89d58a9622ea51a6e05493e { | |
| strings: | |
| $a_2 = { 558b17663e7cf57ad42bba0101fa10a9 } | |
| $a_3 = { 558bbe27a955128469f0eb2fe61a1f46 } | |
| $a_4 = { 558b5699f6c44e96396ddd2e94c8dd97 } | |
| $a_5 = { 558bdb64eab0cfa986b9dae691618bb6 } | |
| $a_6 = { 558b3c7aeadff7227856abe1c5024b63 } | |
| $a_7 = { 558bea4de6d34a92964a69cdac96e50c } | |
| $a_8 = { 558b0dea7c958fdac36084b4be3a76ba } | |
| $a_9 = { 558b8b44ece0a285c0bbb1e75559f321 } | |
| $a_10 = { 558b6a6a579b94a2c374fdcfdf65ddd3 } | |
| condition: | |
| 8 of them | |
| } | |
| rule BackdoorWin32Xiclog_e511151945d88937c2a7a7249aff5c955d8f2478cdcba33d04115606efcab69d { | |
| strings: | |
| $a_2 = { 558b92a53de1c51a9d8c5d67af995cf9 } | |
| $a_3 = { 558b83bff0d29d95e8b43d73918d24f5 } | |
| $a_4 = { 558b8245cc6822b04bed0c3ad57536c1 } | |
| $a_5 = { 558b1c26e9b09c564626105d812ad666 } | |
| $a_6 = { 558b7eaaabba58363ca5df623a09539d } | |
| $a_7 = { 558bec83ec0c688611400064a1000000 } | |
| condition: | |
| 6 of them | |
| } | |
| rule BackdoorWin32Xifos_b96d6e1cad06cab3424679278f862cecb6fce0e9f9e1453fbbb750688a3af0a6 { | |
| strings: | |
| $a_2 = { 558bac246c0200005657685802000068 } | |
| $a_3 = { 558b6c241c5785ed74108bfd83c9ff33 } | |
| $a_4 = { 558bec6aff6850414000688031400064 } | |
| $a_5 = { 558b6c241856578d5d0153e80d1b0000 } | |
| condition: | |
| 4 of them | |
| } | |
| rule BackdoorWin32Xinia_6ca577672f9f41eb5b43a3078f9839fa5c9e02c7d64019b26a0cd41f3131a113 { | |
| strings: | |
| $a_2 = { 558bec83ec24539c80f7d8ce74fb9440 } | |
| $a_3 = { 558b10570c8eb99b916f1d887dffb6cc } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Xtrat_f44acb7b6a791e09e3b7c98209645283326ffe2261ab7ff11404576c3c5bd24f { | |
| strings: | |
| $a_2 = { 558bec83ec18686614400064a1000000 } | |
| $a_3 = { 558bec83ec0c686614400064a1000000 } | |
| $a_4 = { 558bec6a1858e810d1f3ff668b450c66 } | |
| $a_5 = { 558bec83ec14686614400064a1000000 } | |
| $a_6 = { 558b4d088b49588a55dc8814018d4de0 } | |
| condition: | |
| 5 of them | |
| } | |
| rule BackdoorWin32Xyligan_af6d1000f12f9e71374e1aa48875c67929ad5463722c367ff362c24005dbce53 { | |
| strings: | |
| $a_2 = { 558bc0545d83ec3c837d0800e91873ff } | |
| $a_3 = { 558bc9c645e78bc645e8ecc645cc8b54 } | |
| $a_4 = { 558b3796b417e85f7faec80a2f41fa09 } | |
| $a_5 = { 558bec83e4f8cfa814a1b0485a7e1733 } | |
| $a_6 = { 558b51c117e8f05909525ae792096170 } | |
| $a_7 = { 558bc9e91f690000f7dff384c9f7de81 } | |
| $a_8 = { 5589e581ec34020000c685f0fdffffa3 } | |
| $a_9 = { 558bed545d68d0070000e903c101008d } | |
| $a_10 = { 558b7bf22e98ba34e8d53d4c4687c189 } | |
| $a_11 = { 558b4d0851e886b4000083c410e9efaf } | |
| $a_12 = { 558bf984c6850cffffff00c6850dffff } | |
| $a_13 = { 558bd82184243cbc179f68200f480ce0 } | |
| $a_14 = { 558bed5dc685d0feffffffe9a5c20100 } | |
| condition: | |
| 11 of them | |
| } | |
| rule BackdoorWin32Y3KRat_c78c56c90bad076b16ea4b8bbec1614d09530ec56549de32f5538a6d8390d4d7 { | |
| strings: | |
| $a_2 = { 558bd9662d04498976606fb6c06a049f } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Yonsole_9d703925c280e6c00388269f0f640a6fdc485d3da6a24b75b52e9297071cf30e { | |
| strings: | |
| $a_2 = { 558b2dd0334112c7442410000000006a } | |
| $a_3 = { 558bec6aff68c834411268f01d411264 } | |
| $a_4 = { 558bec81ece4000000576a395933c08d } | |
| $a_5 = { 558bec6aff689b24411264a100000000 } | |
| $a_6 = { 558bec6aff689023411264a100000000 } | |
| $a_7 = { 558b2dec3341128b83d0000000bf0100 } | |
| $a_8 = { 558b6c2410568bf1578b46108b4e448b } | |
| $a_9 = { 558bec6aff688023411264a100000000 } | |
| $a_10 = { 558bf0ff15bc30411285c0750d5f5e5d } | |
| $a_11 = { 558bec83ec1c535657908b75086a026a } | |
| $a_12 = { 558bec51535657c745fc000000006064 } | |
| $a_13 = { 558bcee847f2ffff85ed740955e853ff } | |
| $a_14 = { 558b2b8d4424306804010000506a00ff } | |
| $a_15 = { 558bec8b4d10538b5d0c33c05657ff75 } | |
| $a_16 = { 558bec6aff685834411268f01d411264 } | |
| $a_17 = { 558bec6aff682034411268f01d411264 } | |
| $a_18 = { 558bec6aff684834411268f01d411264 } | |
| $a_19 = { 558b6c24188b042e506a0068ff0f1f00 } | |
| $a_20 = { 558bec6aff6830314000683027400064 } | |
| $a_21 = { 558bd96a00ff15f83341128b431885c0 } | |
| $a_22 = { 558b2dd4314112568bb4249800000057 } | |
| $a_23 = { 558b6c2428565733ff3bef8bf10f849c } | |
| $a_24 = { 558b6c240c56578b3d9832411233db8b } | |
| $a_25 = { 558be96a2de8056000008bd883c40485 } | |
| $a_26 = { 558b2df833411256578bf16a00897424 } | |
| $a_27 = { 558bec83ec1c8b45088365f400a31496 } | |
| $a_28 = { 558bec837d0800750432c05dc3ff7514 } | |
| $a_29 = { 558bac24200a000085ed0f84ec010000 } | |
| $a_30 = { 558be95657c74500ec3441128d7544bf } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Yurist_caacfd7c72d399b03fc6cf391640475392f64a88dbe5e2b34be290104fb7dce4 { | |
| strings: | |
| $a_2 = { 558bec81c4bcfeffff8d85c2feffff50 } | |
| $a_3 = { 558bec83c4a8e8d30300008945fc8d45 } | |
| $a_4 = { 558bec5356578b45088b7d0c0bc07507 } | |
| $a_5 = { 558bec8b45084883c001803800740f80 } | |
| condition: | |
| 4 of them | |
| } | |
| rule BackdoorWin32Zegost_53eb28c83ec57b4de2cc7ea6cf1d36f7865b967279335e20629b3bd1d1f44863 { | |
| strings: | |
| $a_2 = { 558ba61533cb07cec4421b0d3049c78c } | |
| $a_3 = { 558b2b04ec6b69c0cec64b37f202096d } | |
| $a_4 = { 558b82266cd9430e5c6e8836e3dc5edf } | |
| $a_5 = { 558b5c0c77a7c505d27192154c9235af } | |
| $a_6 = { 558b658878fa7f74c721e4b7fd595c87 } | |
| $a_7 = { 558bf2a44166e45ec5ef5c279e4e5b10 } | |
| $a_8 = { 558bb025956454c3aab4c82cdd2323a4 } | |
| $a_9 = { 558b813350452fa83a2da6353fea5011 } | |
| $a_10 = { 558bab2faa814a7af6730480d69e1ec0 } | |
| $a_11 = { 558b5d92d2d1e077c077fb0dafdc7a98 } | |
| $a_12 = { 558bf98c58ee2ff372e7fe85c7e6ee08 } | |
| $a_13 = { 558ba545243f3328c5478037ac55ca0e } | |
| $a_14 = { 558bbc8a8fe843dc6c70f745c579028e } | |
| condition: | |
| 11 of them | |
| } | |
| rule BackdoorWin32Zegost_a5a9a6b7978a74596b50dd10c8b1cedcdf6f75b65064d240b6dc56e73e401a24 { | |
| strings: | |
| $a_2 = { 558bec83ec105356578bd99090909090 } | |
| $a_3 = { 558bec6aff6888320010688853011064 } | |
| $a_4 = { 558bec81ec30010000538bd98b0d5013 } | |
| $a_5 = { 558bec6aff684c5a011064a100000000 } | |
| $a_6 = { 558bec81ec4c0400005356578bd99090 } | |
| $a_7 = { 558b6c2410568bf1578b46108b4e448b } | |
| $a_8 = { 558bec6aff68a85d011064a100000000 } | |
| $a_9 = { 558bec81ec0405000053568b750c576a } | |
| $a_10 = { 558bec6aff68e05c011064a100000000 } | |
| $a_11 = { 558bec6aff68d95a011064a100000000 } | |
| $a_12 = { 558bec81ec080100008b4d0856578d85 } | |
| $a_13 = { 558b2db4110010ffd58b4c242083c404 } | |
| $a_14 = { 558b6c240c56578b3dfc11001033db8b } | |
| $a_15 = { 558bec5153568bf18975fc9090909090 } | |
| $a_16 = { 558be956578b550433ff85d2897c2410 } | |
| $a_17 = { 558bec6aff680e5d011064a100000000 } | |
| $a_18 = { 558bec64a1000000006aff68765d0110 } | |
| $a_19 = { 558bd9e814ffffff8b4c24143bc8730a } | |
| $a_20 = { 558bec83ec0856909090909090909090 } | |
| $a_21 = { 558bec51909090909090909090909090 } | |
| $a_22 = { 558bec81ec2c03000056578bf9909090 } | |
| $a_23 = { 558b6c2410568b742410c74500000000 } | |
| $a_24 = { 558bec81ec40010000538bd956578d53 } | |
| $a_25 = { 558bec81ec04050000535657b9410000 } | |
| $a_26 = { 558bec6aff688859011064a100000000 } | |
| $a_27 = { 558bec81ec10020000b8000100008945 } | |
| $a_28 = { 558bec56578b7d0885ff74728b354810 } | |
| $a_29 = { 558b6c2410578b44ae0485c0740950e8 } | |
| $a_30 = { 558bec81ec3c02000056579090909090 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Zehost_813b6abf8108812f17ab86616608cc6dd9f5936946920ab852a59556673b197a { | |
| strings: | |
| $a_2 = { 558bec6aff681893011064a100000000 } | |
| $a_3 = { 558b6c240885ed5674608b3524a00110 } | |
| $a_4 = { 558b6c240c568b742414578b7e048d4e } | |
| $a_5 = { 558bec6aff68f8a20110689c8c011064 } | |
| $a_6 = { 558b2d24a0011056578b7c24148bd957 } | |
| $a_7 = { 558b6c24248b4c24108b5424148d4424 } | |
| $a_8 = { 558be956578b550433ff85d2897c2410 } | |
| $a_9 = { 558b6c241c56578bf15589742414e856 } | |
| $a_10 = { 558bcee80068000089442420b9400000 } | |
| $a_11 = { 558be983c010568d4c241033f6505189 } | |
| $a_12 = { 558be956578b4d34e8cf36ffff8bf046 } | |
| $a_13 = { 558bec6aff6840a20110689c8c011064 } | |
| $a_14 = { 558be933c9568a85110100008bb42418 } | |
| $a_15 = { 558bd153c1e902f3a58bca83e103f3a4 } | |
| $a_16 = { 558b6c241456578b7c2414c6030057c7 } | |
| $a_17 = { 558bec6aff681094011064a100000000 } | |
| $a_18 = { 558b6c241856578b3d10a00110c7450c } | |
| $a_19 = { 558bcbe8630f00005f5e5d5b83c408c2 } | |
| $a_20 = { 558b6c24200fbfc556578d3c808b5c24 } | |
| $a_21 = { 558bec6aff68d8a20110689c8c011064 } | |
| $a_22 = { 558be956578b3d54290210c7450010a2 } | |
| $a_23 = { 558bec6aff683092011064a100000000 } | |
| $a_24 = { 558bec6aff6878a20110689c8c011064 } | |
| $a_25 = { 558b53208b75088bc86a208b7c93108b } | |
| $a_26 = { 558bc8e8672fffffeb0233c06a015353 } | |
| $a_27 = { 558bd9e8c4efffff8b4c24143bc8730a } | |
| $a_28 = { 558b6c2410565755ff1524a001108bf8 } | |
| $a_29 = { 558b6c2410578b44ae0485c0740950e8 } | |
| $a_30 = { 558bec6aff68d891011064a100000000 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Zelug_da5546c8e8458319ca19ef0ebc352ca3dd071528a781812e64f4e74cb428b86f { | |
| strings: | |
| $a_2 = { 558b4104894424248b51088954242866 } | |
| $a_3 = { 558b6c241c535268a863400083c00651 } | |
| $a_4 = { 558bd1565789542418b90001000033c0 } | |
| $a_5 = { 558bec53568b750c83fe037d05be0400 } | |
| $a_6 = { 558bec6aff6888514000684049400064 } | |
| $a_7 = { 558b4104894424208b51088954242466 } | |
| $a_8 = { 558bac24400400008bd9565785ed895c } | |
| $a_9 = { 558b6c240c5633f6573bee8bf977085f } | |
| $a_10 = { 558bcbe83c13000085c00f8481000000 } | |
| $a_11 = { 558bcbe8f014000085c00f8481000000 } | |
| $a_12 = { 558bec6aff6870514000684049400064 } | |
| $a_13 = { 558bec6aff6860514000684049400064 } | |
| $a_14 = { 558bac2438020000b9010000008bc125 } | |
| $a_15 = { 558bcee8c609000085c074668bcee80b } | |
| condition: | |
| 12 of them | |
| } | |
| rule BackdoorWin32Zemac_46b6e20f136d8886bd6487fe46597b307f883edf563e8fbc031c0a96bf504ab0 { | |
| strings: | |
| $a_2 = { 558bec83ec0c680613400064a1000000 } | |
| $a_3 = { 558bec83ec08680613400064a1000000 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Ziyazo_f6e1f835b4087765aba6cc921f8d8a20bf8969f85e1859d2c770fab31139ae42 { | |
| strings: | |
| $a_2 = { 558bec6aff685071400068406e400064 } | |
| $a_3 = { 558bec83ec58535657833df087400000 } | |
| $a_4 = { 558becb814110000e883160000535657 } | |
| $a_5 = { 558becb8e4090200e8934b0000535657 } | |
| $a_6 = { 558b08a1e48740008d5424485250894c } | |
| $a_7 = { 558becb838500000e8b32f0000535657 } | |
| $a_8 = { 558b6c242856578d850004000050e8bb } | |
| $a_9 = { 558bec81ec6c080000535657833df087 } | |
| $a_10 = { 558bec81ec34090000535657833df087 } | |
| $a_11 = { 558becb8e4190000e883390000535657 } | |
| $a_12 = { 558b2dec704000894c24648bc6d3e83b } | |
| condition: | |
| 10 of them | |
| } | |
| rule BackdoorWin32Zombam_05b9842c9a53ba5b5aa7342953b6a9f70bd4b58c440d0399c6e2bfff87fc4281 { | |
| strings: | |
| $a_2 = { 558bd0eeea0d82395f04dd7d038907e8 } | |
| $a_3 = { 558becc70520dfb6ed864f546880eac9 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin32Zonebac_51098e6c0a28411a4119ce2a0c78997d7ebf6f50f19ab4b086ad5ba0601fcb4d { | |
| strings: | |
| $a_2 = { 558b9859836deb77525763ff4cf91b8a } | |
| $a_3 = { 558bec81ec340100fff6b3d6249f610f } | |
| $a_4 = { 558bf719148a0783c60138d0741784c0 } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorWin32Zuza_4a0a7853ba141df5f2442cdc165cb420b9fbb30fdd3db30afbfa5025211e772a { | |
| strings: | |
| $a_2 = { 558bec81ec00020000568b75088d86ff } | |
| $a_3 = { 558bec81ec000200006683a500feffff } | |
| $a_4 = { 558bec81ec1803000053576a4033db59 } | |
| $a_5 = { 558bec83ec54ffe0e8e4ffffff615f5e } | |
| $a_6 = { 558bec51518b450c834df8ff8945fc8d } | |
| $a_7 = { 558bec81ec04040000538b5d0c565753 } | |
| $a_8 = { 558bec81ec8c0c000080a574f3ffff00 } | |
| $a_9 = { 558bec81ec500400005356578b7d0857 } | |
| $a_10 = { 558bec81ec3c020000538b1d44710010 } | |
| $a_11 = { 558bec81ecf404000053565733c08d7d } | |
| $a_12 = { 558bec83ec208d45e050ff15a4700010 } | |
| $a_13 = { 558bec81ecfc00000080659800576a18 } | |
| $a_14 = { 558bec83ec18a18c8a0010535657406a } | |
| $a_15 = { 558bec83ec1453565733db6a045353ff } | |
| $a_16 = { 558bec81ec70030000535657bea88600 } | |
| $a_17 = { 558bec81ecb0010000837d08007d1aff } | |
| $a_18 = { 558bec83ec1c568bf18b0683f8ff7504 } | |
| $a_19 = { 558bec5168148a00106880890010ff15 } | |
| $a_20 = { 558bec83ec18535657ff7508e8e94d00 } | |
| $a_21 = { 558bec81ec04010000538b5d0c565753 } | |
| $a_22 = { 558bec81ec980c00008d8568f3ffff50 } | |
| $a_23 = { 558bec81ec500100005356576a01ff75 } | |
| $a_24 = { 558bec81eca80c00008d8558f3ffff50 } | |
| $a_25 = { 558bec81ec00010000568b7508578d85 } | |
| $a_26 = { 558bec83ec705356578b5d1cff7530ff } | |
| $a_27 = { 558bec53565760ff750c8b450850eb17 } | |
| $a_28 = { 558bec81eca80d00008d8558f2ffff50 } | |
| $a_29 = { 558bec83ec24568b7508576880000000 } | |
| $a_30 = { 558bec83ec2053565733f6683f000f00 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWin32Zxshell_8ca3b6b2ed48f2c341b7ca6af7fcb5d1014961ef75855fe6616600de9ea9a459 { | |
| strings: | |
| $a_2 = { 558b8569d2676824e44107d0a7a0d957 } | |
| $a_3 = { 558b969c330a7c5e97ba6b4c4974496b } | |
| $a_4 = { 558bc84b1567fdfb580878489ea15846 } | |
| $a_5 = { 558b1b672440bd4a815232d9af983dc3 } | |
| $a_6 = { 558b588ac3f56d1d876713f6f0889b02 } | |
| $a_7 = { 558b39fae94f8dbbb1c767acde6ea8ee } | |
| $a_8 = { 558b9e5a9865db5bf7032b54a5fb5c4c } | |
| condition: | |
| 6 of them | |
| } | |
| rule BackdoorWin64Bedep_3ec4ee276bb4b2b507322fadbe57ee000e9175463416690b7dc93625041e03fe { | |
| strings: | |
| $a_2 = { 558b00533d6fff09cc8bc788b486add5 } | |
| $a_3 = { 558ba4ca0f7eb058e77a8747f1f28ec0 } | |
| $a_4 = { 558b8bcc303f89fe88f6b4ce74a37ac6 } | |
| $a_5 = { 558b072c36a399354d9e74afd036f462 } | |
| $a_6 = { 558bbb0d6f323c895975de679e776098 } | |
| $a_7 = { 558b6cdbf7b77e47af1d144e067c25f9 } | |
| $a_8 = { 558b7c37ecd255c9824a6b0f7082ccd7 } | |
| condition: | |
| 6 of them | |
| } | |
| rule BackdoorWin64Hikiti_5f529148509967844dad06afe4f1354a520c7101ffdd098e4896ccae4b4b1ad1 { | |
| strings: | |
| $a_2 = { 558b37ca30df5aaf25bfd9af48a6008e } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWin64Kerlisen_d5e9a040cb4fcd283e41a514c87d32d6b3592a7149d9998d75d50b19d5604669 { | |
| strings: | |
| $a_2 = { 558bec51538b1d3090201c5657680080 } | |
| $a_3 = { 558bec6afe68b871201c68d670201c64 } | |
| $a_4 = { 558bec83ec0c8b55148b4d10568b7508 } | |
| $a_5 = { 558bec83ec3453568b75108bd95733ff } | |
| $a_6 = { 558bec83ec108b4d088b55148365f800 } | |
| $a_7 = { 558bec83ec2453578b7d108955fc894d } | |
| $a_8 = { 558bec83ec1453568bf2578bf98b560c } | |
| condition: | |
| 6 of them | |
| } | |
| rule BackdoorWin64Turla_514b4db0717fb282f8071d55a75b387c053b6d183e2180f5f4e47c34b16d545d { | |
| strings: | |
| $a_2 = { 558becb828400000e89f1b00008b4514 } | |
| $a_3 = { 558bec81ec280200006a5c586a2e8bc8 } | |
| $a_4 = { 558bec83ec1c5356576a6b586a656689 } | |
| $a_5 = { 558becb8b0460000e851190000535657 } | |
| $a_6 = { 558b46246888130000ff7618897dfcff } | |
| $a_7 = { 558bec83ec7cc645944cc645956fc645 } | |
| $a_8 = { 558bec518b4510535733ff6a1489388b } | |
| $a_9 = { 558bec83ec248365f8008365f4008d45 } | |
| $a_10 = { 558bec81ecd0000000e8f6fdffff8bc8 } | |
| $a_11 = { 558bec81ec1808000068bcf04000ff15 } | |
| $a_12 = { 558bec81ec180200006a25586a306689 } | |
| $a_13 = { 558bec83ec208b413c8b4408788b5508 } | |
| $a_14 = { 558becb808000100e8560700008b4508 } | |
| $a_15 = { 558bec83ec78c645b046c645b172c645 } | |
| $a_16 = { 558bec83e4f881ec2c0400005356578b } | |
| $a_17 = { 558bec81ec8c000000c645d043c645d1 } | |
| $a_18 = { 558becb824120000e8636e000066a150 } | |
| $a_19 = { 558bec518365fc00538b5d0c568bf08b } | |
| $a_20 = { 558bec518365fc0053568bf08b462457 } | |
| $a_21 = { 558bec51518365fc0053568bd88d4304 } | |
| $a_22 = { 558becb89c460000e872100000535657 } | |
| $a_23 = { 558becb810200000e8e37500005657c7 } | |
| $a_24 = { 558bec81ecdc000000c645b843c645b9 } | |
| $a_25 = { 558bec81ec080800008b4e1457b80008 } | |
| condition: | |
| 20 of them | |
| } | |
| rule BackdoorWin64UBoatRAT_7b32f401e2ad577e8398b2975ecb5c5ce68c5b07717b1e0d762f90a6fbd8add1 { | |
| strings: | |
| $a_2 = { 558b15ddcf68d66bc88ce60086aaa2bd } | |
| $a_3 = { 558b34a267d5f17684b2934a87d62c72 } | |
| $a_4 = { 558b6a7bd6c798def6150ef29dd48bff } | |
| $a_5 = { 558b672f7b4bcd95543486e496fedad8 } | |
| $a_6 = { 558bda691537dfa9452f23e09cbce0d6 } | |
| $a_7 = { 558b104b5bbdb10aa796170ead9fb592 } | |
| $a_8 = { 558b53f895cf4673805305929695116f } | |
| $a_9 = { 558b1bd6a75c1fbc7fce9b9670a55d3f } | |
| $a_10 = { 558be5ca0e0f36eef7cd565693840b48 } | |
| $a_11 = { 558ba2e6b7a76cb2ad6988079247210d } | |
| $a_12 = { 558b26ab2811b0f6b5a3bf76a76ac9b8 } | |
| $a_13 = { 558bcbf707e0fda203d10f6b401dfe71 } | |
| $a_14 = { 558b8ffc8ca26d9fd439048d48c3a24b } | |
| $a_15 = { 558b961ad6fae05074f8664113bed506 } | |
| $a_16 = { 558ba5fdb89e21f73ee70dd87adcc556 } | |
| $a_17 = { 558b7e501e77bcff65c9d73662451743 } | |
| $a_18 = { 558b8aa81b964c6e97fcd3785810901e } | |
| $a_19 = { 558b839fda1c687e3afe7dec70e6b559 } | |
| $a_20 = { 558ba2b8f36c7dde214034a20c5c2b63 } | |
| $a_21 = { 558b6f7b8f260d9537a2fbd3c197242e } | |
| condition: | |
| 17 of them | |
| } | |
| rule BackdoorWin64Warood_52238d884006a06e363e546dcfa88c1b2cbdadd80c717e415ac26956900f40bf { | |
| strings: | |
| $a_2 = { 558b00004883c4605bc3cccccccccccc } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWinNTFarfli_07d442b977641259c976c86c2d67ee414bf9eb5fdc43412cec066e0b0caa5be8 { | |
| strings: | |
| $a_2 = { 558bec5356e8ba000000e8ef000000e8 } | |
| $a_3 = { 558bec83ec2c5657eb05194529174633 } | |
| $a_4 = { 558bec83ec1056578b7d0883c9ff33c0 } | |
| $a_5 = { 558bec81ec78040000535657e8fc0100 } | |
| $a_6 = { 558bec53565753bb02000000434b5b51 } | |
| $a_7 = { 558bec5356570f8e080000000f8f0200 } | |
| $a_8 = { 558bec81ec100200005333db385d1056 } | |
| $a_9 = { 558bec5356576653665266bb000066ba } | |
| $a_10 = { 558bec81ec0c01000080a5f4feffff00 } | |
| $a_11 = { 558bec535657666066b8000066bb0000 } | |
| $a_12 = { 558bec535657eb0719872901118121eb } | |
| $a_13 = { 558bec5356575152b905000000ba0600 } | |
| $a_14 = { 558bec535657eb071987290111812166 } | |
| $a_15 = { 558bec535657eb0111eb0b80435311fe } | |
| $a_16 = { 558bec515353bb02000000434b5bff75 } | |
| $a_17 = { 558bec5356570f860c0000000f870600 } | |
| $a_18 = { 558bec83ec2c535657e89700000033f6 } | |
| $a_19 = { 558bec535657525366ba040066bb0300 } | |
| $a_20 = { 558bec83ec28535657eb03e85721e8a7 } | |
| $a_21 = { 558bec81ec00010000535657e8650100 } | |
| $a_22 = { 558bec5151834dfcff8d45f8506a006a } | |
| $a_23 = { 558bec83ec2c535657bfb04e01006808 } | |
| $a_24 = { 558bec83ec1c53568b75088d45e45750 } | |
| $a_25 = { 558bec535657eb03e85721525366ba04 } | |
| $a_26 = { 558bec535657e8010000009083042406 } | |
| $a_27 = { 558bec535657eb05194529174653bb02 } | |
| $a_28 = { 558bec53565750b8010000005852ba04 } | |
| $a_29 = { 558bec5350535b586a0068e0200100ff } | |
| $a_30 = { 558bec51515356578b7d0c5733dbe8b9 } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWinNTFesti_17753170350a9573c26793264d46b266c52110b90e2ae6a73457b99d1c99240b { | |
| strings: | |
| $a_2 = { 558bec535657b8e714000050598b5d0c } | |
| $a_3 = { 558bec83ec206a0a8d45e050ff7508e8 } | |
| $a_4 = { 558bec81ec98020000535657515bc1e2 } | |
| $a_5 = { 558becb848400000e8480e0000565751 } | |
| $a_6 = { 558becfcff75148b0de8244100ff7510 } | |
| $a_7 = { 558bec5164ff3500000000588945fc8b } | |
| $a_8 = { 558bec51535657c745fce320400060ff } | |
| $a_9 = { 558bec5151535657b877530000505a33 } | |
| $a_10 = { 558b708948fb954cc0dee167a256da45 } | |
| $a_11 = { 558bec515153ff152030400050e8ce0b } | |
| $a_12 = { 558bec518365fc00565733f6bf923b00 } | |
| $a_13 = { 558bec51535657e8d30e00006a0633d2 } | |
| $a_14 = { 558becff75085a53568bf2b87c120000 } | |
| $a_15 = { 558bec837d100a7521837d08007d1bff } | |
| $a_16 = { 558bec83ec105668a12440008d4df0e8 } | |
| $a_17 = { 558bec515356ff750c5e85f657894dfc } | |
| condition: | |
| 14 of them | |
| } | |
| rule BackdoorWinNTIRCbot_48589e24747a58505e7d9654a3008f8d9fa89b81428b11f25ea2b89f024e147e { | |
| strings: | |
| $a_2 = { 558bec6874670110ff152060011085c0 } | |
| $a_3 = { 558bec8b450883f8fe7518e8ce52ffff } | |
| $a_4 = { 558bec568b7508b870ee01103bf07222 } | |
| $a_5 = { 558bec83ec10ff750c8d4df0e893f8ff } | |
| $a_6 = { 558bec6aff689032400064a100000000 } | |
| $a_7 = { 558bec8bc18b4d08c700386201108b09 } | |
| $a_8 = { 558bec568b750856e8dbdfffff5983f8 } | |
| $a_9 = { 558bec83ec10ff75088d4df0e8aa00ff } | |
| $a_10 = { 558bec8b4508b970ee01103bc1721f3d } | |
| $a_11 = { 558bec83e4c081ecb4030000a1f8e301 } | |
| $a_12 = { 558bec83ec10a1f8e3011033c58945fc } | |
| $a_13 = { 558bec6aff688032400064a100000000 } | |
| $a_14 = { 558bec83ec10a1500702105333db568b } | |
| $a_15 = { 558bec83ec1056ff750c8d4df0e8e250 } | |
| $a_16 = { 558bec83ec0c5356ff15586101108bd8 } | |
| $a_17 = { 558bec833d74eb0110ff744b837d0800 } | |
| $a_18 = { 558bec56578b7d0857e8d23001008bcf } | |
| $a_19 = { 558bec568bf1c70638620110e868ffff } | |
| $a_20 = { 558bec83ec20a1f8e3011033c58945fc } | |
| $a_21 = { 558bec5151535633f6578b3d94fd0110 } | |
| $a_22 = { 558bec8b450833c93b04cd80eb011074 } | |
| $a_23 = { 558bec83ec7ca1f8e3011033c58945fc } | |
| $a_24 = { 558bec8b450885c07515e835d2ffffc7 } | |
| $a_25 = { 558bec538b5d08578b3b66833f0a7509 } | |
| $a_26 = { 558bec83ec58a1f8e3011033c58945fc } | |
| $a_27 = { 558bec51568b750c56e82d3400008945 } | |
| $a_28 = { 558bec64a1000000006aff6838314000 } | |
| $a_29 = { 558bec83ec1056ff750c8d4df0e85651 } | |
| $a_30 = { 558bec5356578b7d0866833f20beac9f } | |
| condition: | |
| 24 of them | |
| } | |
| rule BackdoorWinNTNuwar_a41794f1d5abb6f060b1a9bcdd0fc431f4f13b7e476bbc9b88ad2d17872e24eb { | |
| strings: | |
| $a_2 = { 5589e58b45108700c9c20c005589e58b } | |
| $a_3 = { 5589e58d4d088b09f7d9014d0c8b450c } | |
| $a_4 = { 5589e5b8000000008b4d0c29c88b4d08 } | |
| $a_5 = { 558bcba155b875900138bf29e0ba007a } | |
| condition: | |
| 4 of them | |
| } | |
| rule BackdoorWinNTPcClient_101a11960cd59ce367132e6c43191512a8900c301a159a5c6010dc321a254218 { | |
| strings: | |
| $a_2 = { 558bec8b4d248b452083210083610400 } | |
| $a_3 = { 558bec83ec24538b5d28568b752057ff } | |
| $a_4 = { 558bec568b750c8b466083661c008d4e } | |
| $a_5 = { 558bec515157ff7508e8aeffffff8bf8 } | |
| $a_6 = { 558bec83ec10ff75088d45f050ff157c } | |
| $a_7 = { 558bec83ec38668365c800576a0b33c0 } | |
| $a_8 = { 558bec81c4d0fdffff53e92ef9ffff90 } | |
| $a_9 = { 558bec83ec1853ff75308b5d1cff752c } | |
| $a_10 = { 558bec81ec0801000056576a3f5933c0 } | |
| $a_11 = { 558bec5633f6397508750433c0eb1b56 } | |
| $a_12 = { 558bec83ec24568d4508578945e48d45 } | |
| $a_13 = { 558bec8b4d08e9adf2ffff9000000000 } | |
| condition: | |
| 10 of them | |
| } | |
| rule BackdoorWinNTPfinet_39050386f17b2d34bdbd118eec62ed6b2f386e21500a740362454ed73ea362e8 { | |
| strings: | |
| $a_2 = { 558b8424a000000087014883c1044889 } | |
| $a_3 = { 558b8c24a8000000448b8c2498000000 } | |
| condition: | |
| 2 of them | |
| } | |
| rule BackdoorWinNTPhdet_662bf18b8d778bdd8f995e55e404a719862c81a762dfbb3ecc5274c07e80c281 { | |
| strings: | |
| $a_2 = { 558bec8b450883ec1c8365ec0056578b } | |
| $a_3 = { 558bec56572bff397d100f8e5defffff } | |
| $a_4 = { 558bec51515356e9ff0d00007e8b480c } | |
| $a_5 = { 558bec83ec1053562bdb895df0c745f4 } | |
| $a_6 = { 558bece924f8ffffed5448f3cd180725 } | |
| $a_7 = { 558becff7508e837060000ff750c8bd0 } | |
| $a_8 = { 558bec81ec10010000538b5d08568b73 } | |
| $a_9 = { 558bec51518b450853e9d5f8ffffd9f7 } | |
| $a_10 = { 558bec515153e92df6ffff6466a08a14 } | |
| $a_11 = { 558bdfe833fcffff50e99afeffff7be1 } | |
| condition: | |
| 9 of them | |
| } | |
| rule BackdoorWinNTTofsee_e1f241dc1f288941226c7c21e6c759ab739559a99974dd070ef5bea580fd51ce { | |
| strings: | |
| $a_2 = { 558bee38ea0c7df97a588b038ddbd2fd } | |
| $a_3 = { 558b817b1f3c58676dd46523e20cc769 } | |
| $a_4 = { 558b07853d0d40c832658f27c1dc74a1 } | |
| condition: | |
| 3 of them | |
| } | |
| rule BackdoorWinNTTurla_50edc955a6e8e431f5ecebb5b1d3617d3606b8296f838f0f986a929653d289ed { | |
| strings: | |
| $a_2 = { 558bec83e4f881ecbc0000005356570f } | |
| $a_3 = { 558bec8b551453565733ff33c0c1ea02 } | |
| $a_4 = { 558bec8b4d088a0181ec080100005633 } | |
| $a_5 = { 558bec5185db57bf004000007507b866 } | |
| $a_6 = { 558bec83ec2885d2750ab866005921e9 } | |
| $a_7 = { 558bc68af1896fbacf04baf089319181 } | |
| $a_8 = { 558bec51515333db3bfb750ab8650059 } | |
| $a_9 = { 558bec83ec105356575351525756833d } | |
| $a_10 = { 558bec8b433c83ec1003c3568bb08000 } | |
| $a_11 = { 558bec83ec0c568bf08b413c03c16681 } | |
| $a_12 = { 558bec51a184860a008b483c837c0178 } | |
| $a_13 = { 558bec83ec3053575633c0408b7d1089 } | |
| condition: | |
| 10 of them | |
| } | |
| rule ClnFile_ea582f36d53a3173f1f2832a34ca2500e6ba789aa172315d645630ae05cf306a { | |
| strings: | |
| $a_2 = { 558b0e46e4395b602c7589f70d1c219b } | |
| $a_3 = { 558bbf093c62d9b80c6b222134b771d3 } | |
| $a_4 = { 558b651a13043788213de7340e655069 } | |
| $a_5 = { 558b944532a039b50854c007cd532782 } | |
| $a_6 = { 558b12c0b7dc9134d2cd27fb172fcca5 } | |
| $a_7 = { 558bda3823d1e6c8b2b7b79e873612cb } | |
| $a_8 = { 558b2b19d602c9637a6a46f393d24149 } | |
| $a_9 = { 558b57e160c14901e027d47a8fff70dd } | |
| $a_10 = { 558bf17a9656e8c8d0387468c2c80c52 } | |
| condition: | |
| 8 of them | |
| } | |
| rule ClnFile_f6e9dcd46e0a46c4a68a56577d036c31f7be0ab4fe2287f279b01a2d0d0ab8e7 { | |
| strings: | |
| $a_2 = { 558b84bec8bb24ab8786201a0b34a095 } | |
| $a_3 = { 558b0434aaa97794fef83b11144a96b2 } | |
| condition: | |
| 2 of them | |
| } | |
| rule ClnFile_fb149444cf88cfa674eb6f7ec83cbebc0b9735a00bcc93b4620b7ffbd0c12565 { | |
| strings: | |
| $a_2 = { 558bec81ec0c010000535657e8ef2700 } | |
| $a_3 = { 558bec8b450c0faf451085c07414506a } | |
| $a_4 = { 558bec83ec3833c05657c745e4000000 } | |
| $a_5 = { 558bec83ec40535657ff15d45504108b } | |
| $a_6 = { 558bec81ec08020000565033f6ff1568 } | |
| $a_7 = { 558bec81ec10010000565733ff680301 } | |
| $a_8 = { 558bec83ec1453565733ff33f685c00f } | |
| $a_9 = { 558bec83ec0c538b5d08568b338b86f0 } | |
| $a_10 = { 558bec81ec040100008b450c568b7508 } | |
| $a_11 = { 558bec538b1d6853041056576a28ffd3 } | |
| $a_12 = { 558bec83ec0c8b450c8a08538b5d1456 } | |
| $a_13 = { 558bec83ec605657c745b400000000c7 } | |
| $a_14 = { 558bec53568bf0578b7e0ce8c0ffffff } | |
| $a_15 = { 558bec5356578bf88d47ff8bf183f807 } | |
| $a_16 = { 558bec568b7508e854feffff85c0b8d4 } | |
| $a_17 = { 558bec515333db57385e24750856e84d } | |
| $a_18 = { 558bec568b75088d463933c989088948 } | |
| $a_19 = { 558bec51578b7d0c8d4f0185c97e5b8b } | |
| $a_20 = { 558beca1400f05108b088b5148576820 } | |
| $a_21 = { 558bec81ec10020000833d54b3051000 } | |
| $a_22 = { 558bec568b7508e814feffff85c0b8d4 } | |
| $a_23 = { 558bec538b5d14568b75088b4634578b } | |
| $a_24 = { 558bec5356578bf0837e7400750fe80d } | |
| $a_25 = { 558bec83e4f881ec8808000056576803 } | |
| $a_26 = { 558bec568b750c85f67424578b3da851 } | |
| $a_27 = { 558bec83ec10b8f0ab0510c745f80000 } | |
| $a_28 = { 558bec568b75088b068a402c3c087418 } | |
| $a_29 = { 558bec81ec8800000053568d8578ffff } | |
| $a_30 = { 558bec81ec580100005333db6a408d45 } | |
| condition: | |
| 24 of them | |
| } | |
| rule ConstructorW97MWalrus_830a1b8a540c3e96f9a375da14aecd63bef0b32f9f85fb77d42b695fc6b18985 { | |
| strings: | |
| $a_2 = { 558bc3d89dd332bb358db630cc8fda00 } | |
| $a_3 = { 558b6075572c721bf54eb0f33cabe3ae } | |
| $a_4 = { 558b37c655316acc5a955a95b99e173c } | |
| $a_5 = { 558b91d24ee17c790b9e114c25717a3d } | |
| $a_6 = { 558b28ecec8d4061a28b1115bf04d733 } | |
| condition: | |
| 5 of them | |
| } | |
| rule ConstructorWin32Bifrose_e308e3eba498d4a116dc16f31f1858195fe29723fcbb19a57f5606b96e9cb86d { | |
| strings: | |
| $a_2 = { 558bbe1077e38e6bb452bbd942fd2a60 } | |
| $a_3 = { 558be52f12c13039d647cdd57df7be21 } | |
| $a_4 = { 558be381e2295cb5486dc25c6d7f63f1 } | |
| $a_5 = { 558bec5356578b7d108b5d77effeff0c } | |
| $a_6 = { 558b817a9c93e0413db89f512a9a3525 } | |
| $a_7 = { 558b9f1d01950e663767639b1a74b308 } | |
| $a_8 = { 558b9cbc9a8ff08d06325fc0587a5f76 } | |
| $a_9 = { 558be9c20209ab8fed68dcba9f252830 } | |
| $a_10 = { 558be0c6f988e50d6657f284e6e64f90 } | |
| $a_11 = { 558b17075abe45d9314e0ff653685503 } | |
| $a_12 = { 558b456e680186a03b9516a3072f2306 } | |
| $a_13 = { 558bd5d1f18266667260ce7b7e4ed1d0 } | |
| $a_14 = { 558bc47238dc3f9be1f6b652d9a96c1d } | |
| $a_15 = { 558b7a13a7bfc3d0c55f05fc7d0302c1 } | |
| $a_16 = { 558b3822b4375b40b4b5c3121d1293ff } | |
| $a_17 = { 558b1161dcb1e57a479b855e1bbadd94 } | |
| $a_18 = { 558b31f6c67d0852320bc1c6df9f7614 } | |
| $a_19 = { 558b16305ba4bb7559f814437ddc3ca0 } | |
| $a_20 = { 558bafb642c23e207825be0439f26cad } | |
| $a_21 = { 558b0be59d0a1597344eb73921f05427 } | |
| $a_22 = { 558b600b726e54282fb678eca5c8b8ff } | |
| $a_23 = { 558b14a2edef8637499779f24e3cebe1 } | |
| condition: | |
| 18 of them | |
| } | |
| rule ConstructorWin32Bom_548d1b79d6ef9db49790efa661ec63dfcd87f3b16c5df175fae93804dcb54b5c { | |
| strings: | |
| $a_2 = { 558bec8b45108b5508803f6ff4df7d0c } | |
| condition: | |
| 2 of them | |
| } | |
| rule ConstructorWin32Zbot_d4ada1fa11c2b2849e70898794665e7ed4635951b8a9f012a67f30fb56220d1b { | |
| strings: | |
| $a_2 = { 558bec51568b351c104000578d45fc50 } | |
| $a_3 = { 558bec83ec488b4d088b491c5657894d } | |
| $a_4 = { 558bec83ec1456ff700833f6f6000289 } | |
| $a_5 = { 558bec83ec30f605e033420004568b75 } | |
| $a_6 = { 558bec51535633f646573975147672e8 } | |
| $a_7 = { 558bec83ec2066c745e0232a894de4e8 } | |
| $a_8 = { 558bec83e4f883ec34535657e8d70f00 } | |
| $a_9 = { 558bec5153568bf08a1633c033c95788 } | |
| $a_10 = { 558bec81ec200200005733ff47e8eaab } | |
| $a_11 = { 558bec518b068d4dfc5156ff506885c0 } | |
| $a_12 = { 558bec53568bf08bd9837d0c00760e8b } | |
| $a_13 = { 558bece86943ffff84c0740eff75088b } | |
| $a_14 = { 558bec83ec1c565733ff576a04ff15e8 } | |
| $a_15 = { 558bec83e4f881ecd400000056ff1580 } | |
| $a_16 = { 558bec81ec400100006a066a0056e86c } | |
| $a_17 = { 558bec515153568d45f850c745f80800 } | |
| $a_18 = { 558bec5153568b351c1540006a00578d } | |
| $a_19 = { 558bec83ec14568d75ec0fb7c08bce53 } | |
| $a_20 = { 558bec8b102b550833c983ec0c895040 } | |
| $a_21 = { 558bec83ec1033c0807e04030f82e301 } | |
| $a_22 = { 558bec81ec840400005356576a0833db } | |
| $a_23 = { 558bec83ec105368400000f06a0133db } | |
| $a_24 = { 558bec83ec0c57ff75088d7df4e8d3fe } | |
| $a_25 = { 558bec515332db885dff381f763c560f } | |
| $a_26 = { 558bec83ec1053568b750857e8370700 } | |
| $a_27 = { 558bec8b450883f8ff742885c0742483 } | |
| $a_28 = { 558bec81ec0c0300005356576a0833ff } | |
| $a_29 = { 558bec538b5d1883e30256b800f70484 } | |
| $a_30 = { 558bec83e4f881ec5804000056578bf9 } | |
| condition: | |
| 24 of them | |
| } | |
| rule ConstructorWin32Zegost_80ede85087754c14130dab67ab3b8df0b9187e08735f788e7f510e7eb86be443 { | |
| strings: | |
| $a_2 = { 558b6c240c5685ed570f84e00800008b } | |
| $a_3 = { 558b6c241c508b4424246aff6aff5250 } | |
| $a_4 = { 558b01ff50605f8bc55e5d5b83c40cc2 } | |
| $a_5 = { 558bcee828c407008d5d0657538bcee8 } | |
| $a_6 = { 558bec6aff6820af5b0064a100000000 } | |
| $a_7 = { 558b6c2420568b74242c5783fb038bf9 } | |
| $a_8 = { 558bcbe8280000008d4c2448c7442470 } | |
| $a_9 = { 558be956578d4c2434e8c9c0010033db } | |
| $a_10 = { 558bd9568d442414578d4c241433f650 } | |
| $a_11 = { 558bcbe8263715008b2d10665c008bf8 } | |
| $a_12 = { 558bec833d98ac6100007529ff7514dd } | |
| $a_13 = { 558bec5153578bd96a10e8fdfdffff85 } | |
| $a_14 = { 558bcb89442450e88cfbffff8b959000 } | |
| $a_15 = { 558bcee8db6d0500518bcc8964242068 } | |
| $a_16 = { 558bc8e8cccd0400eb4e68e4000000e8 } | |
| $a_17 = { 558bec6aff6810f65a0064a100000000 } | |
| $a_18 = { 558b6c2440568bf18d44242c8b4d1c57 } | |
| $a_19 = { 558b6c2460568bf1578b46048b168944 } | |
| $a_20 = { 558bcfff52688b7c24108b4424148b4c } | |
| $a_21 = { 558b5c241056578bf98d7340538b471c } | |
| $a_22 = { 558bd95657895c24188944241433f689 } | |
| $a_23 = { 558bd153c1e902f3a58bca83e103f3a4 } | |
| $a_24 = { 558bec568b750868e8285d008bcee847 } | |
| $a_25 = { 558bcee8df0100008d8c249400000051 } | |
| $a_26 = { 558bcee82f6e09008b44245885c00f84 } | |
| $a_27 = { 558be933db8b4c242856573959240f85 } | |
| $a_28 = { 558bec5356578bf1e814e5feff8b4e68 } | |
| $a_29 = { 558bcee8c5dbffff8b542434508b4640 } | |
| $a_30 = { 558bcbc684248400000005e86cfbffff } | |
| condition: | |
| 24 of them | |
| } | |
| rule DDoSLinuxKaiten_00432ae843b63d8417fb534423d516f1c1dbb3a5ef92e38327e236e8dd030681 { | |
| strings: | |
| $a_2 = { 554889e5534881ec181b000089bd2ce5 } | |
| $a_3 = { 554889e5534883ec3848897df0488975 } | |
| $a_4 = { 554889e54883ec20897dfc488975f048 } | |
| $a_5 = { 554889e553bb00c050004883ec08488b } | |
| $a_6 = { 554889e54883ec50eb00c7056ad41000 } | |
| $a_7 = { 554889e548897df8eb2e488b45f848c7 } | |
| $a_8 = { 554889e54883ec60897dbc488975b089 } | |
| $a_9 = { 554889e54881ecf000000089bd2cffff } | |
| $a_10 = { 554889e54881ecd0040000ba00000000 } | |
| $a_11 = { 554889e54883ec2048897de8488975e0 } | |
| $a_12 = { 554889e57410eb38904883c008488905 } | |
| $a_13 = { 554889e54883ec3048897dd80fb605c5 } | |
| $a_14 = { 554889e5534883ec38897de4488975d8 } | |
| $a_15 = { 554889e5534881ec58040000e8785400 } | |
| $a_16 = { 554889e54883ec20897dfc488975f089 } | |
| $a_17 = { 554889e54883ec70897ddc488975d048 } | |
| $a_18 = { 554889e5534881ecd804000089bd6cfb } | |
| $a_19 = { 554889e54883ec70897dac488975a048 } | |
| condition: | |
| 15 of them | |
| } | |
| rule DDoSLinuxLightaidra_49febfd6469d8cdef0de6c8b15e51eec5de39fdf622038d459d797b9702b5786 { | |
| strings: | |
| $a_2 = { 554889e57410eb38904883c008488905 } | |
| $a_3 = { 554889e54883ec1048897df8488b7df8 } | |
| $a_4 = { 554889e5897dec8b45ec8905b0802100 } | |
| $a_5 = { 554889e5534881ec8890000089bd7c6f } | |
| $a_6 = { 554889e5534883ec48c6053c62210000 } | |
| $a_7 = { 554889e5534883ec08488b05987a2000 } | |
| $a_8 = { 554889e54881ec0001000089bd1cffff } | |
| $a_9 = { 554889e54883ec1048897df8eb21488b } | |
| $a_10 = { 554889e5534883ec3848897dd048c745 } | |
| $a_11 = { 554889e5534881ec281000004889bdd8 } | |
| $a_12 = { 554889e54881ecf00000004889bd28ff } | |
| $a_13 = { 554889e5534881ec680400004889bdc8 } | |
| $a_14 = { 554889e548897de848c745f800000000 } | |
| $a_15 = { 554889e54154534881ec90020000c745 } | |
| $a_16 = { 554889e54883ec1048897df88975f448 } | |
| $a_17 = { 554889e54881ecf000000089bd3cffff } | |
| $a_18 = { 554889e54883ec30897dec488975e089 } | |
| $a_19 = { 554889e54883ec3048897de8488975e0 } | |
| $a_20 = { 554889e54883ec4048897dc8668975c4 } | |
| $a_21 = { 554889e54883ec40897dec8975e84889 } | |
| $a_22 = { 554889e54881ecd002000048c745a058 } | |
| $a_23 = { 554889e54881ec10100000c745f80000 } | |
| $a_24 = { 554889e541554154534881ecb8000000 } | |
| $a_25 = { 554889e54883ec4048897dd8488975d0 } | |
| $a_26 = { 554889e54881ecc000000089bd5cffff } | |
| $a_27 = { 554889e54881ec20100000488dbdf0ef } | |
| $a_28 = { 554889e54883ec10c745fc0000000083 } | |
| $a_29 = { 554889e54881ecd0000000488d451048 } | |
| $a_30 = { 554889e54883ec20897dec8b3d24af21 } | |
| condition: | |
| 24 of them | |
| } | |
| rule DDoSLinuxZanich_08fb96c0d2416d855e88c2beb926a265af7e5fdabba98a5dd9cfee5ef2162964 { | |
| strings: | |
| $a_2 = { 5589e58b45088b4d0c8b506885d27507 } | |
| $a_3 = { 5589e583ec14a160d31808895df48b1d } | |
| $a_4 = { 5589e583ec088974240489d689ca891c } | |
| $a_5 = { 5589e583ec08dd4508dd5df88b4df88b } | |
| $a_6 = { 5589e557565389c383ec248b35e4d018 } | |
| $a_7 = { 5589e5578b7d0c5653658b1031c0397d } | |
| $a_8 = { 5589e557565389d381ec400400008b55 } | |
| $a_9 = { 5589e55383ec108b5d0885db7442803b } | |
| $a_10 = { 5589e5568b75085385f674688b466885 } | |
| $a_11 = { 5589e5565383ec048b750889f3eb0c90 } | |
| $a_12 = { 5589e5538b5d0883fbff745c31c0b901 } | |
| $a_13 = { 5589e583ec108b451085c07423894424 } | |
| $a_14 = { 5589e557565383ec188b7508893424e8 } | |
| $a_15 = { 5589e58b4d0866908b154cd4180889d0 } | |
| $a_16 = { 5589e583c480895df48b5d108975f831 } | |
| $a_17 = { 5589e583ec34895df489c38975f889d6 } | |
| $a_18 = { 5589e557565383ec7c8b7d18e8c315fb } | |
| $a_19 = { 5589e583ec10895df88b4d0c8975fc8b } | |
| $a_20 = { 5589e583ec248b450c895df48b5d1089 } | |
| $a_21 = { 5589e583ec18c744241400000000c744 } | |
| $a_22 = { 5589e58b4d10538b5d0cb8c5000000cd } | |
| $a_23 = { 5589e583ec1c895df48b5d088975f88b } | |
| $a_24 = { 5589e557565381ec640200008b3d40d5 } | |
| $a_25 = { 5589e583ec14b890ffffff658b00c744 } | |
| $a_26 = { 5589e5538b5d088b4b088b53048b03e8 } | |
| $a_27 = { 5589e55de977ea080090909090909090 } | |
| $a_28 = { 5589e557565383ec048b7d088b750c89 } | |
| $a_29 = { 5589e583ec18a1c01c180885c0742aa1 } | |
| $a_30 = { 5589e557565383ec088b750881fe40ca } | |
| condition: | |
| 24 of them | |
| } | |
| rule DDoSWin32Darktima_5a725a29c1081d7c54957ae43a24625b958b61c0bef4cbdcc5df29f1cd5272b9 { | |
| strings: | |
| $a_2 = { 558bec83ec3053565733db53ff151840 } | |
| $a_3 = { 558b2d3453410056578b3d8c40410081 } | |
| $a_4 = { 558b2d88404100565768504641006a00 } | |
| $a_5 = { 558bec83ec248d45dc50ff1520404100 } | |
| $a_6 = { 558bec83ec3c53568b3520404100578d } | |
| condition: | |
| 5 of them | |
| } | |
| rule DDoSWin32DepthCharge_f1fee20b7109055cf1990c6c236855d131e9d5c8933cc34f740a35f79551e3ea { | |
| strings: | |
| $a_2 = { 558bec83ec0c68ea64f9ffcfbfa11d50 } | |
| condition: | |
| 2 of them | |
| } | |
| rule DDoSWin32Dofoil_b48ba85312474a08c56f651982c430b7f572f28b105188f57cd68295dd4ac94e { | |
| strings: | |
| $a_2 = { 558bec51608b5d088b7b3c8b7c3b7801 } | |
| $a_3 = { 558bec6a406800300000ff75086a00ff } | |
| $a_4 = { 558bec83c4c8535657be20504000bf84 } | |
| $a_5 = { 558bec83c4f48945f88b45f850ff1518 } | |
| $a_6 = { 558bec538b5d0c8d4508506a106a018b } | |
| condition: | |
| 5 of them | |
| } | |
| rule DDoSWin32Fareit_2d0a1c0d6a414dfc8aa1259f64b216a3c77fbe480bab6c2afaaf1fc8453b0d51 { | |
| strings: | |
| $a_2 = { 558b018b45faf616b1010074ccdbf1bb } | |
| $a_3 = { 558be4ff67e18b338d00508b00e86617 } | |
| $a_4 = { 558b8b8b9cc02c6ccc8b4500dc5e33a3 } | |
| $a_5 = { 558bccc000010049f663f08bff00ccc3 } | |
| $a_6 = { 558b33ff898ba6dfc200000045003c11 } | |
| $a_7 = { 558b8bcc7889f1a1e883cc0071be89f8 } | |
| $a_8 = { 558bec83ec1c5356578d45e450ff152c } | |
| $a_9 = { 558bcc0889006a7878f38e0000cc009d } | |
| $a_10 = { 558bec83ec2c5356578d45f05033f656 } | |
| $a_11 = { 558b004813bb820000894532c678b700 } | |
| $a_12 = { 558b46b01a1a8d008b8385b3766de808 } | |
| $a_13 = { 558bec515356576af868ff8b0000ff15 } | |
| $a_14 = { 558b04ebe028951a8b85dd45ec8bcccc } | |
| $a_15 = { 558bdd629766ed50008b8b10b11fdf00 } | |
| $a_16 = { 558bccf87e13cdff0085cc9582f6c601 } | |
| $a_17 = { 558b39ae40d30008cc006a4d0804a724 } | |
| $a_18 = { 558b0c010000008b28afcd07008945ff } | |
| $a_19 = { 558b01004822410900cc0000458f182a } | |
| $a_20 = { 558bd214b003c08900c700830000c767 } | |
| $a_21 = { 558b3aa41db5ccff0085e9b4577fff00 } | |
| $a_22 = { 558b83e0cc9505552dc7001000ebbfbf } | |
| $a_23 = { 558bec83ec205356578d45e050ff152c } | |
| $a_24 = { 558bcc1533a863b989dd8bcc41664d0d } | |
| $a_25 = { 558b00ffdd450053cac32900cc04003c } | |
| $a_26 = { 558b45cc100f0f08c0da829f03ff0008 } | |
| $a_27 = { 558b00ec1a28937fcc74006a005d854d } | |
| $a_28 = { 558b8b4d8300ff00a4d1c666000800cc } | |
| $a_29 = { 558b5a0174000f8b008bcc7159030400 } | |
| $a_30 = { 558b0083ff000001574ed567ff4d00cc } | |
| condition: | |
| 24 of them | |
| } | |
| rule DDoSWin32Flusihoc_539aa40d760331ed48f83e9c03750337dd10f78b91d7b496ff8b6d388c9a48d2 { | |
| strings: | |
| $a_2 = { 558bec83e4f881ec84bffb6f4d4ca102 } | |
| $a_3 = { 558b40143d2005931974153d21063e11 } | |
| $a_4 = { 558b8e64247d2e5cda4e6c28eceb44e9 } | |
| $a_5 = { 558b0aebab12df0d2ddb03c0817d06cc } | |
| condition: | |
| 4 of them | |
| } | |
| rule DDoSWin32Horst_8125d4287ae4014368fe60814de7f7bbab043b70b6868566ab3200b5f7b2b156 { | |
| strings: | |
| $a_2 = { 558b8d83857b6d73a59b9d93958bbdc3 } | |
| $a_3 = { 558b284b5bf68813c835bdb377526a4e } | |
| $a_4 = { 558b8d31cdcd9f0deca69dd1dfc461de } | |
| condition: | |
| 3 of them | |
| } | |
| rule DDoSWin32Nitol_06419554fa5002a3467d07198e8d7bc1e9b92d91c1c62102cdf19f6ac4622f7c { | |
| strings: | |
| $a_2 = { 558bec81ec8403000053568b35546040 } | |
| $a_3 = { 558bec81ec1c01000053568b35546040 } | |
| $a_4 = { 558bec6aff6860614000685039400064 } | |
| $a_5 = { 558bec6aff6870614000685039400064 } | |
| $a_6 = { 558bec83ec0c53568b355460400057bb } | |
| $a_7 = { 558bec81ec3401000053568b35546040 } | |
| $a_8 = { 558bec81ec04010000538b5d105633f6 } | |
| $a_9 = { 558be985f674075756e8f8fdffff5753 } | |
| $a_10 = { 558b6c2410568b742410c74500000000 } | |
| $a_11 = { 558bec83ec0c5333db56536880000000 } | |
| $a_12 = { 558bec81eca80900005356578b3d5460 } | |
| $a_13 = { 558bec6aff6880654000685039400064 } | |
| $a_14 = { 558bec81ecd800000053568b35546040 } | |
| $a_15 = { 558bec83ec405356576a0f59be847740 } | |
| $a_16 = { 558bec6aff6850614000685039400064 } | |
| $a_17 = { 558bec83ec0c8d450c6a04506a0868ff } | |
| condition: | |
| 14 of them | |
| } | |
| rule DDoSWin32Resod_e3746544ac219e1d9744644283bf12a861d871aa7fcec690b54facc93656e379 { | |
| strings: | |
| $a_2 = { 558be9565722a68b193e7668046d04dd } | |
| condition: | |
| 2 of them | |
| } | |
| rule DDoSWin32UDPFlood_c7244f1ce08a89b4f9535d2a5e950566a74a5fc9d0b8ea02fdf445b99eb6d284 { | |
| strings: | |
| $a_2 = { 558bec83ec54ff7508e80202000085c0 } | |
| $a_3 = { 558bec81ec4c01000053568b750c8d85 } | |
| $a_4 = { 558bec83ec30a17c354000566a308945 } | |
| $a_5 = { 558bec83ec10ff750c66c745f00200e8 } | |
| $a_6 = { 558bec515153b800010000bb94354000 } | |
| $a_7 = { 558bec6aff683021400068601f400064 } | |
| $a_8 = { 558bec518365fc00536850314000ff75 } | |
| $a_9 = { 558bec51518b4508c745f808000000a3 } | |
| condition: | |
| 7 of them | |
| } | |
| rule DoSLinuxElknot_529934ce12383348afea55e91f16a0bba36afaf9c22ac492642502d0fc48ad92 { | |
| strings: | |
| $a_2 = { 5589e553e820e6ffff81c3838d0a0083 } | |
| $a_3 = { 5589e583ec288b45148975fc8b4d0c89 } | |
| $a_4 = { 5589e583ec1c897dfc8b7d088975f889 } | |
| $a_5 = { 5589e557565383ec2c31c90fbe7d208b } | |
| $a_6 = { 5589e55383ec14e8fde7ffff81c3608f } | |
| $a_7 = { 5589e55756538d4a2081ecd801000083 } | |
| $a_8 = { 5589e55383ec148b5d088b0385c07518 } | |
| $a_9 = { 5589e55383ec148b5d088b0385c07519 } | |
| $a_10 = { 5589e58b4508c700a81313085de998dc } | |
| $a_11 = { 5589e58b4514578b4d08bfe0c5110856 } | |
| $a_12 = { 5589e557565383ec4c0fb655140fb645 } | |
| $a_13 = { 5589e58b55088b4d0c8b45108a0039ca } | |
| $a_14 = { 5589e557565383ec048b5d088b7d0c89 } | |
| $a_15 = { 5589e557565383ec1c8b75088b5d0c0f } | |
| $a_16 = { 5589e58b45088b008945085de9ef7102 } | |
| $a_17 = { 5589e583ec08e845000000e8b0000000 } | |
| $a_18 = { 5589e557565383ec3c8b450c8b400889 } | |
| $a_19 = { 5589e583ec08803d703d160800740b8b } | |
| $a_20 = { 5589e5b80000000085c07409896d0cc9 } | |
| $a_21 = { 5589e5565383ec148b5d086a018d4338 } | |
| $a_22 = { 5589e58b450c8b5508538b5d108b4d14 } | |
| $a_23 = { 5589e557565383ec248b451485c00f84 } | |
| $a_24 = { 5589e557565383ec288945cc8b480485 } | |
| $a_25 = { 5589e557565381eccc0000008b45148b } | |
| $a_26 = { 558b8570ffffff034584894720e911ff } | |
| $a_27 = { 5589e557565383ec0c8b7d088b1f39df } | |
| $a_28 = { 5589e553e8c0fdffff81c323a50a0083 } | |
| $a_29 = { 5589e55789c75689d683ec208b500c0f } | |
| $a_30 = { 5589e557565383ec0c8b7d0c8b751090 } | |
| condition: | |
| 24 of them | |
| } | |
| rule DoSLinuxXorddos_130683dbd51315c58f9558d0955feb9d288206ab56abab9322dd92bd29c2d0fc { | |
| strings: | |
| $a_2 = { 5589e557565381ec240100008b5d088b } | |
| $a_3 = { 5589e5c16510025de98306feff909090 } | |
| $a_4 = { 5589e55383ec088b5d088b53043b530c } | |
| $a_5 = { 5589e583ec1c897dfc8b7d088975f889 } | |
| $a_6 = { 5589e583ec10895df48b4d08bb150000 } | |
| $a_7 = { 5589e58b45088b480483c1308b1185d2 } | |
| $a_8 = { 5589e557565383ec0ce822a1010085c0 } | |
| $a_9 = { 5589e5538b5d08c7050cd40c08000000 } | |
| $a_10 = { 5589e58b45088b48088b502c8120fffe } | |
| $a_11 = { 558b85c0feffff8b95b8feffff8b8dc4 } | |
| $a_12 = { 5589e557565381eca40100008b750885 } | |
| $a_13 = { 5589e58b14028b45085d8b448240c390 } | |
| $a_14 = { 5589e55383ec24c7442404000000008d } | |
| $a_15 = { 5589e581ec880000008d4594ba640000 } | |
| $a_16 = { 5589e583ec108b451085c07423894424 } | |
| $a_17 = { 5589e557565383ec248b0d50050d0881 } | |
| $a_18 = { 5589e55d65a108000000c39090909090 } | |
| $a_19 = { 5589e55789d75689c65383ec44c70424 } | |
| $a_20 = { 5589e58b450c8b5508538b5d108b4d14 } | |
| $a_21 = { 5589e583ec1c8975fc8b7508895df88b } | |
| $a_22 = { 5589e55381ecf4000000e89d2a000089 } | |
| $a_23 = { 5589e583ec0c8d450883c004c7442408 } | |
| $a_24 = { 5589e55781ecc4000000c745ec000000 } | |
| $a_25 = { 5589e58b4d10538b5d0cb8c5000000cd } | |
| $a_26 = { 5589e583ec1c895df48b5d088975f88b } | |
| $a_27 = { 5589e583ec348b55188b4510897dfc8b } | |
| $a_28 = { 5589e583ec0ce8657ffeff8b4508c744 } | |
| $a_29 = { 5589e557565383ec508b4d0c8b750c8b } | |
| $a_30 = { 5589e5538b5d088b4b088b53048b03e8 } | |
| condition: | |
| 24 of them | |
| } | |
| rule DoSPerlUDPFlood_c3a46c35165d1894ca7a29946344f9eb19b864ec98e837b9b69b6a537613a074 { | |
| strings: | |
| $a_2 = { 558bec5151538d45f850ff1558aa4300 } | |
| $a_3 = { 558bec5633f6833d80884500027d2d8b } | |
| $a_4 = { 558bec83ec10837d08007514e83d9eff } | |
| $a_5 = { 558bec5de9653b00008bff558bec5de9 } | |
| $a_6 = { 558bec51a1808845008b4d08565783f8 } | |
| $a_7 = { 558bec83ec20a1b8a1430033c58945fc } | |
| $a_8 = { 558beca1d48d450085c074106a00ff75 } | |
| $a_9 = { 558bcee88adbffff84c00f849b050000 } | |
| $a_10 = { 558bec5151a1b8a1430033c58945fc53 } | |
| $a_11 = { 558bec51a1b8a1430033c58945fc578b } | |
| $a_12 = { 558becb80c200000e8b8370000803d18 } | |
| $a_13 = { 558becb810140000e8cf03ffffa1b8a1 } | |
| $a_14 = { 558bf7e8be840100595985c0753c83c7 } | |
| $a_15 = { 558beca1b8a1430083e01f6a20592bc8 } | |
| $a_16 = { 558bec51568b750883fefe750de8508e } | |
| $a_17 = { 558bec83ec1c8d4de453ff7510e80def } | |
| $a_18 = { 558bec568b75080fbe0650e8e0120000 } | |
| $a_19 = { 558bec51a1b8a1430033c58945fc5668 } | |
| $a_20 = { 558bec568b750c8b063b05f88d450074 } | |
| $a_21 = { 558bec6b450818050890450050ff15cc } | |
| $a_22 = { 558becb800200000e8355101008b4508 } | |
| $a_23 = { 558bec8b4d0833c03b0cc5a023430074 } | |
| $a_24 = { 558bec81ec000200008d8500ffffff53 } | |
| $a_25 = { 558bcfe87b77ffffc1e80c8bcf0fb6c0 } | |
| $a_26 = { 558bec5668541a4300684c1a43006854 } | |
| $a_27 = { 558bec64a1000000008bd16aff68a1f0 } | |
| $a_28 = { 558bec8b4d0c568b7508890ee8142400 } | |
| $a_29 = { 558bec83ec10ff750c8d4df0e853b1ff } | |
| $a_30 = { 558becff7508e85bfbffff595dc3566a } | |
| condition: | |
| 24 of them | |
| } | |
| rule DoSWin32Delf_1d9ea1522b19b2d3bbcdb4eff05bd47a65428d58e858ce4c783daa1e620c8303 { | |
| strings: | |
| $a_2 = { 558bec83c4f88945fc833d900c480000 } | |
| $a_3 = { 558bec83c4f88955f88945fcb2018b45 } | |
| $a_4 = { 558bec83c4f88945fc833d500c480000 } | |
| $a_5 = { 558bec8b45088b40f4e8f20d0000a110 } | |
| $a_6 = { 558bec83c4e05333c9894df08955f889 } | |
| $a_7 = { 558bec535657a1f0094800e88874ffff } | |
| $a_8 = { 558bec33c9515151515356578bd8bf64 } | |
| $a_9 = { 558bec33c05568b1b8420064ff306489 } | |
| $a_10 = { 558bec33c055687e24440064ff306489 } | |
| $a_11 = { 558bec83c4f88955f88945fc8b45fc66 } | |
| $a_12 = { 558bec83c4dc538955f88945fc33c089 } | |
| $a_13 = { 558bec33c055681553410064ff306489 } | |
| $a_14 = { 558bec33c055683168400064ff306489 } | |
| $a_15 = { 558bec33c05568797d460064ff306489 } | |
| $a_16 = { 558bec83c4f8e8c928faff8855fb8945 } | |
| $a_17 = { 558bec83c4f453668955fa8945fc8b45 } | |
| $a_18 = { 558bea8bf88bc7e8b5c0ffff8bf0bb01 } | |
| $a_19 = { 558bec83c4f88945fc8b45fc50e81ec0 } | |
| $a_20 = { 558bec33c05568001e460064ff306489 } | |
| $a_21 = { 558bec51538945fc33c9b2018b45fc8b } | |
| $a_22 = { 558bec6a005333c055685ac9470064ff } | |
| $a_23 = { 558bec83c4f48955f8668945fe833d28 } | |
| $a_24 = { 558bec8b450883c00450e805b2ffff5d } | |
| $a_25 = { 558beca118f74700e8fba3ffff5dc204 } | |
| $a_26 = { 558bec83c4f88945fc8b45fcf6401c10 } | |
| $a_27 = { 558bec81c4e0feffff538955f88945fc } | |
| $a_28 = { 558bec6a0033c0556832ac460064ff30 } | |
| $a_29 = { 558bec33c05568137d450064ff306489 } | |
| $a_30 = { 558bec53568b5d088d430450e8f7b1ff } | |
| condition: | |
| 24 of them | |
| } | |
| rule DoSWin32Doraah_373e2142b993311426eee8fd5cf9fd740e1dbcae4a49d2b5d23a117efe8062cf { | |
| strings: | |
| $a_2 = { 558bec83c4f4538bd852e871a3ffff89 } | |
| $a_3 = { 558bec8b55088b52fc80ba1c02000001 } | |
| $a_4 = { 558bec51538bd8516a02a1bce34000b1 } | |
| $a_5 = { 558bec6a005356578bd833c055680696 } | |
| $a_6 = { 558bec6a00538bd833c05568bebd4200 } | |
| $a_7 = { 558bec83c4f4a120c64600e8f046ffff } | |
| $a_8 = { 558bec538bd88b4508508bc3e89fadff } | |
| $a_9 = { 558bece8acf2ffff31c9556878364000 } | |
| $a_10 = { 558bec81c4f4fbffff535657668955fa } | |
| $a_11 = { 558bec83c4f85356578bf98bf28bd880 } | |
| $a_12 = { 558bea8bf08bc5e8a99afcffbb010000 } | |
| $a_13 = { 558bec8b45088b40f08b15f03c4200e8 } | |
| $a_14 = { 558bea8bf88bc7e81dbfffff8bf0bb01 } | |
| $a_15 = { 558bec83c4dc535657894df88bda8945 } | |
| $a_16 = { 558bec33c05568ad7e460064ff306489 } | |
| $a_17 = { 558bec33c05568c586460064ff306489 } | |
| $a_18 = { 558bec6a006a00538bd833c055682122 } | |
| $a_19 = { 558bec83c4d85356578b450ce85b04ff } | |
| $a_20 = { 558bec53568bf18bd866a1cc90430066 } | |
| $a_21 = { 558bec51535684d2740883c4f0e8f2d8 } | |
| $a_22 = { 558bec8b45088b40fce8a2feffff85c0 } | |
| $a_23 = { 558bec84d2740883c4f0e86141ffff89 } | |
| $a_24 = { 558bec5356578bf98bf28bd8833d44e8 } | |
| $a_25 = { 558bda8be88bc5e899b2000084c0743a } | |
| $a_26 = { 558bec833d2ce7460000740e8b450850 } | |
| $a_27 = { 558bec33c055687dec410064ff306489 } | |
| $a_28 = { 558bec51535684d2740883c4f0e8aa3e } | |
| $a_29 = { 558bec33c05568c1e9450064ff306489 } | |
| $a_30 = { 558bec51535684d2740883c4f0e85208 } | |
| condition: | |
| 24 of them | |
| } | |
| rule DoSWin32Fedup_7a2741930e86741de97e9032c5ef7b2c5db85902aa1a547dec68bbb64babe828 { | |
| strings: | |
| $a_2 = { 558bec515356578945fc33c0556818be } | |
| $a_3 = { 558bec53565733c05568ffdb400064ff } | |
| $a_4 = { 558be8a1b4064300e8784700008bd84b } | |
| $a_5 = { 558bec6a0033c055684680400064ff30 } | |
| $a_6 = { 558bec51538bda8945fc8b45fce84af4 } | |
| $a_7 = { 558bec53568b7508c606016683b88e00 } | |
| $a_8 = { 558bec33c05568c777410064ff306489 } | |
| $a_9 = { 558bec6a0033c055684a75410064ff30 } | |
| $a_10 = { 558bec5153884dff6683786e0074188a } | |
| $a_11 = { 558bec33c05568bd79410064ff306489 } | |
| $a_12 = { 558b83b800000050e81f92feff89460c } | |
| $a_13 = { 558bec535657bfdc064300833f00756c } | |
| $a_14 = { 558bec8b55088b52fc8b5228e8c3fdff } | |
| $a_15 = { 558bec53565733c05568fcda400064ff } | |
| $a_16 = { 558bec53565784d2740883c4f0e8665e } | |
| $a_17 = { 558bec33c055684d93400064ff306489 } | |
| $a_18 = { 558bf8bdc40543008b45008b58084b83 } | |
| $a_19 = { 558bec538b5d083b1decf64200744aa1 } | |
| $a_20 = { 558bec51535684d2740883c4f0e8e247 } | |
| $a_21 = { 558bec53568bf033dbe84e9cffff8b15 } | |
| $a_22 = { 558bec53565733c0556871db400064ff } | |
| $a_23 = { 558bec5356578bf98bf28bd88bc6e8c5 } | |
| $a_24 = { 558bec5356578bf98bf28bd88bc3e815 } | |
| $a_25 = { 558bec6a00538bd833c05568a9ba4000 } | |
| $a_26 = { 558bec51535657894dfc8bf28b550885 } | |
| $a_27 = { 558bec51535684d2740883c4f0e80e97 } | |
| $a_28 = { 558bec83c4f85356578945fca110f042 } | |
| $a_29 = { 558bfa8bf0803d9405430000746d8bc6 } | |
| $a_30 = { 558bf28bd833ff8bc3e8cbb7ffff508b } | |
| condition: | |
| 24 of them | |
| } | |
| rule DoSWin32Small_44b38dd436a688c414db1c4b57712e4a8e164e0aabca7d019487da7e8e5dc829 { | |
| strings: | |
| $a_2 = { 558bec83ecfdb70b977945086145e802 } | |
| $a_3 = { 558bec83c4f483c40c50e90df3000000 } | |
| condition: | |
| 2 of them | |
| } | |
| rule DTVMP32_ec1b8fcd78f7050ea33a653a72604b88e2efd3d9bb0774b22450d7564c001d1d { | |
| strings: | |
| $a_2 = { 558bec6aff686810610068f4744c0064 } | |
| $a_3 = { 558bcee840650b0083f8010f858dfeff } | |
| $a_4 = { 558bec6aff6878334e0064a100000000 } | |
| $a_5 = { 558b6c240c56576aff8b45008bb59c01 } | |
| $a_6 = { 558bec6aff68b8134e0064a100000000 } | |
| $a_7 = { 558bec81ec54000000684c000000e8b9 } | |
| $a_8 = { 558b2de4754e0056576a006a006a006a } | |
| $a_9 = { 558b6c247456578b45008b5d088b7504 } | |
| $a_10 = { 558bec6aff68b80b610068f4744c0064 } | |
| $a_11 = { 558bec5151dd4508dc1da83a600056df } | |
| $a_12 = { 558bec83ec10576a08e839200000833d } | |
| $a_13 = { 558bec83ec6053568bf1578975f8e853 } | |
| $a_14 = { 558bec83ec088b45143d010400807737 } | |
| $a_15 = { 558bec8be55dc3558beceb10564d5072 } | |
| $a_16 = { 558bec6aff6890104e0064a100000000 } | |
| $a_17 = { 558bec81ec48000000c745fc00000000 } | |
| $a_18 = { 558b2da4764e0056578bf96a01538b47 } | |
| $a_19 = { 558bec81ec600000006838000000e81f } | |
| $a_20 = { 558bec81eca4000000c745fc00000000 } | |
| $a_21 = { 558bec51833df5c663000053751d8b45 } | |
| $a_22 = { 558bec81ec040000008b45088b5d0c3b } | |
| $a_23 = { 558bec6aff68e8424e0064a100000000 } | |
| $a_24 = { 558bec535657556a006a006824c84a00 } | |
| $a_25 = { 558bec8b4508506a008b0dac5b650051 } | |
| $a_26 = { 558bcee8ceb2fdff8b6c2414892f8b0b } | |
| $a_27 = { 558bece8559dfeff8be55dc20c005657 } | |
| $a_28 = { 558bec5153568bf1578b4e688d86d800 } | |
| $a_29 = { 558bec81ec4c000000db4508dd5df8dd } | |
| $a_30 = { 558bec81ec24000000c745fc00000000 } | |
| condition: | |
| 24 of them | |
| } | |
| rule ExploitAndroidOSCVE20111823_e153de081f0cb26a219b1d6230f7b362c360423078059a540ae6bfd39dee40e9 { | |
| strings: | |
| $a_2 = { 558bcb1bab207fd3543db27017e4e55c } | |
| $a_3 = { 558b7953c5ce8df4757b362c08d7953a } | |
| $a_4 = { 558b5cc7f97a0c57c7730fb03e32c2d5 } | |
| $a_5 = { 558b9f646c64019697c305de0496bdbc } | |
| $a_6 = { 558b18b91c66f9defb98e072891dd055 } | |
| $a_7 = { 558b5af3c1af668ee4f329c1f1d90cd9 } | |
| $a_8 = { 558b9bc2c56691247797e726cc5c9776 } | |
| $a_9 = { 558be6ea2a34e12f7c2c8fea602c18e1 } | |
| $a_10 = { 558ba4e715ee39a83c0caeb807a35806 } | |
| $a_11 = { 558b065aec41e079d6bfc93accf89e68 } | |
| $a_12 = { 558b6b3b4b66df56aabd4c8fe6e1431e } | |
| $a_13 = { 558bc1dc67d81b76c00d8db20bb0f666 } | |
| $a_14 = { 558bf2c0624093f65005864285310e20 } | |
| $a_15 = { 558b0ebd77d2b9cb7fd9c09bfb822f74 } | |
| $a_16 = { 558b069699d87b47af328fb22a598151 } | |
| $a_17 = { 558b1eaefbda408eefa164e4dd69d7c2 } | |
| $a_18 = { 558b5c7d0ac8e9041309ecbd12db4670 } | |
| $a_19 = { 558b50cd535ae9f1280f6959fdd1ac00 } | |
| $a_20 = { 558b5bd284e13563bf777bea78047746 } | |
| $a_21 = { 558b9af306efeb0e136a579682744549 } | |
| $a_22 = { 558b1c3cda4282582b18b49169980298 } | |
| $a_23 = { 558b758d4abffbbf91a04143656fa23d } | |
| $a_24 = { 558bda8befdf7a48b19d673752d15a4d } | |
| $a_25 = { 558bcb03ac0d22d60aa5c39d48a5ad14 } | |
| $a_26 = { 558b222953bd16ac0f41606199ebd3b3 } | |
| $a_27 = { 558b2d169877407f25ea7798ed9987dd } | |
| $a_28 = { 558be246c8c28c88b9e72f3e31842f2d } | |
| $a_29 = { 558b08de6d89774d081afa164c8dc1cc } | |
| $a_30 = { 558b1f581adb69b90e1eb8d36b5cf7d7 } | |
| condition: | |
| 24 of them | |
| } | |
| rule ExploitAndroidOSLotoor_dd4a1e86f04a3203da6ad8443991fd48f5782c4041e6421a5ec7d15b248407ca { | |
| strings: | |
| $a_2 = { 558beff96cf6b6324cd788ec31688d1e } | |
| $a_3 = { 558b845100764b75fab282dc0b761da5 } | |
| condition: | |
| 2 of them | |
| } | |
| rule ExploitHTMLCodeBaseExec_43e349198f16b30e30a76ca30461fa94a33a2fc5ac1ec039480aeaa7d1aa3c99 { | |
| strings: | |
| $a_2 = { 558b8c4ba1d1a1d67bc8f12282b8006e } | |
| $a_3 = { 558be44d4ca4dbb62ea316c6945e5cee } | |
| $a_4 = { 558b278bcae705821652d4aafbb8df74 } | |
| $a_5 = { 558b85e80a0d37ad6d53711e70bad6af } | |
| $a_6 = { 558b4bc5c8c45e21072b781fe4d389f2 } | |
| $a_7 = { 558b064ee6fe07cb0f2c36516c151de6 } | |
| $a_8 = { 558bec6aff683024410068e0b5400064 } | |
| $a_9 = { 558bf00d9a18dc2c99156d54535d3c0a } | |
| $a_10 = { 558bec6aff685824410068e0b5400064 } | |
| $a_11 = { 558b7522f146aab0f9772d62987684e2 } | |
| $a_12 = { 558b0c94f53d92ed9dde6d6f0c65d7be } | |
| $a_13 = { 558b9055cb23b0a1ff6bedfc5d9b8aa2 } | |
| $a_14 = { 558bcb184d63a89ca79527f58736c6ef } | |
| $a_15 = { 558bec6aff684024410068e0b5400064 } | |
| $a_16 = { 558be43498619be63710e75b4a7e34f8 } | |
| $a_17 = { 558b82f4e203d1b08b1d122b9d7ffbbb } | |
| $a_18 = { 558bc8c176dc9f862f5ab85a360bdcf6 } | |
| $a_19 = { 558bec535657556a006a0068b0834000 } | |
| $a_20 = { 558b6746c7616f4185dc588e54387169 } | |
| $a_21 = { 558b0f1697160af5d09b092c1f08af0f } | |
| $a_22 = { 558b29c82e0eb9022e080dd9e87cb549 } | |
| $a_23 = { 558b5a0fab979f3d5526715dbd37becf } | |
| $a_24 = { 558bcfa1848c2a852c0401ad94fedc61 } | |
| $a_25 = { 558bec6aff68f823410068e0b5400064 } | |
| $a_26 = { 558b2469b79c2983c25537578cec1ae4 } | |
| $a_27 = { 558b0070f26a2bab30580f061b7a0cf3 } | |
| $a_28 = { 558b607eb280c0eecedeae5ab25e8c8f } | |
| $a_29 = { 558bc957177ee4f3825e97ff50edc028 } | |
| $a_30 = { 558b17139f94eeb8732d30b2f5c07fa5 } | |
| condition: | |
| 24 of them | |
| } | |
| rule ExploitiPhoneOSPidief_c0201ea7f66e7190b5d498b793464808347f3e1aa4a3c34bccfb9d5793cb7bcc { | |
| strings: | |
| $a_2 = { 558bf410e265440bfcda093cb742884b } | |
| condition: | |
| 2 of them | |
| } | |
| rule ExploitJavaCVE20120507_2d723ad7039c4e4b378826ddc7fd5326ce3e3e0590588b1580eaf344e78bf960 { | |
| strings: | |
| $a_2 = { 558b9436351eacc034c5734a9bae984e } | |
| condition: | |
| 2 of them | |
| } | |
| rule ExploitJavaCVE20124681_dbfcfbdce2a8694c7bd8f02346d4faff2865e3089522b9fb7ae4ecbc7540a139 { | |
| strings: | |
| $a_2 = { 558b55aa36aa546d54e568a36a8265f1 } | |
| $a_3 = { 558b3348b1bc7bc6f2b75abe052b490c } | |
| $a_4 = { 558bae2749d5a0eb455255b1106a29b3 } | |
| $a_5 = { 558beead98a28d20f884e7185be09741 } | |
| $a_6 = { 558b5038a2bc3bd118042a916ae758dc } | |
| $a_7 = { 558baa0fe323f82856c3ea58031fb326 } | |
| $a_8 = { 558b33c3e1a4f7f52c37efb3fe41f49b } | |
| $a_9 = { 558bf965ade15bc4fd9a613f84efa79c } | |
| $a_10 = { 558b6a1735d6c46be295c14a66da9301 } | |
| $a_11 = { 558b511120e5f1db4d2055438764e82e } | |
| $a_12 = { 558bfb6da3ce4ce3e5536ee94d1db8dd } | |
| $a_13 = { 558ba51dd05956b7fe728adb01c5f7fb } | |
| $a_14 = { 558bd59f7132fc55cbdb01e34fcfc499 } | |
| $a_15 = { 558ba962fc83d83da3ed3a67dc51740e } | |
| $a_16 = { 558b3da84b9165daee832769be7a13ab } | |
| $a_17 = { 558b5f6eff25c6248ec17999e78535d1 } | |
| $a_18 = { 558bb8cef0782325661dfa21360eae59 } | |
| $a_19 = { 558bb0774da46dca18f7ddaeb06408d6 } | |
| $a_20 = { 558bccc3176b65d6b3a4a857b018d69d } | |
| $a_21 = { 558b40369a4cfc854d8af9b7ed54ad6a } | |
| $a_22 = { 558b52b968fcd5f9fd8f59aa96c472a8 } | |
| $a_23 = { 558b20ac32f2843894ead756c02fee00 } | |
| $a_24 = { 558b1af8853d3a6f586bbba95de4eb5a } | |
| $a_25 = { 558b54b6caac17ddcb447d081620bfef } | |
| $a_26 = { 558b3dbe4d6305bbfb7ca90ef27941d5 } | |
| $a_27 = { 558ba1c62aff32bf1159afab3b4b197a } | |
| $a_28 = { 558b6207f54d18b2ae71a1dd91c1661c } | |
| $a_29 = { 558bd4b92aea3f9f449c8223177eb89b } | |
| $a_30 = { 558b57ae5cb3f4dafa856fe93f3df3bc } | |
| condition: | |
| 24 of them | |
| } | |
| rule ExploitJavaCVE20131493_4141d12d79316a9b0c531a919040c0ca12536305bda492ac147e675a1803d2e3 { | |
| strings: | |
| $a_2 = { 558bd7ab8c8a568b35a0f80010578b56 } | |
| $a_3 = { 558bec83ec408b450cb0f2568c0c8b02 } | |
| $a_4 = { 558b2d22d834015633f66c97ab685125 } | |
| $a_5 = { 558b2d98700010565733db080cee263b } | |
| $a_6 = { 558b6c240c741807c533d257cc8cd954 } | |
| $a_7 = { 558bec83ec208b450cb2bf25524df88b } | |
| $a_8 = { 558bec83ec20c745f83afaddd98b450c } | |
| $a_9 = { 558b2d447000107e40a103e1dcc98b3d } | |
| $a_10 = { 558b4c24088b12719cc5508b411850e8 } | |
| $a_11 = { 558bec81ec140500008d45ec6daa22ec } | |
| $a_12 = { 558bec6aff68338bddc9689c41001064 } | |
| $a_13 = { 558bec83ec108b4d33a98b52750c8b41 } | |
| $a_14 = { 558bec518b4d088b551068ac56a80457 } | |
| $a_15 = { 558becba16c9dd000053565733ff397d } | |
| $a_16 = { 558b0d53b2df8d706402025683fb0b57 } | |
| $a_17 = { 558becb816d18a8365f80056578b7d08 } | |
| $a_18 = { 558bd77b317905000053568b35745207 } | |
| $a_19 = { 558bec518b76f28e8f578b71108b4108 } | |
| $a_20 = { 558bec68ac56ac0c8b460c8b5e10a882 } | |
| $a_21 = { 558bec837d0c00751bb0bfcd896a008b } | |
| $a_22 = { 558bec83ec148b4514b0b2d9504df08b } | |
| $a_23 = { 558bec8b45088b48086a7188d152e82d } | |
| $a_24 = { 558bec51833d68073aeadd8a751d8b45 } | |
| $a_25 = { 558bec6aff68e8234000685617400064 } | |
| $a_26 = { 558becb816d58a565755fc8b5d0c8b45 } | |
| $a_27 = { 558be9566c3c99fd13008d4510508944 } | |
| $a_28 = { 558bec8b450885c075025df879e0b107 } | |
| $a_29 = { 558bec535657556a006a0053469dd910 } | |
| $a_30 = { 558bec81ec4c0200005356b08fd1eac9 } | |
| condition: | |
| 24 of them | |
| } | |
| rule ExploitO97MTarodrop_b649fba2dd727cf326850e4f435f515b2485c9311f7fb0cdfab5dea403e4ae7f { | |
| strings: | |
| $a_2 = { 558bec83ec148b451053568b750c85c0 } | |
| $a_3 = { 558bec83ec105633f6837d1001c745f0 } | |
| $a_4 = { 558bec6aff684892663268c064663264 } | |
| $a_5 = { 558bec5151535657ff75086a00680004 } | |
| $a_6 = { 558becb814280000e8ed2700005333db } | |
| $a_7 = { 558bec51568d45fc57508b3520906632 } | |
| $a_8 = { 558bec578b7d1485ff7e1f8a4510b103 } | |
| $a_9 = { 558bec81ec040400005356bee0846632 } | |
| $a_10 = { 558bec81ec700400005356576a0f59be } | |
| $a_11 = { 558bec83ec108d45f4565033f6ff7508 } | |
| $a_12 = { 558becb898640000e82b050000535657 } | |
| $a_13 = { 558becb810110000e879220000535657 } | |
| $a_14 = { 558bec81ec000900008b450c568b3540 } | |
| $a_15 = { 558bec81ec0c020000535657689c1466 } | |
| $a_16 = { 558bec81ec000400005633f668c43e66 } | |
| $a_17 = { 558bec51834dfcff8d45fc56506a20ff } | |
| $a_18 = { 558becb810110000e8e3480000535657 } | |
| $a_19 = { 558becb804380000e8b9230000535657 } | |
| $a_20 = { 558bec81ec240100008b4d1053568b75 } | |
| $a_21 = { 558bec81ec0c08000053565768f40100 } | |
| $a_22 = { 558bec81ecb8060000568b75085756c7 } | |
| $a_23 = { 558bec81ecd80000005356578d8528ff } | |
| $a_24 = { 558bec83ec5853568d45f8578b3d0892 } | |
| $a_25 = { 558bec8b4d0833c03945107e10803c08 } | |
| $a_26 = { 558becb86c130000e87b330000535657 } | |
| $a_27 = { 558bec51518d4df833c0518945f8ff75 } | |
| $a_28 = { 558bec83ec1053568d45f057508d45fc } | |
| $a_29 = { 558bec81ecd8010000535657e86dfeff } | |
| $a_30 = { 558becb814280000e8c22900005333db } | |
| condition: | |
| 24 of them | |
| } | |
| rule ExploitSWFNetis_9aad5b221e4d3416c39d34806e09e24d5d4195e75a37353e7e3cb0d1659701e1 { | |
| strings: | |
| $a_2 = { 558b36db74df5231faba96816d68eeb3 } | |
| $a_3 = { 558b255e704946fdd1973bb4cc673bd1 } | |
| condition: | |
| 2 of them | |
| } | |
| rule ExploitWin32CAN20020649_421f7522bf35bbc621f78e50ef400e6fbeecc4e9c07d8f1d31f4bcbedc3961b5 { | |
| strings: | |
| $a_2 = { 558bec51686c634000e84804000083c4 } | |
| $a_3 = { 558bec8b450885c075025dc3833d946d } | |
| $a_4 = { 558b2d54504000565733db33f633ff3b } | |
| $a_5 = { 558bec51515333db391d2c8140005657 } | |
| $a_6 = { 558bec6aff68d050400068c829400064 } | |
| $a_7 = { 558bec535657556a006a0068e8284000 } | |
| $a_8 = { 558bec6aff688854400068c829400064 } | |
| $a_9 = { 558bc18bf1c1f80583e61f8d3c850070 } | |
| $a_10 = { 558bec83ec14a1c46d40008b15c86d40 } | |
| $a_11 = { 558bec81ecb401000066c78550feffff } | |
| $a_12 = { 558bec6aff68a054400068c829400064 } | |
| condition: | |
| 10 of them | |
| } | |
| rule ExploitWin32CplLnk_ade39360a25fd00871fd46adb49aceb5005e2a5e5ec8a6c682a2ea1ad6507686 { | |
| strings: | |
| $a_2 = { 558bec3e504b2c12bf331bb55f972a88 } | |
| $a_3 = { 558b4743e2455f9ef5b302ee927b2bcd } | |
| $a_4 = { 558baa663148a4351d4f6f212a16d2e6 } | |
| $a_5 = { 558b7080951dbefa1dc0ff9712fdf282 } | |
| $a_6 = { 558b549bfaa44ba551c1bee4a1f690a2 } | |
| $a_7 = { 558b1d410a93ae0f49ddec27394891e9 } | |
| $a_8 = { 558b36c915e5b120752c0b43c8240247 } | |
| $a_9 = { 558b78deaa8ddc1ef7eb71777d010507 } | |
| $a_10 = { 558b475407b3e488bc99e699d19028c5 } | |
| $a_11 = { 558bc0ed681a8bf784dfd8e942124710 } | |
| $a_12 = { 558be14bb26e0afc4c1cea2d4fa9d652 } | |
| $a_13 = { 558ba6218a97910d05f7e71f9f21ca0c } | |
| $a_14 = { 558bec8ff33a5ba8480df54e6bfcf49d } | |
| $a_15 = { 558bba41da755e4605122c384480af6f } | |
| $a_16 = { 558b67ccd4012e40c3b8d8ab67ab8e3e } | |
| $a_17 = { 558bb62c6ac1ea960165049a5aaa8455 } | |
| $a_18 = { 558b9978479868e2865b97172b397825 } | |
| $a_19 = { 558ba3d17ea3b6aa73fb451be8eb31ac } | |
| $a_20 = { 558b82772f532a9465863483f9a7f2c9 } | |
| $a_21 = { 558b2c909f686c50841cb01c5ffdb709 } | |
| $a_22 = { 558bbcfef21259df0745745658377a30 } | |
| $a_23 = { 558b739ba041d3f7c8dd000688d76146 } | |
| $a_24 = { 558b3f6ec5357624d4badf365d468e71 } | |
| $a_25 = { 558b9f3399606c194f1d3d7a299e78b4 } | |
| $a_26 = { 558b61074bebe63dada537643fd16e93 } | |
| $a_27 = { 558bce0c226171850ec975c9925e5ae7 } | |
| $a_28 = { 558b024508e0e42cc54d53386679157c } | |
| $a_29 = { 558b3041ec1ce020d188cab9192a0814 } | |
| $a_30 = { 558b2c2bd12023cf5635733b7ecef921 } | |
| condition: | |
| 24 of them | |
| } | |
| rule ExploitWin32Crpexp_08c4581e38e2476594dc9d4b67c3d13476a580cfa69930a7b6b83e660588cb1a { | |
| strings: | |
| $a_2 = { 558bec535657556a006a0068849b4000 } | |
| $a_3 = { 558bec83ec10568d450c575066c745f0 } | |
| $a_4 = { 558bc18bf1c1f80583e61f8d3c8540eb } | |
| $a_5 = { 558bec81ec040200008b853801000053 } | |
| $a_6 = { 558bec81ec0002000068000200008d85 } | |
| $a_7 = { 558bec6aff68c8e5400068649c400064 } | |
| $a_8 = { 558bec833decd8460000750fff750cff } | |
| $a_9 = { 558bec51515333db391d68ec46005657 } | |
| $a_10 = { 558b0dc41641000fb6c3f64441018074 } | |
| $a_11 = { 558bec803d78d6460000535674278b5d } | |
| $a_12 = { 558bec81ec100600008b4508535657b9 } | |
| $a_13 = { 558bec81eca007000053565733f66a10 } | |
| $a_14 = { 558bec81ec980000008b450856576a26 } | |
| $a_15 = { 558bec81eccc0000008d45f050ff15fc } | |
| $a_16 = { 558bec5756538b750c8b7d088d059cd8 } | |
| $a_17 = { 558bec83ec18dd0538e24000dd5df8dd } | |
| $a_18 = { 558bec81ec200100005356576a015f33 } | |
| $a_19 = { 558b550c8a1284d2744c80f92a742e80 } | |
| $a_20 = { 558bec51833da4d846000053751d8b45 } | |
| $a_21 = { 558bec51518b55085733ff6a018b0a21 } | |
| $a_22 = { 558bec8b4508566a048d34c510234100 } | |
| $a_23 = { 558bec81ec94000000833d340d410000 } | |
| $a_24 = { 558bec81ec000200005657ff75106868 } | |
| $a_25 = { 558becb800130000e8933600005356be } | |
| $a_26 = { 558bec568b75086a01588a0e84c9745a } | |
| $a_27 = { 558bec83ec0c53bb5020410033c983eb } | |
| $a_28 = { 558bec81ec5c0500005633f63935f40c } | |
| $a_29 = { 558bec81ec6c0a00008b45085356576a } | |
| $a_30 = { 558bec515153568b35c0d84600578b7d } | |
| condition: | |
| 24 of them | |
| } | |
| rule ExploitWin32CVE20063942_a1e2a15010da151f83e74081429480d0fc0bfa05ee2f34e5cd04bba1025a5bad { | |
| strings: | |
| $a_2 = { 558bac240c40000056578b3d8c824300 } | |
| $a_3 = { 558b6c2438b1ff32c0884c2408884c24 } | |
| $a_4 = { 558b6c2410563bc357741440a3a49546 } | |
| $a_5 = { 558bec6aff6880a14300688871430064 } | |
| $a_6 = { 558bec6aff6890a14300688871430064 } | |
| $a_7 = { 558bac24340100005689442410578944 } | |
| $a_8 = { 558b6c240c565785ed740e8bfd83c9ff } | |
| $a_9 = { 558b6c240833c033c98a45028a4d03c1 } | |
| $a_10 = { 558b6c2418565733ff3bef897c241489 } | |
| $a_11 = { 558bac241814000056578d8c241c0400 } | |
| $a_12 = { 558b6c240c568b454c85c0756a837c24 } | |
| $a_13 = { 558b9c24300402005657b90040000033 } | |
| $a_14 = { 558b6c2418565733db5566895c241889 } | |
| $a_15 = { 558bec6aff68b0a14300688871430064 } | |
| $a_16 = { 558b2dfc824300ffd56689068b442438 } | |
| $a_17 = { 558bd18bf78bfbc1e902f3a58bca83e1 } | |
| $a_18 = { 558b6c24208bc599f779108bf2e87931 } | |
| $a_19 = { 558b4424448d444001894424208b4c24 } | |
| $a_20 = { 558b2d5c81430056578d7c241033f6f3 } | |
| $a_21 = { 558b2d24814300516a01ffd52bdea354 } | |
| $a_22 = { 558b6c247c5685ed57c7442424010000 } | |
| $a_23 = { 558bac240c04000056575355e851e2ff } | |
| $a_24 = { 558b2d288243005785c0740650ffd583 } | |
| $a_25 = { 558b6c2418568b742430578b45148b7c } | |
| $a_26 = { 558bf8ff152882430083c41056ff1528 } | |
| $a_27 = { 558b6c240c85ed0f84610100008a4500 } | |
| $a_28 = { 558b2d1c8143005685c074138b4f0485 } | |
| $a_29 = { 558bec6aff68a0a14300688871430064 } | |
| $a_30 = { 558b6c24145785ed7505bd8c7944008b } | |
| condition: | |
| 24 of them | |
| } | |
| rule ExploitWin32CVE20093129_83567d18f7b5b0927d42c333ab594dba1a863c7eaf6332d681aa0a268b5c87e8 { | |
| strings: | |
| $a_2 = { 558bec6a005333c05568eac1400064ff } | |
| $a_3 = { 558bec33c05568a35e400064ff306489 } | |
| $a_4 = { 558bec5153568b5d0883c3fc8d55ff8b } | |
| $a_5 = { 558bec6a0033c05568becf400064ff30 } | |
| $a_6 = { 558bf98bea8bd88b4304e83a1bffff8b } | |
| $a_7 = { 558bec538bd88bc3e87f66ffff506a00 } | |
| $a_8 = { 558bec51538bd868ffff00008bcaa108 } | |
| $a_9 = { 558bec83c4f0b89c7b4100e8d0d9feff } | |
| $a_10 = { 558bec53568b5d088d430450e8bfc2ff } | |
| $a_11 = { 558bec83c4d45756538945fca0e79641 } | |
| $a_12 = { 558bec83c4f85356578945fca1388041 } | |
| $a_13 = { 558bec8b450883c00450e8cdc2ffff5d } | |
| $a_14 = { 558bec6a0033c05568aed0400064ff30 } | |
| $a_15 = { 558bec33c0556807f0400064ff306489 } | |
| $a_16 = { 558bec53565733c055687179410064ff } | |
| $a_17 = { 558bec535657a1b8984100e84cd7ffff } | |
| $a_18 = { 558bec33c05568edbf400064ff306489 } | |
| $a_19 = { 558bec51568bf06a208bcaa108fa4000 } | |
| $a_20 = { 558bec535633c05568b75a400064ff30 } | |
| $a_21 = { 558bec6a005333c0556856c2400064ff } | |
| $a_22 = { 558bec5331db89c1dd4508d88ba08141 } | |
| $a_23 = { 558bec83c4f8e88144ffff8855fb8945 } | |
| $a_24 = { 558bec33c05568b1f0400064ff306489 } | |
| $a_25 = { 558bec33c055688254400064ff306489 } | |
| $a_26 = { 558bb721d36d04ea31b76840df25a03e } | |
| $a_27 = { 558bec33c05568937b410064ff306489 } | |
| $a_28 = { 558bec6a0033c05568cece400064ff30 } | |
| $a_29 = { 558bec33c05568f170410064ff306489 } | |
| $a_30 = { 558bec83c4f8e8c92fffff8855fb8945 } | |
| condition: | |
| 24 of them | |
| } | |
| rule ExploitWin32CVE20120158_b61184a634eefd4b74a896517ce7b79b10abe39124f8151dfa1bccae84bac8f6 { | |
| strings: | |
| $a_2 = { 558bebef138a5f7f5a8ffeffd7dff7ff } | |
| condition: | |
| 2 of them | |
| } | |
| rule ExploitWin32CVE20130641_5b21100b828b77758bfd6495c924e71f8bbd890c78d07067928bd7beccae087e { | |
| strings: | |
| $a_2 = { 558bdbef4d92b006b6ac9362e7e0a87a } | |
| $a_3 = { 558b3320ce03326f32d5bb996c255c74 } | |
| $a_4 = { 558b3d279435f34f3895796ac15c72ab } | |
| $a_5 = { 558bca218e925ee3770f5c62ab47312d } | |
| $a_6 = { 558bbcfb9b1972415dc750178f96e05c } | |
| $a_7 = { 558b9968ac5b0432aefe8c04829707f8 } | |
| $a_8 = { 558b88c5596ba19cfe161d803d1880f0 } | |
| $a_9 = { 558b65d615d0e1d2ebece2dc69136b3a } | |
| $a_10 = { 558baabb39a1ae95be81b3a857d236f3 } | |
| $a_11 = { 558bce36079cd0d04b5661cea35d6f7c } | |
| $a_12 = { 558b271429434469271ee23c74387a90 } | |
| $a_13 = { 558b5b1d9f32b438be6daef9e5bed5d5 } | |
| $a_14 = { 558b11c660ac3de42dd5521a2677a09f } | |
| condition: | |
| 11 of them | |
| } | |
| rule ExploitWin32CVE20131331_f854f057c5b7e5e9f863d94d0c81c1f8a2f1eac34dae900da52f6cadf98d923a { | |
| strings: | |
| $a_2 = { 558b4924fa5b7f912e32b117c40f86be } | |
| $a_3 = { 558ba525d0be65dc1f4d603eee78a951 } | |
| condition: | |
| 2 of them | |
| } | |
| rule ExploitWin32CVE20141761_1b1efa4ab2e55a4799b31c3e5c172041c768cc6a408089a4784b852f24ffe148 { | |
| strings: | |
| $a_2 = { 558bbe6316134d39c396fbf8fecab13f } | |
| $a_3 = { 558bbe48f19674dcf1e2abea558bbe48 } | |
| $a_4 = { 558bbe630151615a60b0a339c396fbf8 } | |
| $a_5 = { 558b75f70ef8bfcad4aaad99edd27686 } | |
| $a_6 = { 558bbe48f1965ddcf1d8c6b298c5aa7a } | |
| $a_7 = { 558bbe02ffcabeba7df7e2ffbccabeb5 } | |
| $a_8 = { 558bbe630051615a60b0a339c396fbf8 } | |
| $a_9 = { 558bbe48f19376dcf1d8abf2558bbe48 } | |
| $a_10 = { 558bbe21212a2002fdcabeba885462b7 } | |
| $a_11 = { 558bbe631b432bd6013541212377de45 } | |
| condition: | |
| 9 of them | |
| } | |
| rule ExploitWin32CVE20144114_d20ac3fc362e022c7d09ff6808172fd0dce4e90aee4890455723f638ebff78bf { | |
| strings: | |
| $a_2 = { 558bde1eb5bcf536ad2f7ab0446f72d5 } | |
| $a_3 = { 558b59e3c05833096ada194c2b4d063c } | |
| $a_4 = { 558b63dc07ef2bfe9ba062a9ec1c7471 } | |
| $a_5 = { 558bee6fae363f11cb227c88ff00f03a } | |
| $a_6 = { 558baaa516bb0622d333fd3374f8269d } | |
| $a_7 = { 558b9bc43035607d485c6816af8b7542 } | |
| $a_8 = { 558ba2eafda62bef48a52f9baecfb345 } | |
| $a_9 = { 558b6e0f18172624a242c1ea9d336ab3 } | |
| condition: | |
| 7 of them | |
| } | |
| rule ExploitWin32CVE20170199_a71eee28cafdcbdde92dc85706e84ac6a8434ed1a2aa217da146d8d923733a85 { | |
| strings: | |
| $a_2 = { 558b8f998b5dad0754965e2c4fb98435 } | |
| $a_3 = { 558be7d9599e4fbadd28c0b793601063 } | |
| condition: | |
| 2 of them | |
| } | |
| rule ExploitWin32CVE20178570_8e89ae80ea50110244f2293f14615a7699b1c5d2a70415a676aa4588117ad9a7 { | |
| strings: | |
| $a_2 = { 558b4cb3f263dffbf9012bbb9e17e53c } | |
| $a_3 = { 558b084be325031271d326b22d7e0d78 } | |
| $a_4 = { 558ba5cb68791dcf81fe26dd680f1db6 } | |
| $a_5 = { 558bc7be1f9f4ebdbf8755b57b2d3a4f } | |
| $a_6 = { 558b64b7ad3b807862c3d4f7a5078ede } | |
| $a_7 = { 558be28f8366f169f0ac3e2df0cc9e27 } | |
| $a_8 = { 558b9a33cd1f55a3fc8bee41edaaff00 } | |
| $a_9 = { 558bc49e02f10f84b5271f35fe996729 } | |
| $a_10 = { 558b738348466b979a4cfcd6b63b1952 } | |
| $a_11 = { 558b9f00f8ab53bbf19e87ff0008f5d4 } | |
| $a_12 = { 558be4b5c468157e5d99e4007aad9fed } | |
| $a_13 = { 558b5fff0084225d2e6b0d57ec71dacb } | |
| $a_14 = { 558b8b9c9caf067cb9e0df1d7ecb3ab7 } | |
| $a_15 = { 558b9a3347d568ff0022fb907b6adfce } | |
| $a_16 = { 558b7b91131dbd6b63c37fb33db68fe3 } | |
| $a_17 = { 558bc43e17d5742d46ea7ff868bfed6b } | |
| $a_18 = { 558bcd958bcb6bb91e50b21472990780 } | |
| condition: | |
| 14 of them | |
| } | |
| rule ExploitWin32Deusenc_01cc792cd55beac222060128330f139a3b790553482b48e61a88481791b49f25 { | |
| strings: | |
| $a_2 = { 558bec83ec1053568bf1578b7d14807e } | |
| $a_3 = { 558bec5657ff7508e8b12a00008bf08d } | |
| $a_4 = { 558bec83ec10535633db8bf1385d2c8b } | |
| $a_5 = { 558bcec7055c304700ec030000e808fd } | |
| $a_6 = { 558bec833d0c55470000750fff750cff } | |
| $a_7 = { 558bc8e89efdffff473bfb7cd58b4628 } | |
| $a_8 = { 558b6c2424568bf18bcde8b928fcff85 } | |
| $a_9 = { 558bec6aff68505145006874d4420064 } | |
| $a_10 = { 558bcfe8810802008b6c24148bf88b07 } | |
| $a_11 = { 558be956576a438d8d88000000e8dd16 } | |
| $a_12 = { 558bd9568b4c241c57e8def9fdff8b7c } | |
| $a_13 = { 558bec837d08000f845e4a38750c0408 } | |
| $a_14 = { 558bcee8b567ffff8b4b185f85c97412 } | |
| $a_15 = { 558bec83ec6433c05638450c8bf10f95 } | |
| $a_16 = { 558bec83ec7c53568b750833c057894d } | |
| $a_17 = { 558bec5756538b750c8b7d088d05943a } | |
| $a_18 = { 558b442420c705a0304700820000008b } | |
| $a_19 = { 558bcee8566a000055e82f1a020083c4 } | |
| $a_20 = { 558b6c24105657742aa1643947008b5c } | |
| $a_21 = { 558bec515153894df88b4d085657e8b7 } | |
| $a_22 = { 558bec33c039050c554700750fff750c } | |
| $a_23 = { 558be9578b4d1083c11ce8f08c010033 } | |
| $a_24 = { 558b6c2408568bf185ed750ae87ffdff } | |
| $a_25 = { 558bec6aff68305245006874d4420064 } | |
| $a_26 = { 558bec83ec3056ff15bc1145008b35c0 } | |
| $a_27 = { 558be6df3211858d29458b10d7847d90 } | |
| $a_28 = { 558becb82c120000e86ec1ffff8d8568 } | |
| $a_29 = { 558b6c24488974245083fd0189742410 } | |
| $a_30 = { 558bec5356578bf98d9f800000008bcb } | |
| condition: | |
| 24 of them | |
| } | |
| rule ExploitWin32Eqtonex_92c6a9e648bfd98bbceea3813ce96c6861487826d6b2c3d462debae73ed25b34 { | |
| strings: | |
| $a_2 = { 558b6c24280fb7858804000056ba0008 } | |
| $a_3 = { 558b6858578b78508b405c6a006a186a } | |
| $a_4 = { 558bac2420010000568bb42430010000 } | |
| $a_5 = { 558b6c244053568b5f088d730c85f674 } | |
| $a_6 = { 558bf0e84ca6010083c4105d5b5f8bc6 } | |
| $a_7 = { 558b6858578b78508b405c6a006a3983 } | |
| $a_8 = { 558b838c01000083e07f8d571c558d64 } | |
| $a_9 = { 558b6c24085733ffb8000200b085ed75 } | |
| $a_10 = { 558b6c240cb8420000b05789442408c7 } | |
| $a_11 = { 558bec83ec10a1302343008365f80083 } | |
| $a_12 = { 558b6c2414578b7c2424578d46305051 } | |
| $a_13 = { 558b6c240c5633f65785ed74708b5c24 } | |
| $a_14 = { 558b74241885f6744d8b068b4f043bc1 } | |
| $a_15 = { 558b6c2424568b7424205785f60f84af } | |
| $a_16 = { 558bac24fc010000566a0a55c6842478 } | |
| $a_17 = { 558b6c241003c63b4504773f578b7c24 } | |
| $a_18 = { 558b6c24585785ed7406668b4504eb02 } | |
| $a_19 = { 558b6c240c33c0578944240885ed745f } | |
| $a_20 = { 558b6c240cb803000000578944240885 } | |
| $a_21 = { 558b357cb142006a5c684cca4200ffd6 } | |
| $a_22 = { 558b6c240c33db56573beb0f84710100 } | |
| $a_23 = { 558b6c2408566a0a55e812eeffff83c4 } | |
| $a_24 = { 558bac24f0040000568bb424fc040000 } | |
| $a_25 = { 558bec5356576a006a00683793420051 } | |
| $a_26 = { 558b6c2440568b742434578b7c243c33 } | |
| $a_27 = { 558bf8e8db4d0000668b48505766898b } | |
| $a_28 = { 558b2f6a0133c0568906578946046a01 } | |
| $a_29 = { 558b6c241c33d2908b0c378b4437042b } | |
| $a_30 = { 558b6c240cb8420000b0578944240885 } | |
| condition: | |
| 24 of them | |
| } | |
| rule ExploitWin32Exrec_049b1a5eff6926fa7b0d44b96af28bd72421cb7fb3969e2a603cc088070dc53a { | |
| strings: | |
| $a_2 = { 558bec83c4c06033d2b230648b0285c0 } | |
| condition: | |
| 2 of them | |
| } | |
| rule ExploitWin32Getad_0f74fc17a34da4b841ecc0066f5f98c668e8f3455f4e684e3350db80983e8bae { | |
| strings: | |
| $a_2 = { 558bec6aff68d060400068f439400064 } | |
| $a_3 = { 558bec8b450885c075025dc3833db09b } | |
| $a_4 = { 558bec83ec14a154af40008b1558af40 } | |
| $a_5 = { 558bec51568b750885f6745aa164af40 } | |
| $a_6 = { 558bec6aff68d064400068f439400064 } | |
| $a_7 = { 558bec51833db09b40000053751d8b45 } | |
| $a_8 = { 558bc18bf1c1f80583e61f8d3c85209e } | |
| $a_9 = { 558bec51515333db391d289f40005657 } | |
| $a_10 = { 558becb82c120000e8182900008d8568 } | |
| $a_11 = { 558bec6aff68b864400068f439400064 } | |
| $a_12 = { 558bec515153568b35b0914000578b56 } | |
| $a_13 = { 558bec535657556a006a006814394000 } | |
| $a_14 = { 558bec5153568b359471400057837e10 } | |
| $a_15 = { 558b2d78604000565733db33f633ff3b } | |
| condition: | |
| 12 of them | |
| } | |
| rule ExploitWin32IIS_e7580b68f11c6c76a4c29d423735faf1af31624c2441bf92833e7df5062295e7 { | |
| strings: | |
| $a_2 = { 558bec51515333db391dcc8240005657 } | |
| $a_3 = { 558bec5168d8644000e80b06000083c4 } | |
| $a_4 = { 558b2d54504000565733db33f633ff3b } | |
| $a_5 = { 558bec8b450885c075025dc3833d186f } | |
| $a_6 = { 558bec6aff6848544000685c2d400064 } | |
| $a_7 = { 558bec6aff68d0504000685c2d400064 } | |
| $a_8 = { 558bec83ec14a14c6f40008b15506f40 } | |
| $a_9 = { 558bec6aff6890544000685c2d400064 } | |
| $a_10 = { 558bec535657556a006a00687c2c4000 } | |
| $a_11 = { 558becb8dc110000e82309000066c785 } | |
| $a_12 = { 558bc18bf1c1f80583e61f8d3c85a071 } | |
| condition: | |
| 10 of them | |
| } | |
| rule ExploitWin32Lsass_c80c7e1512a99b3fe55d83c846992b7cd8f2385314bd815c218254427adcda6a { | |
| strings: | |
| $a_2 = { 558b2831ea5d527e06f7c2b50a12685a } | |
| $a_3 = { 558bd25d5ef8e2f25981fd8c26aa78c1 } | |
| condition: | |
| 2 of them | |
| } | |
| rule ExploitWin32MS06040_b8987f946c88faae13b68278e0bbc092b20241e4837642a4c4864ed8ffe005a1 { | |
| strings: | |
| $a_2 = { 558bdc98da621c8259ba5178710f4eff } | |
| $a_3 = { 558bec660bd933dbb304015c24d8662b } | |
| $a_4 = { 558ba9b4397e2910ef6214ec985aa099 } | |
| condition: | |
| 3 of them | |
| } | |
| rule ExploitWin32MS08067_59732178a7f0617545c00121fd79650e2e6ea5cde63eb88b2b6f69858cad35e5 { | |
| strings: | |
| $a_2 = { 558bec6aff68c821400068201d400064 } | |
| $a_3 = { 558bec6aff68d821400068201d400064 } | |
| $a_4 = { 558bec6aff68e821400068201d400064 } | |
| $a_5 = { 558bec6aff68f821400068201d400064 } | |
| $a_6 = { 558b5c24145603c2578bf833f6c1ff02 } | |
| $a_7 = { 558b6c247833dbc74500000000000fbf } | |
| condition: | |
| 6 of them | |
| } | |
| rule ExploitWin32Nappto_93602a9728926e426d6025d15b9d6581d75f33488dac8c0c30f62946324193bb { | |
| strings: | |
| $a_2 = { 558bec33c055689d39400064ff306489 } | |
| $a_3 = { 558bec81c4f0f7ffff5356578955f889 } | |
| $a_4 = { 558bec33c05568e133400064ff306489 } | |
| $a_5 = { 558bec33c055686539400064ff306489 } | |
| $a_6 = { 558bec33c055686d3c400064ff306489 } | |
| $a_7 = { 558bf0bffc554000bd005640008b1df4 } | |
| $a_8 = { 558bec535657bf1c5640008b470885c0 } | |
| $a_9 = { 558bec83c4f85356578bd8803da85540 } | |
| $a_10 = { 558bec83c4e833c08945e88945ecb8cc } | |
| $a_11 = { 558bec33c05568a151400064ff306489 } | |
| $a_12 = { 558bec33c055681934400064ff306489 } | |
| $a_13 = { 558bec83c4f85356578bd8803da86540 } | |
| $a_14 = { 558bec83c4f85356578945fca1204040 } | |
| $a_15 = { 558bec535657bf1c8640008b470885c0 } | |
| $a_16 = { 558bec81c404f0ffff5083c4e0535633 } | |
| $a_17 = { 558bec515356578bf28bd8803da88540 } | |
| $a_18 = { 558bec83c4f40fb7050c5040008945f8 } | |
| $a_19 = { 558bec81c404f0ffff5081c41cffffff } | |
| $a_20 = { 558bec33c05568e533400064ff306489 } | |
| $a_21 = { 558bec81c404f0ffff5083c480535633 } | |
| $a_22 = { 558bec535657a12456400085c0744b8b } | |
| $a_23 = { 558bec53565733d255682e52400064ff } | |
| $a_24 = { 558bec33c055683b61400064ff306489 } | |
| $a_25 = { 558bec83c4f85356578bd8803da88540 } | |
| $a_26 = { 558bec33d255687e18400064ff326489 } | |
| $a_27 = { 558bec81c4d4feffff5356578bf18bfa } | |
| $a_28 = { 558bec83c4c4535657b844614000e829 } | |
| $a_29 = { 558bec33c05568015f400064ff306489 } | |
| $a_30 = { 558bec33c05568dd34400064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule ExploitWin32Prix_d4619d44297afa3bb2a028d30043dbba3cbf97c003ea7cbda3228b26427f1714 { | |
| strings: | |
| $a_2 = { 558becb8fc4823e8931a045356578dbd } | |
| condition: | |
| 2 of them | |
| } | |
| rule ExploitWin32Ratbolo_9c07d491e4ddcba98c79556c4cf31d9205a5f55445c1c2da563e80940d949356 { | |
| strings: | |
| $a_2 = { 558b0846f7962f7468562da1949c39b8 } | |
| $a_3 = { 558b47b710848567d6225606e028f876 } | |
| $a_4 = { 558b28f17793a7e2a0ced8e18e01aee9 } | |
| $a_5 = { 558b8f8bd52f372767ae09fc4737bd91 } | |
| $a_6 = { 558b5c91e73ca4d490ef48e603dffaa4 } | |
| $a_7 = { 558b7ea5e1a9d0db3749fee8e8e49253 } | |
| $a_8 = { 558b2527e07a83482f4c2c023081f94f } | |
| condition: | |
| 6 of them | |
| } | |
| rule ExploitWin32RpcDcom_022238a70ef8c63ce74dba06a2cc109d76a8c88ead81d1a8c6a6299285ede7ad { | |
| strings: | |
| $a_2 = { 558bec568b750885f6743857bf381800 } | |
| $a_3 = { 558becff751cb9b4204100ff7518ff75 } | |
| $a_4 = { 558bec535657ff750c33f6ff15881200 } | |
| $a_5 = { 558bec83ec2453568b75088b46782b46 } | |
| $a_6 = { 558bec83ec10ff75088d4df0e8fc64ff } | |
| $a_7 = { 558bec83ec14a12021410033c58945fc } | |
| $a_8 = { 558bec8b450881384c43494375138b48 } | |
| $a_9 = { 558bec515333db395d10895dfc750768 } | |
| $a_10 = { 558bec5356578b7d08ff7704ff15f410 } | |
| $a_11 = { 558bec568b7508eb0956e8c8f9ffff83 } | |
| $a_12 = { 558bec83ec28a160ac010153568b7508 } | |
| $a_13 = { 558bec81ecd4020000a160ac01015356 } | |
| $a_14 = { 558bec5151565733ff397d080f84aa00 } | |
| $a_15 = { 558bec566a00ff7508e8dc0e0000ff75 } | |
| $a_16 = { 558bec8b45088d48ff85c8568bf07418 } | |
| $a_17 = { 558bec535633db578bf1395d1c0f852d } | |
| $a_18 = { 558bec83ec405333db391d24b001010f } | |
| $a_19 = { 558bec837d1c005356578bf90f858f00 } | |
| $a_20 = { 558bec56ff75088bf1e87793ffff8bc6 } | |
| $a_21 = { 558bec51518b450c5333db2bc3742c48 } | |
| $a_22 = { 558bec803d85b2020100741aff750868 } | |
| $a_23 = { 558bec81ec60010000a160ac01015657 } | |
| $a_24 = { 558becf6450801568bf1c706f4140001 } | |
| $a_25 = { 558bec538b5d0c5733ff4785db7e6356 } | |
| $a_26 = { 558bec5153568b751057894dfc33c96a } | |
| $a_27 = { 558bec515356576a0859ff750833c08d } | |
| $a_28 = { 558bec8b45088b40046aff6a0150e8d7 } | |
| $a_29 = { 558b45e08b088b5510890a8a480684c9 } | |
| $a_30 = { 558bec5657ff75088bf1ff1588120001 } | |
| condition: | |
| 24 of them | |
| } | |
| rule ExploitWin32SandyEva_34fcb576a388a64595ea9290c49e777d95c2e771302fa8e7f65c91f31caeb4d8 { | |
| strings: | |
| $a_2 = { 5589e583ec18c7042400f06e66e8c648 } | |
| $a_3 = { 5589e55383ec34c7442404af026f668d } | |
| $a_4 = { 5589e58b55088b4d0cb8feffffff85d2 } | |
| $a_5 = { 5589e5b8a0466f66c9c390905589e5b8 } | |
| $a_6 = { 5589e583ec18c70570996f66ffffffff } | |
| $a_7 = { 5589e557565383ec6c8b75088b5510b8 } | |
| $a_8 = { 5589e557565383ec5c837d0c000f8e05 } | |
| $a_9 = { 5589e583ec18ff5508ff1560e06e66e8 } | |
| $a_10 = { 5589e583ec188b4508890424e87b0600 } | |
| $a_11 = { 5589e5565383ec30c744240476f36e66 } | |
| $a_12 = { 5589e583ec288b4510894424148b450c } | |
| $a_13 = { 5589e55383ec24c74424046ef76e668d } | |
| $a_14 = { 5589e557565381ec7c0200008d95c2fd } | |
| $a_15 = { 5589e55383ec148b5d08c70380646f66 } | |
| $a_16 = { 5589e557565383ec4c8b7508b8feffff } | |
| $a_17 = { 5589e557565383ec2c89c389d78d4064 } | |
| $a_18 = { 5589e557565389c68b108a0a80f96e74 } | |
| $a_19 = { 5589e55383ec148b1500906f6685d274 } | |
| $a_20 = { 5589e55383ec148b5d08c70368646f66 } | |
| $a_21 = { 5589e556538b5d088b4d0c31d283c8ff } | |
| $a_22 = { 5589e583ec088b450c894508c9e9620c } | |
| $a_23 = { 5589e557565381ec3c0200008b450c8d } | |
| $a_24 = { 5589e557565383ec1c8955e0894ddc0f } | |
| $a_25 = { 5589e557565381ec8c0a00008b5d0c8d } | |
| $a_26 = { 5589e583ec088b45088b550c85c07508 } | |
| $a_27 = { 5589e5565383ec30e82e2f000085c00f } | |
| $a_28 = { 5589e557565383ec1c89c38b480c8a01 } | |
| $a_29 = { 5589e557565383ec148b4d088b5d148b } | |
| $a_30 = { 5589e5565383ec108b7508b8feffffff } | |
| condition: | |
| 24 of them | |
| } | |
| rule ExploitWin32Senglot_5d5bf564883ad8243d4ae884301ccdd8e063e6489439f69b8e9d2d48c204cb73 { | |
| strings: | |
| $a_2 = { 558bec833dd03f42000075146afde85d } | |
| $a_3 = { 558bec518b4508a398264200c745fc00 } | |
| $a_4 = { 558bec833d8c264200027405e88f1a00 } | |
| $a_5 = { 558bec81ec68010000a1c03b42006bc0 } | |
| $a_6 = { 558becb82c300000e8e321000057c685 } | |
| $a_7 = { 558bec535657556a006a0068a42a4000 } | |
| $a_8 = { 558bec51a1683e42008945fc8b4d0889 } | |
| $a_9 = { 558bec83ec0c8b45083b05bc3f420073 } | |
| $a_10 = { 558bece8180700000fbe05d426420085 } | |
| $a_11 = { 558bec833ddc3f4200007406ff15dc3f } | |
| $a_12 = { 558bec83ec0c837d08007518c745f8f4 } | |
| $a_13 = { 558becb838110000e8531e0000837d18 } | |
| $a_14 = { 558beca1302842005dc3cccccccccccc } | |
| $a_15 = { 558bec51a1a01d42008945fc8b4d0889 } | |
| $a_16 = { 558bec51833da03b420000750cc705a0 } | |
| $a_17 = { 558bec51c745fcfeffffffe860e3ffff } | |
| $a_18 = { 558bec6aff6810f1410068842b400064 } | |
| $a_19 = { 558bec51837d08007502eb3a8b450850 } | |
| $a_20 = { 558bec83ec08a1c43b42008945f8c745 } | |
| $a_21 = { 558bec833d4c3c4200007407a1c83b42 } | |
| $a_22 = { 558bec81ec200400008b45083b05bc3f } | |
| $a_23 = { 558bec51c745fc281b42008b45fc8b08 } | |
| $a_24 = { 558bec518b45083b05bc3f42000f839b } | |
| $a_25 = { 558beca1801d42005dc3cccccccccccc } | |
| $a_26 = { 558bec8b45083b05bc3f4200720433c0 } | |
| $a_27 = { 558bec83ec288b450850e8f102000083 } | |
| $a_28 = { 558bec51535657a1601c420083e00485 } | |
| $a_29 = { 558bec518b45083b05bc3f4200731f8b } | |
| $a_30 = { 558bec83ec14833dd03f4200007505e8 } | |
| condition: | |
| 24 of them | |
| } | |
| rule ExploitWin32ShellCode_8fd492b921793ff5e2026747dea3acab325e8c85b065571d5f2f9a89f594badb { | |
| strings: | |
| $a_2 = { 558bec81ec840000008365ec008365b0 } | |
| condition: | |
| 2 of them | |
| } | |
| rule ExploitWin32Siveras_c3697b605f2dde335920489b35be6c261426d86ec58883e5579a1c2b7a5a767c { | |
| strings: | |
| $a_2 = { 558bec833db09742000075146afde85d } | |
| $a_3 = { 558bec81ec0c0500005356578dbdf4fa } | |
| $a_4 = { 558bec8b450883c00f24f0894508817d } | |
| $a_5 = { 558bec518b45083b059c9742000f8381 } | |
| $a_6 = { 558bec6a02e8c64bffff83c4045dc3cc } | |
| $a_7 = { 558bece8084c00000fbe05c091420085 } | |
| $a_8 = { 558bec833d6c914200027405e89f3300 } | |
| $a_9 = { 558bec51833d4496420003752a8b4508 } | |
| $a_10 = { 558bec83ec08535657a15065420083e0 } | |
| $a_11 = { 558bec833d44964200037507a1789342 } | |
| $a_12 = { 558bec83ec08c745f8906642008b45f8 } | |
| $a_13 = { 558bec83ec345356578d45cc50e88ef9 } | |
| $a_14 = { 558bec83ec148b450850e8a101000083 } | |
| $a_15 = { 558b4d088b51fc83ea018955f88b45f8 } | |
| $a_16 = { 558bec83ec20a1b08642008945e08b4d } | |
| $a_17 = { 558bec833dbc974200007406ff15bc97 } | |
| $a_18 = { 558bec51a1288842008945fc8b4d0889 } | |
| $a_19 = { 558becb82c300000e863faffff57c685 } | |
| $a_20 = { 558bec51535657837d0800751e681c36 } | |
| $a_21 = { 558becc7051893420000000000837d08 } | |
| $a_22 = { 558bec51c745fcfeffffff833d449642 } | |
| $a_23 = { 558bec83ec308b450c8945fc837d0800 } | |
| $a_24 = { 558bec51a1449342008945fc8b4d0889 } | |
| $a_25 = { 558bec51a1449342008945fc837dfc00 } | |
| $a_26 = { 558bec51a140934200508b4d0851e80d } | |
| $a_27 = { 558bec83ec0ca1709342006bc0148b0d } | |
| $a_28 = { 558bec83ec288b450850e8f102000083 } | |
| $a_29 = { 558bec83ec18535657a15065420083e0 } | |
| $a_30 = { 558bec516a006a006a01a14093420050 } | |
| condition: | |
| 24 of them | |
| } | |
| rule ExploitWin32Wordjmp_020f8d72797cc869564c761d33e6da30f3549db672a9973f281e832a9b453218 { | |
| strings: | |
| $a_2 = { 558bad98427fda14bb05b568fdac8580 } | |
| $a_3 = { 558bec51538b7d08eb09ffffffffffff } | |
| $a_4 = { 558b204f1fc9a54be5ef53cb66e9c6b1 } | |
| $a_5 = { 558b1e75118ebb5b1e5dccea9324ad22 } | |
| $a_6 = { 558bf1858625e1e2aa5e7c02921b43f7 } | |
| condition: | |
| 5 of them | |
| } | |
| rule ExploitWin32WordPerf_45fcea4e060d69ab66641dc08f88cc4b200296a1c6af6fdc7553b6e4ca0b6adc { | |
| strings: | |
| $a_2 = { 558bec51a1445742008945fc8b4d0889 } | |
| $a_3 = { 558bec68400100006a00a16c5a420050 } | |
| $a_4 = { 558bec833d4c6f42000075146afde85d } | |
| $a_5 = { 558bec51c745fc304f42008b45fc8b48 } | |
| $a_6 = { 558bec535657556a006a0068247f4000 } | |
| $a_7 = { 558becff15bc7142005dc3cccccccccc } | |
| $a_8 = { 558bec518b4508a3b4554200c745fc00 } | |
| $a_9 = { 558bec83ec345356578d45cc50e88ef9 } | |
| $a_10 = { 558bec6a408b450c508b4d0851e8fefe } | |
| $a_11 = { 558bec518b45083b05bc5b42000f8381 } | |
| $a_12 = { 558bec83ec1856833d1c4f4200017e17 } | |
| $a_13 = { 558bec833d2c584200007407a19c5742 } | |
| $a_14 = { 558beca1445742005dc3cccccccccccc } | |
| $a_15 = { 558bec833d08564200017412833d0856 } | |
| $a_16 = { 558bec51833d605a4200000f841b0100 } | |
| $a_17 = { 558bec51a1445742008945fc837dfc00 } | |
| $a_18 = { 558bec51568b45083b05bc5b4200731f } | |
| $a_19 = { 558bec51a1384a42008945fc837d08ff } | |
| $a_20 = { 558bec6aff68f8374200680480400064 } | |
| $a_21 = { 558bec83ec0ca1645a42006bc0148b0d } | |
| $a_22 = { 558b4508c1f8058b4d0883e11f8b1485 } | |
| $a_23 = { 558bec51535657837d0800751e685c29 } | |
| $a_24 = { 558bec51837d08007502eb3a8b450850 } | |
| $a_25 = { 558bec51a1705042008945fc8b4d0889 } | |
| $a_26 = { 558bec83ec0c8b45083b05bc5b420073 } | |
| $a_27 = { 558bec83ec288b450850e8f102000083 } | |
| $a_28 = { 558bec83ec08c745fc00000000833d5c } | |
| $a_29 = { 558bec6a02e8b656ffff83c4045dc3cc } | |
| $a_30 = { 558bec518b45083b0574504200771a8b } | |
| condition: | |
| 24 of them | |
| } | |
| rule ExploitWinNTDebPloit_c361d1e3d46595921e254ea2d2e767b0c470e110786e975d62ac13ab70e67318 { | |
| strings: | |
| $a_2 = { 558bec83c4fc535657ff15481040008c } | |
| $a_3 = { 558bec83c4e4535657552bdb68139040 } | |
| $a_4 = { 558bec81c4f8fdffff56578db5f8fdff } | |
| $a_5 = { 558bec83c4fc535657e89af0ffff8b45 } | |
| $a_6 = { 558bec8b55088b0a80f9ff752e8ac524 } | |
| $a_7 = { 558bec535657556a006a006828394000 } | |
| $a_8 = { 558b42fc2b6aec03e803eb6a046a00e8 } | |
| $a_9 = { 558bec5356578b5d0c2bff8b75084f3b } | |
| $a_10 = { 558bec81c4a0ebffff535657e823fdff } | |
| $a_11 = { 558bec83c4e8ff15141040002bc9498b } | |
| $a_12 = { 558becb804230000e89e2100008065f2 } | |
| $a_13 = { 558bec81c4d8feffff535657e810faff } | |
| $a_14 = { 558bec8b4d1441ff751cff7518ff7514 } | |
| $a_15 = { 558bec8b450885c075025dc3833ddcbf } | |
| $a_16 = { 558bec6aff68d814400068083a400064 } | |
| $a_17 = { 558bc18bf1c1f80583e61f8d3c8540c0 } | |
| $a_18 = { 558bec83c4d85356572bc08d7dd88b55 } | |
| $a_19 = { 558bec538b45148b55188b5d0c803be8 } | |
| $a_20 = { 558bec5185db74323c00742e8b433c0f } | |
| $a_21 = { 558bec83c4d856b8b4f3c2e18945e848 } | |
| $a_22 = { 558bec83c4e4578d55108d7de45257ff } | |
| $a_23 = { 558bec83ec0c53568b7508573b3540c1 } | |
| $a_24 = { 558bec804d1c01ff751cff7518ff7514 } | |
| $a_25 = { 558bec81c4f8fdffff5657fc8dbdf8fd } | |
| $a_26 = { 558bec6aff682011400068083a400064 } | |
| $a_27 = { 558bec8b450c0d001000006a4050ff75 } | |
| $a_28 = { 558bec8b451440c9c21800558becff75 } | |
| $a_29 = { 558bec51515657bec0bd400068040100 } | |
| $a_30 = { 558bec8b45100fb6106a00ff7514ff75 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolAndroidOSZergRush_cb781a47ed3ec7284e330ae854a8aeb77e38823bea3d1ff99603dcd23147acc1 { | |
| strings: | |
| $a_2 = { 558b4541da15100e8d4eafc414c74ae4 } | |
| $a_3 = { 558be65c3970bfd672aad23f275e232c } | |
| $a_4 = { 558b8903061af8b16e58f5e8c01c9693 } | |
| $a_5 = { 558b5ed3e79c05e6133107dc0391b4cf } | |
| $a_6 = { 558b0f92f648aa562e8255ba5fe07dc2 } | |
| $a_7 = { 558bdf382eb5077e69ca375e37fc6b7b } | |
| $a_8 = { 558b4879284334c872460f6cc82e3fb7 } | |
| $a_9 = { 558bbc0485754ff3feb977b3a112c60c } | |
| $a_10 = { 558b70969903cb9809cbca709c76e2e4 } | |
| $a_11 = { 558ba05d8350af51b1a3ead8294afeb2 } | |
| condition: | |
| 9 of them | |
| } | |
| rule HackToolLinuxShark_c7f1110b287811bda3f79e320c6d900a4606c8d17861d310c0c0582bc1e24264 { | |
| strings: | |
| $a_2 = { 5589e556538b4d088b550c8b5d108b45 } | |
| $a_3 = { 5589e58b4508ff750c508b80a0000000 } | |
| $a_4 = { 5589e553e8000000005b81c3cba60600 } | |
| $a_5 = { 5589e553ff75086a20e8a2ffffff89c3 } | |
| $a_6 = { 5589e58b45088b4d0c85c074238db426 } | |
| $a_7 = { 5589e583ec045756538b5d0c31f683fb } | |
| $a_8 = { 5589e58b550831c085d2740d833aff74 } | |
| $a_9 = { 5589e55756538b5d088b750c6a14e8bd } | |
| $a_10 = { 5589e5538b5d0866c143040866c14306 } | |
| $a_11 = { 5589e556538b5d088b450c83f804776c } | |
| $a_12 = { 5589e55756538b5d088b750c6a14e801 } | |
| $a_13 = { 5589e583ec485756538d75b889f731c0 } | |
| $a_14 = { 5589e55756538b7d0c8b5508ff720ce8 } | |
| $a_15 = { 5589e583ec188b4d0c8b45108b5514c7 } | |
| $a_16 = { 5589e58b450885c07409ff30e8ff5e01 } | |
| $a_17 = { 5589e583ec205756538b750885f60f84 } | |
| $a_18 = { 5589e583ec045756538b7d0c8b4d088b } | |
| $a_19 = { 5589e583ec145756538b750885f67507 } | |
| $a_20 = { 5589e556538b5d088b450c837d100074 } | |
| $a_21 = { 5589e58b55088b0283f8ff743383e007 } | |
| $a_22 = { 5589e583ec0c5756538b55088b4a0c8b } | |
| $a_23 = { 5589e583ec305756538b5508837a6800 } | |
| $a_24 = { 5589e5ff7508e8d925010085c0750531 } | |
| $a_25 = { 5589e583ec045756538b7d088b470885 } | |
| $a_26 = { 5589e5575653e8d5efffff8b55088b7a } | |
| $a_27 = { 5589e583ec0853c645f8aa8b55f881ca } | |
| $a_28 = { 5589e55756538b75088b1e8b560889d9 } | |
| $a_29 = { 5589e583ec0857565331ffc745fc0000 } | |
| $a_30 = { 5589e58b4d088b0183f8ff746b89c283 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolMSILBoilod_369b6036cf43fd6c836ac7d6d99b767eabfdd54f58a782e9afd0cb8c29ac3fab { | |
| strings: | |
| $a_2 = { 558b31242aa6d46d27c575659ca613cd } | |
| $a_3 = { 558b2081f949e8dbfdc07adb30c09d6e } | |
| $a_4 = { 558ba87ed569e37313236a131d8b907d } | |
| $a_5 = { 558b31a87607a5f2f0407cdefe69b8c7 } | |
| $a_6 = { 558bad7af96d159056029ffe7286e184 } | |
| $a_7 = { 558b1613158cdfebf93c2d157655680b } | |
| $a_8 = { 558bfcff9d68f63b336c421ddfa6b22c } | |
| $a_9 = { 558b254f0d02b853a41c1a0a4db04433 } | |
| $a_10 = { 5589e5ddf312481d462445c50fed106e } | |
| $a_11 = { 558b5562b1a17ed51bbc671d1ea716c5 } | |
| $a_12 = { 558bb01e6b8bff9b0371d5083587ed35 } | |
| $a_13 = { 558bf12ad22aeff51cb3d4a8900a72a7 } | |
| $a_14 = { 558b12a1b493fc9d1b00ad872ac94d58 } | |
| condition: | |
| 11 of them | |
| } | |
| rule HackToolMSILCryptorstub_87a60bd1e1b6be93d29e5f01dc06be8443b59497d72d6d5fbf019ed53632a7ae { | |
| strings: | |
| $a_2 = { 558b07903d28bbb289daa2b86b2ce460 } | |
| $a_3 = { 558ba3441ede620d0ecfd323ed6013e1 } | |
| $a_4 = { 558b51b075f1b4c1a1fe4a4577151786 } | |
| condition: | |
| 3 of them | |
| } | |
| rule HackToolMSILGendows_6b1700f8c85d18cab36ce123813c6190ae9f80712d53e306f119994b48ba052e { | |
| strings: | |
| $a_2 = { 558be5d3a4f596b15df4abb9ddab04dd } | |
| $a_3 = { 558b758a489d8c73ef4ba3f84efc4e89 } | |
| $a_4 = { 558b99c04b919e4a98a4130a0fcd6a00 } | |
| $a_5 = { 558bacf3ff27788c6e1757e0a627010c } | |
| $a_6 = { 558bf2ff7a516dea60f7d8f2247beda6 } | |
| $a_7 = { 558b4a98bd6890572de64ff225c4a149 } | |
| $a_8 = { 558bb0b6d329b58dafccba58fd9c3396 } | |
| $a_9 = { 558bfcb476678f47330b736c54264e41 } | |
| $a_10 = { 5589e5e54f3251cb82689becfaecce8e } | |
| $a_11 = { 558b475fd7d5e5819496678548241119 } | |
| $a_12 = { 558b9858ebdb8a969ae36deeb22d20f9 } | |
| $a_13 = { 558bf0f9f77cdc9dc378065f5cb8b9ed } | |
| $a_14 = { 558b9dc1f10cc0d9c7f9f5094e4019ec } | |
| $a_15 = { 558b061a535ef5e0cbdc8d809cf9cf71 } | |
| $a_16 = { 558b63db305c96ab68fb39934de475ed } | |
| $a_17 = { 5589e5e6cf1b55aa011511856dec619e } | |
| $a_18 = { 558b842f0d66bdaa38eff4d5795f2189 } | |
| $a_19 = { 558b20ee441b60139426b764f244c678 } | |
| $a_20 = { 558bae337efbc7bd693764256d191fdb } | |
| $a_21 = { 558bf177828ac202dab0397c1fcba79b } | |
| $a_22 = { 558b2cb5b94b0761013b6f2ef066c2f3 } | |
| $a_23 = { 558bceda009b5cc8b2e4165784f4306b } | |
| $a_24 = { 558b20196ca21cbc5e07e3684ba2434c } | |
| $a_25 = { 558bd40adba5e8a8667e1a3ca83c57bd } | |
| $a_26 = { 558b31fcf1beb0b2d7002025c93b87c1 } | |
| $a_27 = { 558b3517bee3c1a38bdb6bead1c92c74 } | |
| $a_28 = { 558b36250a7d681e37fdf65fddb2e760 } | |
| $a_29 = { 558b981ae7f037bdec3cf25c5fe01daa } | |
| $a_30 = { 558b3f0d9527487cc7851036f322ae74 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolMSILKeygen_0e969b416cb2aee2e019c9c16667195888c6d37356b26f19bf7402d842097add { | |
| strings: | |
| $a_2 = { 558b602b074e094ceeea789d401d7a6d } | |
| $a_3 = { 558b741763a971a630b8429eddac7154 } | |
| condition: | |
| 2 of them | |
| } | |
| rule HackToolMSILNoancooe_e5c0e9392df9fc11e9243ed6058fe916846d25e6703e6facf603e6f1376ccef2 { | |
| strings: | |
| $a_2 = { 558b366622b6dee6daf39336f6956721 } | |
| $a_3 = { 558b0d576ce65dad647d8f99b4f00b65 } | |
| condition: | |
| 2 of them | |
| } | |
| rule HackToolMSILSkqes_164df9d152771b911db8b0f16b096e8532640315d011573597e360f63219a592 { | |
| strings: | |
| $a_2 = { 558bec81c458ffffff5356578bf98955 } | |
| $a_3 = { 558bec83c4f48b4508e88ee6ffff85c0 } | |
| $a_4 = { 558bec6a00538bd833c0556857d04100 } | |
| $a_5 = { 558bec83c4f4a1244b5100e8e083fdff } | |
| $a_6 = { 558bc6e80468000084c0740b8bc68b10 } | |
| $a_7 = { 558bec6a006a00568bf033c05568c3a7 } | |
| $a_8 = { 558bec81c478ffffff5356578945fc8d } | |
| $a_9 = { 558bec33c055688566410064ff306489 } | |
| $a_10 = { 558bec81c46cffffff5356578b75108d } | |
| $a_11 = { 558bec53db6d08e86087fdff8bd8db6d } | |
| $a_12 = { 558bec6a006a005356578bf233d25568 } | |
| $a_13 = { 558bec33c05568b350410064ff306489 } | |
| $a_14 = { 558bec33c05568bfc7420064ff306489 } | |
| $a_15 = { 558bec81c4f0feffff5356578bf28dbd } | |
| $a_16 = { 558bfbffa1744b5100e87f2e00005e5b } | |
| $a_17 = { 558bec6a0053568bf18bda33c0556814 } | |
| $a_18 = { 558bec53565733c05568fbd4410064ff } | |
| $a_19 = { 558bec83c4cc5356578bf28d7dd4a5a5 } | |
| $a_20 = { 558bec83c4f08945fc8955f833c08a45 } | |
| $a_21 = { 558bec81c4c0fdffff535657894dfc8b } | |
| $a_22 = { 558b068b80540200008b10ff52448bd0 } | |
| $a_23 = { 558b1c2485db742f8bc366bed6ffe8a0 } | |
| $a_24 = { 558bec33c055688552410064ff306489 } | |
| $a_25 = { 558bec33c055681269400064ff306489 } | |
| $a_26 = { 558bec53568b75088b450c8b1856e8a1 } | |
| $a_27 = { 558bec33c05568699a430064ff306489 } | |
| $a_28 = { 558bec33c05568319a430064ff306489 } | |
| $a_29 = { 558b035068406a4a00ba34694a00a154 } | |
| $a_30 = { 558bec51535657884dfe8855ff8bf88b } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolMSILSkymmer_a286377cadc0e6e46d8cd0483946312ed29b8d19479246b7e4382c8b1ee2eb8c { | |
| strings: | |
| $a_2 = { 558bd0edaf9d5072e49bd3ef3e82f835 } | |
| $a_3 = { 558bff4a4393ff423598ff3b2a99ff31 } | |
| $a_4 = { 558b4bb0f0ad86be0cba4dab6e9a4bab } | |
| condition: | |
| 3 of them | |
| } | |
| rule HackToolMSILWpakill_205739c3e82fe2f118623e28d59c46966c00e14a8f13ae192abe960eedd860b2 { | |
| strings: | |
| $a_2 = { 558bec81ec30060000a1086000015356 } | |
| $a_3 = { 558bec83ec105356578d45fc50e8b9ff } | |
| $a_4 = { 558bec81ec38040000a1086000015356 } | |
| $a_5 = { 558bec51568d45fc5068947132116a01 } | |
| $a_6 = { 558bec81ec28030000a338440010890d } | |
| $a_7 = { 558bec83ec0c565768e8713211bf0540 } | |
| $a_8 = { 558bec5356576a006a00680f27001051 } | |
| $a_9 = { 558bec5de96fc3ffffccccccccccb800 } | |
| $a_10 = { 558bec83ec14a1244300105356578945 } | |
| $a_11 = { 558bec81ec0c020000a1086000016683 } | |
| $a_12 = { 558bec83ec40566a3c33f68d45c05650 } | |
| $a_13 = { 558becff7510ff750c688c713211ff75 } | |
| $a_14 = { 558bec51568d45fc5033f6e856780000 } | |
| $a_15 = { 558becff750c8b4d086863d6321183c1 } | |
| $a_16 = { 558bec837d080074075dff259c100010 } | |
| $a_17 = { 558bec8b4d086a006801d5321183c1e4 } | |
| $a_18 = { 558bec81ec64060000a1086000016683 } | |
| $a_19 = { 558bec8b4d086a00688bd4321183c1e4 } | |
| $a_20 = { 558bec568b75085756e88c2f00008dbe } | |
| $a_21 = { 558bec81ec1c040000a1086000016683 } | |
| $a_22 = { 558bec6a34e820a4ffff5985c0740cff } | |
| $a_23 = { 558bec81ec1c060000a108600001538b } | |
| $a_24 = { 558bec83ec188d45e850ff3510600001 } | |
| $a_25 = { 558bec83ec10a10860000185c074073d } | |
| $a_26 = { 558bec51568d45fc50e8a4feffff8bf0 } | |
| $a_27 = { 558bec8b4d086a0068edd5321183c1e4 } | |
| $a_28 = { 558becb81c130000e8db1c0000a11030 } | |
| $a_29 = { 558becff750cff75086a036a00687864 } | |
| $a_30 = { 558bec81ec28070000a108600001578b } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Aflooder_1a86d9be165ce0f51ba5a310f60050a6675ee9ea5be03c37ea79a989193a5112 { | |
| strings: | |
| $a_2 = { 558bec83ec0c689a64a1c5bf7b8fcc64 } | |
| condition: | |
| 2 of them | |
| } | |
| rule HackToolWin32Agent_b417a52dd54708b8d05f9c695635afbcdcec0e43c105cdd1dc0ad8c992e6061f { | |
| strings: | |
| $a_2 = { 558bec53518b4d08518b0dac6448008b } | |
| $a_3 = { 558bec8b55088b450c8b4d10e83bbffa } | |
| $a_4 = { 558bec5356a1347b4800837804000f95 } | |
| $a_5 = { 558bec6a0033c055683ef5410064ff30 } | |
| $a_6 = { 558bec33c055682deb470064ff306489 } | |
| $a_7 = { 558bec33c05568c3ce420064ff306489 } | |
| $a_8 = { 558bec6a006a0053568bf033c055688c } | |
| $a_9 = { 558bec535657a13c76480085c0744b8b } | |
| $a_10 = { 558bec5153bb3c7a4800a1447a4800e8 } | |
| $a_11 = { 558bec53568b45088b40fce85ccafeff } | |
| $a_12 = { 558bec515356578945fc33c05568b7b9 } | |
| $a_13 = { 558bec51568bf06a208bcaa19c254100 } | |
| $a_14 = { 558b43045081c700bc00005755e805cf } | |
| $a_15 = { 558bec51535684d2740883c4f0e89209 } | |
| $a_16 = { 558bec33c055689955420064ff306489 } | |
| $a_17 = { 558bec6a00538bd833c05568c2a74300 } | |
| $a_18 = { 558bec83c4e8538945fc6a00e86f41fc } | |
| $a_19 = { 558bec5356578b7d10803d2779480000 } | |
| $a_20 = { 558bec83c4f40fb705204048008945f8 } | |
| $a_21 = { 558bec6a0033c055680a7d450064ff30 } | |
| $a_22 = { 558bea8bf88bc7e829c3ffff8bf0bb01 } | |
| $a_23 = { 558bec33c05568bd72420064ff306489 } | |
| $a_24 = { 558bec53568bf28bd8a15c784800e801 } | |
| $a_25 = { 558bec6a006a006a006a0053568bf188 } | |
| $a_26 = { 558bec51535684d2740883c4f0e836a5 } | |
| $a_27 = { 558bec538b5d14b201a14cbf4400e865 } | |
| $a_28 = { 558bec83c4f85356578bda8945fcb201 } | |
| $a_29 = { 558bec535657833db47b480000743c33 } | |
| $a_30 = { 558bec33c055687117470064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Asoka_4108daa457e4f0fb01631503bbb83901134b46a5e8c2751d47445be52dea73f5 { | |
| strings: | |
| $a_2 = { 558bb5a65c1216cd29ca4589230a2dab } | |
| $a_3 = { 558bec83c4f4535657a14c7848008b10 } | |
| $a_4 = { 558bec51535684d2740883c4f0e80e1c } | |
| $a_5 = { 558bec33c055680938440064ff306489 } | |
| $a_6 = { 558bec33c055687970400064ff306489 } | |
| $a_7 = { 558bec6a0033c05568baec400064ff30 } | |
| $a_8 = { 558bec33c055686115470064ff306489 } | |
| $a_9 = { 558bec33c05568753d470064ff306489 } | |
| $a_10 = { 558bec53565784d2740883c4f0e8a28c } | |
| $a_11 = { 558bec6a00538bd833c05568dfcc4700 } | |
| $a_12 = { 558bec33c05568ed40480064ff306489 } | |
| $a_13 = { 558bec51833dc88b400000535657751d } | |
| $a_14 = { 558bea8bf08bc5e8cd54faffbb010000 } | |
| $a_15 = { 558bec51535684d2740883c4f0e8e6c4 } | |
| $a_16 = { 558bec33c055688956470064ff306489 } | |
| $a_17 = { 558bec516844e54000e88a81ffff8945 } | |
| $a_18 = { 558bec33c05568ac24430064ff306489 } | |
| $a_19 = { 558bf28bd833ff8bc3e89f7affff508b } | |
| $a_20 = { 558bec33c05568ad3d470064ff306489 } | |
| $a_21 = { 558bec33c05568b935470064ff306489 } | |
| $a_22 = { 558bec6a00538bd833c055680af94000 } | |
| $a_23 = { 558bec515356578945fc833d68784800 } | |
| $a_24 = { 558bec33c055683934480064ff306489 } | |
| $a_25 = { 558bec50b81800000081c404f0ffff50 } | |
| $a_26 = { 558bec33c055682db5420064ff306489 } | |
| $a_27 = { 558bec33c05568c1ab470064ff306489 } | |
| $a_28 = { 558baf7242e63588e38bf90ead428573 } | |
| $a_29 = { 558bec53568b45088b40fce87899feff } | |
| $a_30 = { 558bec84d2740883c4f0e8a5bffeff89 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Auha_6056dcc6b4fb29911d20e814745fdb86732dece1b64bb21496c998acb5af1731 { | |
| strings: | |
| $a_2 = { 558bec81ec200300008d8570feffff50 } | |
| condition: | |
| 2 of them | |
| } | |
| rule HackToolWin32AutoKMS_985c7150937db4c0a232adad48db4b1a2e5f6c9a1f6dc9cabfd7be51633191e4 { | |
| strings: | |
| $a_2 = { 558bec83ec18a1984043008365e8008d } | |
| $a_3 = { 558bec6aff685b80420064a100000000 } | |
| $a_4 = { 558bec81ecf4000000a19840430033c5 } | |
| $a_5 = { 558bec5151a19840430033c58945fc53 } | |
| $a_6 = { 558bec518d45fc5068149842006a00ff } | |
| $a_7 = { 558bec81ecec020000a19840430033c5 } | |
| $a_8 = { 558bec568b750c56e8edda010083c404 } | |
| $a_9 = { 558bec83e4f86aff689086420064a100 } | |
| $a_10 = { 558bec6aff682084420064a100000000 } | |
| $a_11 = { 558bec5156576a006a006aff8bc1506a } | |
| $a_12 = { 558bec83e4f86aff68b484420064a100 } | |
| $a_13 = { 558bec8b4d0c5685c97516e8d12dffff } | |
| $a_14 = { 558beca1ccd14300330598404300ff75 } | |
| $a_15 = { 558bec6aff687882420064a100000000 } | |
| $a_16 = { 558bec8b4508a344c443005dc3558bec } | |
| $a_17 = { 558bec83ec0833d28955fc3915780443 } | |
| $a_18 = { 558bec56ff75088bf1e88ece0000c706 } | |
| $a_19 = { 558bec83ec44a19840430033c58945fc } | |
| $a_20 = { 558bec6a20e8e2e7feff5985c0740cff } | |
| $a_21 = { 558bec568bf1ff761ce8bf22000083c4 } | |
| $a_22 = { 558bec56ff75088bf1e89e020000c706 } | |
| $a_23 = { 558bec83ec108d4df05657ff7510e8ff } | |
| $a_24 = { 558bec6aff68c07e420064a100000000 } | |
| $a_25 = { 558bec6aff686086420064a100000000 } | |
| $a_26 = { 558bec56e8796dffff8bf0ffb69c0000 } | |
| $a_27 = { 558bec6aff689885420064a100000000 } | |
| $a_28 = { 558bec568bf1c70618924200e8520000 } | |
| $a_29 = { 558bec6aff68507e420064a100000000 } | |
| $a_30 = { 558bec6aff683887420064a100000000 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32BCoinMine_ccd9dd481b12abb943ce9df61862192dd2faeb78a0dc5e7c6ed08de85fcbe7a5 { | |
| strings: | |
| $a_2 = { 558bec83ec0868b61c400064a1000000 } | |
| $a_3 = { 558bf5861092dc83166b28878731c7cd } | |
| $a_4 = { 558be03b02fabcc48c7fea2e93ef14d4 } | |
| $a_5 = { 558b33312ab7baf7e75bc7f93cd09bca } | |
| $a_6 = { 558b1bad878a9f78dbf2c4cc9cb2681c } | |
| $a_7 = { 558bce63c9c082faa7246821bbb428af } | |
| $a_8 = { 558b32da8ef94e72df7f99080284d3fa } | |
| $a_9 = { 558b6c2428578b7c24188b5424288b07 } | |
| $a_10 = { 558bec83ec1868b61c400064a1000000 } | |
| $a_11 = { 558bcbb3c84bced43a0840064d01c109 } | |
| $a_12 = { 558bd96b05511212bce2dcb66d4c9f23 } | |
| $a_13 = { 558be4fdcb56d950f589af087971733e } | |
| $a_14 = { 558bb4daaa392e1d377dfec20e5b6ee1 } | |
| $a_15 = { 558b199b8654edbe291efb9f5b0c7f7f } | |
| $a_16 = { 558ba7ad8d3efaa701a766dd6fa5a4a3 } | |
| $a_17 = { 558beda2791be881c66b09d24b2a31c4 } | |
| $a_18 = { 558bac0be88fe1b84014d3250364c950 } | |
| $a_19 = { 558b4424142bd08bc870612b4c24248b } | |
| $a_20 = { 558bec83ec0c68b61c400064a1000000 } | |
| $a_21 = { 558b0353b73b99377d40ec280aa9ae04 } | |
| $a_22 = { 558b04746f0cbdaf3a9e63e761cef1e8 } | |
| $a_23 = { 558b72013fe3d8081cd1ffb4e2dacb3e } | |
| $a_24 = { 558b0ab42643d53b90edd34403336f82 } | |
| $a_25 = { 558bf24f711de2750eebcc6353c6acd9 } | |
| $a_26 = { 558b13fee2afa797db83deb04bcde43d } | |
| $a_27 = { 558bd1e53af111c5a93822e4537fdcce } | |
| $a_28 = { 558b1a3691920ba4e4a70a42d8aafa01 } | |
| $a_29 = { 558b557da32740a9e32a662ce9144fde } | |
| $a_30 = { 558bec83ec1468b61c400064a1000000 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Bendor_09da1e11658f6499c90e4b374938dcfefc0fedfd2b2b46c84cc14ed5b58a1fc6 { | |
| strings: | |
| $a_2 = { 558bec6aff682824400068c61a400064 } | |
| condition: | |
| 2 of them | |
| } | |
| rule HackToolWin32Broduplo_fb10af8dd2f3af7f084b02efac0850c48d482509c73e9a993a63f6ff5aef451f { | |
| strings: | |
| $a_2 = { 558bec5153568bd98bf2573b730c7d49 } | |
| $a_3 = { 558bec56578b7d08ff7744e84999fcff } | |
| $a_4 = { 558bec8b45088078730074088b80c000 } | |
| $a_5 = { 558bec83c4e053568bd880bbd4020000 } | |
| $a_6 = { 558bec83c4e88945fc8b45fc83b88002 } | |
| $a_7 = { 558bec83ec385356578bf98bda8b0f0f } | |
| $a_8 = { 558bec83c4dcb8cc9b6c00e898a70100 } | |
| $a_9 = { 558bec83c4ec8955f88945fcb201a1f0 } | |
| $a_10 = { 558bec83ec30538bc1568b18578bb8e4 } | |
| $a_11 = { 558bec56fc8b750c8b4e0833cee83cc9 } | |
| $a_12 = { 558bec83c4f8e815f8fcff8855fb8945 } | |
| $a_13 = { 558bec8b450883c00850e80d03000059 } | |
| $a_14 = { 558bec515356578b5d08538b03ff5018 } | |
| $a_15 = { 558bec53565733ffe8fff5ffff8bd88b } | |
| $a_16 = { 558bec535657a120276d0085c074538b } | |
| $a_17 = { 558bec83e4f881ecd4010000a1403046 } | |
| $a_18 = { 558bec8b4d10538b0956578b7d08b201 } | |
| $a_19 = { 558bec6a005356578bf833c05568e053 } | |
| $a_20 = { 558bec83c4dcb82cae6c00e874290100 } | |
| $a_21 = { 558bec8b550c56578b7d088bcfe801fe } | |
| $a_22 = { 558bec568b7508578bf985f6782433c0 } | |
| $a_23 = { 558bec6a00538bd833c05568ff925800 } | |
| $a_24 = { 558bec83ec1853568bf133db8b462457 } | |
| $a_25 = { 558bec8b450850ff15fcc26c00595dc3 } | |
| $a_26 = { 558bec83ec1c538b5d0c560fb74b0257 } | |
| $a_27 = { 558bec5151538b5d08568a4b08570fb6 } | |
| $a_28 = { 558bec81c408feffffe86aeddfff8985 } | |
| $a_29 = { 558bec6a005356578bf033c05568cecb } | |
| $a_30 = { 558bec568b750885f6750433c0eb5a53 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32BrowserPassview_34f54e7fe024c609fb505cda37529446c3f7ed3fd8bae124ed6add22b10baf54 { | |
| strings: | |
| $a_2 = { 558bfb6461f211f9e90e3220e317f8b6 } | |
| $a_3 = { 558bb85a2d028330abd2c8c5dc3a1acd } | |
| $a_4 = { 558bdded6330dad50e92a69de588612f } | |
| $a_5 = { 558b4d2556413326dce19e857600f9f6 } | |
| $a_6 = { 558be3271fe36719dae919b5759df1f2 } | |
| $a_7 = { 558b245d2af21298fcc59b4bf1717c64 } | |
| $a_8 = { 558b152c8ed77e5737439355b09f97e2 } | |
| $a_9 = { 558b245b5215a11746e32a507edfac8d } | |
| $a_10 = { 558bacea79a5fe9ed1a6ec29c71e06b1 } | |
| $a_11 = { 558b8f23ab1fa1e7e46824535da3bb38 } | |
| $a_12 = { 558bf44240a5d35801cf17de69c54012 } | |
| $a_13 = { 558b3d40af95c5e326fa25783cdb4db3 } | |
| $a_14 = { 558b54e6fde316018134282d3d5cb29c } | |
| $a_15 = { 558b35205658c2f2f58b2b049e15a7d4 } | |
| $a_16 = { 558b126dcc883313d58d8f411413ba04 } | |
| $a_17 = { 558b70e849ced36d5354023237710156 } | |
| $a_18 = { 558b6762fd4ca216819815f39ba36c20 } | |
| $a_19 = { 558b86544dd8311344e518f045ab41e8 } | |
| $a_20 = { 558b16722e2c8798c94c90faa13786c7 } | |
| $a_21 = { 558bb9bab2796bfbc6fbadf24fd5621e } | |
| $a_22 = { 558b75830b6608c007805c059144a67c } | |
| $a_23 = { 558b1f37073c273a89bb60a0b095b83a } | |
| $a_24 = { 558b3a3afba0f48ddcf89ecfff7de5fd } | |
| $a_25 = { 558b947c1e4e804daea531df75d4435c } | |
| $a_26 = { 5589e586e5b7ffe2825367c0b6b6949e } | |
| $a_27 = { 558b8d9f47742df6886c44fb503c12b2 } | |
| $a_28 = { 558bf638be66c1542dfe28059ef84901 } | |
| $a_29 = { 558bfec5e1768cca3b0fc8f41b2c6a48 } | |
| $a_30 = { 558b19c9be3407056fec96ba06a6fde0 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Cain_cb4ab19707d91bbdf8bc2b66d830f2583cd2549fcffdc4af7fbcc6b5167fca94 { | |
| strings: | |
| $a_2 = { 558b0d0235d7025b1921ed92271a1878 } | |
| $a_3 = { 558b85920c410a76647cc34cc457900b } | |
| $a_4 = { 558bec6afe6888e7759782705c58a06e } | |
| $a_5 = { 558bcf8900b0a4387e201180dd794b14 } | |
| $a_6 = { 558b0102dd3b9ff083c5f0e7046e1357 } | |
| $a_7 = { 558b86781092e6379e4c00516680c180 } | |
| $a_8 = { 558b786a08d803350678e58528bebf8a } | |
| $a_9 = { 5589e5fa694a28c4560c24cd9be8563a } | |
| $a_10 = { 558bc028401fa03ed225401e17b30184 } | |
| $a_11 = { 558bace2eb092c2e67ac8d5369762ca6 } | |
| $a_12 = { 558ba95188ccc90cbf7084888196ff9f } | |
| $a_13 = { 558b2b575057e71e876bd7a334a03050 } | |
| $a_14 = { 558b1e24d8a97664135150675676ee45 } | |
| $a_15 = { 558bcfb755c8479a87afbf5ff09083bf } | |
| $a_16 = { 558b6f2a8b38942fdfe44359213f9b01 } | |
| $a_17 = { 558bcffe18db724f3a03eb2fe80f8c3c } | |
| $a_18 = { 558b20af534440a618a41a0922f53ec5 } | |
| $a_19 = { 558b51181f2d20615fee461c80b5301d } | |
| $a_20 = { 558bd8fb1b5688676a1f5348f50d3a80 } | |
| $a_21 = { 558bc608a1d02f01905b98890d0b3a8c } | |
| $a_22 = { 558bad5d5d3d2c23456a5826eb05ef9c } | |
| $a_23 = { 558b06618dbeef202f18cf71a2487dd0 } | |
| $a_24 = { 558bce58e80e74558750b723da440805 } | |
| $a_25 = { 558b571d8f7875bfcb6cfad3363ebc60 } | |
| $a_26 = { 558b33e156edc643b95d0883bf3ee053 } | |
| $a_27 = { 558b159710023eab171408b90a6fc02b } | |
| $a_28 = { 558b1110cf14a045806e9a0d2e250a70 } | |
| $a_29 = { 558bd5b528498e38704f8730251c0d93 } | |
| $a_30 = { 558bcef7dec43b3bc6afc6528f71f0b0 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32CCProxy_d8bd5db762495e579a84128b9cb51a90e7797f7790453f749bec1e8cebc35f6a { | |
| strings: | |
| $a_2 = { 558bec51833dbc48530000535657751d } | |
| $a_3 = { 558b6c241083fd03560f8c85000000b8 } | |
| $a_4 = { 558bec81eccc0000008d45f050ff1558 } | |
| $a_5 = { 558bec5151568bf1578b3dccc047008b } | |
| $a_6 = { 558bcbe8d15e06008d83cc0300008bcb } | |
| $a_7 = { 558bec83ec18568b7508833dd0324900 } | |
| $a_8 = { 558bec5151568bf1578b3dc0c047008b } | |
| $a_9 = { 558b6c241c68081000008bd88b952801 } | |
| $a_10 = { 558bec518d45fc680089480050c745fc } | |
| $a_11 = { 558bec6aff6850a8470064a100000000 } | |
| $a_12 = { 558bec5151568bf1e896ba00008b400c } | |
| $a_13 = { 558bec83ec14a1d44a53008b15d84a53 } | |
| $a_14 = { 558bec81ec840000008365fc0051e879 } | |
| $a_15 = { 558bec6aff68f097470064a100000000 } | |
| $a_16 = { 558be956576a408b453450ff1540c647 } | |
| $a_17 = { 558bac242c600000565733f60fbe042e } | |
| $a_18 = { 558bec6aff686825480068acf5450064 } | |
| $a_19 = { 558bcbe8110100008b73088b4424208b } | |
| $a_20 = { 558b2d98c647008bd8ffd5bf01000000 } | |
| $a_21 = { 558bec83ec205356578b7d08bed82b48 } | |
| $a_22 = { 558bec5153578bd96a10e894edffff85 } | |
| $a_23 = { 558be95657b9000100008d5d08c68508 } | |
| $a_24 = { 558b46046a008bcb8d2cb8e8b3830000 } | |
| $a_25 = { 558bcbe8710100008b53088b43045250 } | |
| $a_26 = { 558bcee8c70803008b4424208bce506a } | |
| $a_27 = { 558b0c85c45e53008b7c24245157ff15 } | |
| $a_28 = { 558bec535657e8da4f00008bd833f68b } | |
| $a_29 = { 558be956576a408b454050ff1540c647 } | |
| $a_30 = { 558becff750cff7508ff15acc447008b } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Certsteal_0845cb61d3c1bc723e78d2738a48817297f2572688884958119b71a86f3f2ebd { | |
| strings: | |
| $a_2 = { 558bec535657556a006a0068403c4000 } | |
| $a_3 = { 558bc18bf1c1f80583e61f8d3c852093 } | |
| $a_4 = { 558bec83ec14a1f89240008b15fc9240 } | |
| $a_5 = { 558bec51515333db391d48a440005657 } | |
| $a_6 = { 558bec5756538b750c8b7d088d05648f } | |
| $a_7 = { 558bec83ec0c53568b7508573b352094 } | |
| $a_8 = { 558bec51833d6c8f400000535657751d } | |
| $a_9 = { 558bec5657ff7508e8760c00008bf08d } | |
| $a_10 = { 558bec6aff688074400068203d400064 } | |
| $a_11 = { 558bec515153568b3594904000578b7d } | |
| $a_12 = { 558b2d1c7040008d9424100100006880 } | |
| $a_13 = { 558becb800100000e83e030000538b5d } | |
| $a_14 = { 558bec6aff680871400068203d400064 } | |
| $a_15 = { 558bec6aff68d874400068203d400064 } | |
| $a_16 = { 558b2dac704000565733db33f633ff3b } | |
| $a_17 = { 558bec8b450885c075025dc3833d6c8f } | |
| condition: | |
| 14 of them | |
| } | |
| rule HackToolWin32ChromePass_af1f902c5d959dfd036c2e04ea9113a6fe434a23da0fa52cf5a2fc0d671c2c59 { | |
| strings: | |
| $a_2 = { 558bec83ec2c6a2a8d45d450e837bfff } | |
| $a_3 = { 558bec81ec1c080000e837f1ffff84c0 } | |
| $a_4 = { 558bec83ec20e81b98ffff85c0740bff } | |
| $a_5 = { 558bec8b0d0c00410081ec1401000083 } | |
| $a_6 = { 558becb840100000e8f961ffff53568b } | |
| $a_7 = { 558becb82c340000e87d87ffff576a5c } | |
| $a_8 = { 558bec5356e81a3300008b750c33db85 } | |
| $a_9 = { 558bec81ec00080000803dd004410000 } | |
| $a_10 = { 558bec83ec1c6a1a8d45e450e891bcff } | |
| $a_11 = { 558becb8a0200000e88fcaffff56be00 } | |
| $a_12 = { 558b2b8855f28efeaba4ac9ebf8ad8b7 } | |
| $a_13 = { 558bec5151568b75085756e8ff430000 } | |
| $a_14 = { 558beca1d4d88c9095fd0daf65b00750 } | |
| $a_15 = { 558bec515156578b3d20e140008bf183 } | |
| $a_16 = { 558becb800100000e8e43cffffe84199 } | |
| $a_17 = { 558bec53568b3594154200578b3d9015 } | |
| $a_18 = { 558bec568b35d0e14000803d46584200 } | |
| $a_19 = { 558bec568b75086a006a006860e84000 } | |
| $a_20 = { 558becff75086a00ff15a4e0400050ff } | |
| $a_21 = { 558bec81ec2c010000833d2800410000 } | |
| $a_22 = { 558becb804200000e8e367ffff535668 } | |
| $a_23 = { 558becb800100000e8723cffff56be00 } | |
| $a_24 = { 558bec83ec2853565733ff57ff15ace1 } | |
| $a_25 = { 558bec5de9a398000033c96a088bc15a } | |
| $a_26 = { 558bec83ec3c6a3868aa154200ff750c } | |
| $a_27 = { 558bec81ec0008000056ff3564164200 } | |
| $a_28 = { 558becb800140000e80272ffff680004 } | |
| $a_29 = { 558bec51ff05d808410056c645ff0133 } | |
| $a_30 = { 558bec81ec20080000e81531000085c0 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32CiscoGetPass_a7ec2697efebedca58389261ab2de09fe33360ed4c67e02ff97aaed3aa7d5824 { | |
| strings: | |
| $a_2 = { 558bec51535684d2740883c4f0e80652 } | |
| $a_3 = { 558bec51538bda8945fc8b45fc8b8040 } | |
| $a_4 = { 558bec5153568bf28945fc837dfc0074 } | |
| $a_5 = { 558bec6a0033c05568eab0400064ff30 } | |
| $a_6 = { 558bec5153884dff6683786e0074188a } | |
| $a_7 = { 558bec6a00538bd833c05568dd504000 } | |
| $a_8 = { 558bec83c4d853e8210700008bda8945 } | |
| $a_9 = { 558bec83c4b884d2740883c4f0e81a7f } | |
| $a_10 = { 558bec6a0033c055683250420064ff30 } | |
| $a_11 = { 558bec83c4f40fb70508c243008945f8 } | |
| $a_12 = { 558be868007f00006a00e8ae46020089 } | |
| $a_13 = { 558bec6a00538bd833c055688d6a4200 } | |
| $a_14 = { 558bec8b450850e8ac030000595dc390 } | |
| $a_15 = { 558bec6a080fb7450850e83100000083 } | |
| $a_16 = { 558bec8b450850e8fc95000083f8020f } | |
| $a_17 = { 558bec5356578b7d0c8b750857e8b6fe } | |
| $a_18 = { 558bec83c4ec535633db895dec8bd989 } | |
| $a_19 = { 558bf0bf04fe4300bd08fe43008b1dfc } | |
| $a_20 = { 558b065053576a006a00e8eab6000081 } | |
| $a_21 = { 558bec518945fc8b45fc80b828010000 } | |
| $a_22 = { 558bec83c4d08855f884d27e05e84a90 } | |
| $a_23 = { 558bec83c4dcb808c84300535657e88d } | |
| $a_24 = { 558bec83c4f0538b5d088d45f050e8e9 } | |
| $a_25 = { 558bec53568b450881e86cc84300b918 } | |
| $a_26 = { 558bec6a005333c055682702410064ff } | |
| $a_27 = { 558bf98bf28bd88bcf8bd68bc3e8a7f6 } | |
| $a_28 = { 558bec83c4ec535657e8e2050000f645 } | |
| $a_29 = { 558bec53568bf28bd88b53608bc6e85d } | |
| $a_30 = { 558bec5dc2080090c3909090c3909090 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Delf_96174d11023e9ab899f849a92a29043f95091a0ef121b8b57de45b6aa63107ad { | |
| strings: | |
| $a_2 = { 558b5eeac7bd387ddb4a22f08af3b317 } | |
| $a_3 = { 558b6bb4df4ae422156710dec82f3ad7 } | |
| $a_4 = { 558b27ad728dc86a58f3637a8a764599 } | |
| $a_5 = { 558bf958f507c335802d727a87acaf42 } | |
| $a_6 = { 558b46e79dbcf4a290162bab1b3e4d59 } | |
| $a_7 = { 558b4ac341b825c60309ef55de9d1613 } | |
| $a_8 = { 558b375c368eb449aaf1298eee5621b1 } | |
| $a_9 = { 558b0f1217a4ee310c419d5ef6c03f60 } | |
| condition: | |
| 7 of them | |
| } | |
| rule HackToolWin32Dialupas_8d53af24600c9ebeac37c7a3e7038f3fa89e594ee158d3716520a84a66cce3ee { | |
| strings: | |
| $a_2 = { 558bec518365fc005356578bf983bfc0 } | |
| $a_3 = { 558bec83ec1453568b35b0d14000576a } | |
| $a_4 = { 558becb804200000e8d4a300005356be } | |
| $a_5 = { 558bec568bf10fbf4d10578b7d0c0fbf } | |
| $a_6 = { 558becb804200000e80b6400005633f6 } | |
| $a_7 = { 558bec518365fc00568bf1e893ffffff } | |
| $a_8 = { 558bec83ec0c8d45f45033c05050508d } | |
| $a_9 = { 558bec83e4f8b83c200000e8bd660000 } | |
| $a_10 = { 558bec51515356576844d84000c745f8 } | |
| $a_11 = { 558becb81c1a0000e81f970000535657 } | |
| $a_12 = { 558bec515153568bf08d45f850ff1514 } | |
| $a_13 = { 558becb860140000e819900000535657 } | |
| $a_14 = { 558becb818120000e85e9200008365fc } | |
| $a_15 = { 558bec5356578bf0e8ec000000ff7508 } | |
| $a_16 = { 558bec83ec205733ff397b24897dfc0f } | |
| $a_17 = { 558bec83e4f883ec1c83ff015375078b } | |
| $a_18 = { 558bec83e4f8b874480000e8851d0000 } | |
| $a_19 = { 558bec81ec0c02000066837e023a7503 } | |
| $a_20 = { 558bec5151535657ff75088bf0e89e70 } | |
| $a_21 = { 558bec51518b8694060000576a01e8cf } | |
| $a_22 = { 558bec83ec2085c0894de08b4d14894d } | |
| $a_23 = { 558bec83ec5c6a006a0e684ce240008d } | |
| $a_24 = { 558bec538b5d0c0fb70356578b790489 } | |
| $a_25 = { 558becb800800000e86b4400005356be } | |
| $a_26 = { 558b6c240c565733ff89bd40020000c7 } | |
| $a_27 = { 558bec83ec2c6a00ff750c8d45d4ff75 } | |
| $a_28 = { 558bec83ec6053565733c033db885dd4 } | |
| $a_29 = { 558bec837d0800535774498b3d7cd240 } | |
| $a_30 = { 558bec8b869406000081ec0004000053 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Dipaen_61e645bf5897691436d97e8491b87da0dcf1445f0e52fda4ab438f5739a3e261 { | |
| strings: | |
| $a_2 = { 558b86d02c96c3803c3880761c6a03f4 } | |
| $a_3 = { 558b6c243a1856a485c14f6b7524d04d } | |
| condition: | |
| 2 of them | |
| } | |
| rule HackToolWin32Dlhs_ac8ed968d4d65a55b898f75e2e969eae72de189202b581467425e483ebaf5f10 { | |
| strings: | |
| $a_2 = { 558bec56578b4510508b4d0c518b5508 } | |
| $a_3 = { 558bec68404040008b450c508b4d0851 } | |
| $a_4 = { 558becb818260000e88d0d00005657c7 } | |
| $a_5 = { 558bec83ec1853568b45108a88000100 } | |
| $a_6 = { 558bec81ec140100005657c68500ffff } | |
| $a_7 = { 558bec6aff68d0304000686022400064 } | |
| $a_8 = { 558bec68504240008b450c508b4d0851 } | |
| $a_9 = { 558bec83ec1453568b45108945f866c7 } | |
| condition: | |
| 7 of them | |
| } | |
| rule HackToolWin32DUBrute_5eae3b2beefdc167ee72c9cab1d39fb16d0e721a323ee1037e8ae31d23789338 { | |
| strings: | |
| $a_2 = { 558bf032e50142c76f6be9b1f7429568 } | |
| $a_3 = { 558b79d7267a68b48a3d997939fa1c6c } | |
| $a_4 = { 558b11fec16d55c002fa2e9bb35e0284 } | |
| $a_5 = { 558b4e478bdfcc9f82ca8fd00639a3f1 } | |
| $a_6 = { 558bb655e838706debad06758340ca96 } | |
| $a_7 = { 558bf7e4e52cef2b40d74022c2b0aa36 } | |
| $a_8 = { 558bf18c90cc6d88d368434e8db31385 } | |
| $a_9 = { 558b07079aa0b7e334753a5612404766 } | |
| $a_10 = { 558b7d30d12bb8dda4f71858ef8a0dc8 } | |
| $a_11 = { 558bc5f939998062d6f60f1b615de377 } | |
| $a_12 = { 558bc053a3cf5354f2a060a9456db905 } | |
| $a_13 = { 558bd3e268522b94555bf65a00e54910 } | |
| $a_14 = { 558b44d0444e4017f648dd93adf52749 } | |
| $a_15 = { 558b9fbaf7815a314effb6dc86e83978 } | |
| $a_16 = { 558b38696c4384147b193df3c7f58509 } | |
| $a_17 = { 558b0bd1cc54ae2de57f1e95de4a9394 } | |
| $a_18 = { 558bc8511a3d985e793459da168a0122 } | |
| $a_19 = { 558b0c1f67425c79c99ca6bcfb0b7fbe } | |
| $a_20 = { 558b71846e234c70e4743088dc6b2757 } | |
| $a_21 = { 558bef1b9d4cbc7626998fad7cbdfce5 } | |
| $a_22 = { 558b57482a256f597567edab232a966a } | |
| condition: | |
| 18 of them | |
| } | |
| rule HackToolWin32Dump_7a10f92f1f03addc1f6f8bcb0cabc56dbfe90375b5fb14ccb303028d18e42953 { | |
| strings: | |
| $a_2 = { 558bec83c4f4538bda56578bf88d7330 } | |
| $a_3 = { 558bea8bd885db74548db3c84b0000ba } | |
| $a_4 = { 558be1fb2d49cbf238728239a82d3fd4 } | |
| $a_5 = { 558bec8b4508e809fdffff5dc3909090 } | |
| $a_6 = { 558bec33c05dc20800909090b8aca441 } | |
| $a_7 = { 558bec538b5d08ff7314e8edf7000085 } | |
| $a_8 = { 558bec6a008b4508508b45105ae876f5 } | |
| $a_9 = { 558bec5356578bf28b55088b7d0c84d2 } | |
| $a_10 = { 558b462c25ffff03008b560c8b0c023b } | |
| $a_11 = { 558bb3440600003bb3dc4b000076083b } | |
| $a_12 = { 558bec81c404f0ffff5053833db84841 } | |
| $a_13 = { 558bec81c4e0f1ffff538bd856578b83 } | |
| $a_14 = { 558bf08bf98bea8bd7c1e2038b461401 } | |
| $a_15 = { 558bf833ed8bdfeb2f25ff000000e86e } | |
| $a_16 = { 558bec538bd9803dd450410000752052 } | |
| $a_17 = { 558b332f6fab52ee5ed65b128d0695cb } | |
| $a_18 = { 558bec515356578945fc8bf189355451 } | |
| $a_19 = { 558bf28bd833edeb2145f7c57f000000 } | |
| $a_20 = { 558bd0176c13a6a98ca715c55e06e81b } | |
| $a_21 = { 558bec8b4508e83dfdffff5dc3909090 } | |
| $a_22 = { 558b24641f4148dcd8551e1a10aed46b } | |
| $a_23 = { 558bec83c4c4b8aca4410053bb645541 } | |
| $a_24 = { 558becff7508e87ddeffff5dc2040090 } | |
| $a_25 = { 558bea8bd8eb2f83bb703e00007a751f } | |
| $a_26 = { 558bea8bc5e817a8000003c08d044005 } | |
| $a_27 = { 558bec33d28a5508e883f9ffff5dc204 } | |
| $a_28 = { 558b0100578d02005a8d04005a890b00 } | |
| $a_29 = { 558bea8bc58b73048bf9e810fcffff8b } | |
| $a_30 = { 558bec8b4508e84dfdffff5dc3909090 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Echoload_02aea02fc83d93f15b0d316cbe0712ae5a537f4195c76d49a7d3e2f8abc3dec4 { | |
| strings: | |
| $a_2 = { 558bec83ec0c683614400064a1000000 } | |
| $a_3 = { 558bec83ec08683614400064a1000000 } | |
| $a_4 = { 558bec83ec18683614400064a1000000 } | |
| $a_5 = { 558bec83ec14683614400064a1000000 } | |
| condition: | |
| 4 of them | |
| } | |
| rule HackToolWin32Eqtonex_8b21f94397a5f14b2c1f91e6a4aa7fa55613162369fb27e102886b1439becfcb { | |
| strings: | |
| $a_2 = { 558b6c2408578bf885ed76465683c104 } | |
| $a_3 = { 558bec83ec20568d45f050c645f06bc6 } | |
| $a_4 = { 558bec837d0c017505e86d1200005de9 } | |
| $a_5 = { 558bec81ec2c020000833da48e011000 } | |
| $a_6 = { 558bec5333db395d08750883c8ffe9c0 } | |
| $a_7 = { 558b680c578d78100fb6c3508b442420 } | |
| $a_8 = { 558bec83ec248365dc00c645ff0185f6 } | |
| $a_9 = { 558bec51515356578b7d08c645ff0185 } | |
| $a_10 = { 558bec8b550881ec0802000053565733 } | |
| $a_11 = { 558b680456578b7c24248bf7c1ee10b8 } | |
| $a_12 = { 558bae5401000003c5578bf8c1ef048b } | |
| $a_13 = { 558bec837d0c00567439837d10007433 } | |
| $a_14 = { 558bec81ec08030000837d08000f8482 } | |
| $a_15 = { 558b74241885f6744d837c241c007446 } | |
| $a_16 = { 558bec83ec1c837d0c005356570f8478 } | |
| $a_17 = { 558bec5133c038450c7413f705548401 } | |
| $a_18 = { 558bec53578b7d0857ff15d08e011085 } | |
| $a_19 = { 558bec83e4f881ec24040000538b5d1c } | |
| $a_20 = { 558bec5151568bf085f6750f6a0be825 } | |
| $a_21 = { 558bec83ec0c535657be105401108d7d } | |
| $a_22 = { 558bec33c083ec10394510740dff7510 } | |
| $a_23 = { 558bec51568b750c56ff157c51011089 } | |
| $a_24 = { 558bec568bf1ff1530520110f6450801 } | |
| $a_25 = { 558bec51803d78880110005356577467 } | |
| $a_26 = { 558bcee87461000068005301108bcee8 } | |
| $a_27 = { 558bec51518b450885c074060fb7480a } | |
| $a_28 = { 558bec5156ff75148b7510ff7508ff15 } | |
| $a_29 = { 558bcee81860000068f05201108bcee8 } | |
| $a_30 = { 558bec51515683ceff397508743d33c0 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Evidpatch_055ff25a959bc6eb31e04eb20a46e065b8978715109c9a3ea8ce94e9a218c9da { | |
| strings: | |
| $a_2 = { 558b3154711cc8819c6f343844200772 } | |
| condition: | |
| 2 of them | |
| } | |
| rule HackToolWin32FakeHack_7262afe52f93736235b6ff314de827029fc7584c232305a3c7c4d560f436102b { | |
| strings: | |
| $a_2 = { 558bbde5e46f5b5d56667d557335f25b } | |
| $a_3 = { 558b5d6a77bf5de6f450149732db310f } | |
| $a_4 = { 558bef778cb53e7cb9bd37fcc7b6f8a2 } | |
| condition: | |
| 3 of them | |
| } | |
| rule HackToolWin32Fgdump_0d66288dbd0b94cdc8ff0b0f2f8af23f9df7b01e563ff6058b9e4e61e260b74b { | |
| strings: | |
| $a_2 = { 558bf746612ed1d27483c968e1e7dd29 } | |
| $a_3 = { 558b4a7c7d62addab9b887a9793d097b } | |
| $a_4 = { 558b9d9b7a8654cff26bc7a9c68f31ae } | |
| $a_5 = { 558b035b9ce3d9d42c49fe960d2b59c0 } | |
| $a_6 = { 558b5b57d80680b81f4a7f8cd90a9073 } | |
| $a_7 = { 558b3ea285ff3c66b821bc3b87f8739c } | |
| $a_8 = { 558b2ab4d8be4bcde9b80081f5041709 } | |
| $a_9 = { 558bd919ee5fc4039f764d70dfd4bd74 } | |
| $a_10 = { 558ba1c6981e4bb19b24ef4a616a6af9 } | |
| $a_11 = { 558b1c77be23b0040d7d8b03af961afe } | |
| $a_12 = { 558b21cebdca0e09e065d67c48e516fe } | |
| $a_13 = { 558b0a22e4920e6a3913653c5ab56e4d } | |
| $a_14 = { 558b3577409d83cf4c7956be9ecf96b6 } | |
| $a_15 = { 558b5ec38877026ccf67de02a149bbef } | |
| $a_16 = { 558b95e0622a5e28505aa1c23d60f470 } | |
| $a_17 = { 558bf12889092225ac6363beaeb955af } | |
| $a_18 = { 558bbc20a1fca0a6fec2994d6c9a0435 } | |
| $a_19 = { 558b03dbd3f626218eaaeb1d43a5ce5e } | |
| $a_20 = { 558bce6caa2bc0ce0045070845e6fee1 } | |
| $a_21 = { 558b5eeef384ca62a1ea129b2a65a3db } | |
| $a_22 = { 558b5c8ceb66fe12c5a30ec1c832f3b8 } | |
| $a_23 = { 558b1d5290491cd0db2aa523c8231f67 } | |
| $a_24 = { 558bc88b1b306553ad5f8972a5af92c7 } | |
| $a_25 = { 558bd73d01e7d8472c7aa14fb2c8d7d2 } | |
| $a_26 = { 558b160a5247598e2b8216a47f0bb99d } | |
| $a_27 = { 558bb1052a9eea0649f73892ddaab216 } | |
| $a_28 = { 558b2de425608ba869b06103f7e1cdff } | |
| $a_29 = { 558b2a26b7800821b30f3af916ea6b1f } | |
| $a_30 = { 558be3db06ce8d48a925a5efd150dd5e } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32GameHack_71433458be1e47f371e50e046f95ef8a68c485573065fb95850fa3d178615088 { | |
| strings: | |
| $a_2 = { 558bc56c663952869359232860e2705b } | |
| $a_3 = { 558b4f5b1e7c1e11e723fd04b714a50a } | |
| $a_4 = { 558be291ec781ec4000ba239d518c198 } | |
| $a_5 = { 558bc4c062954090e4ed14792603f19a } | |
| $a_6 = { 558b0722067570aaabab526670e403dc } | |
| $a_7 = { 558b5c22702299e0888896c347aeaffb } | |
| $a_8 = { 558b6a81da949e57df15c9e25c3ed62e } | |
| $a_9 = { 558bc2f908212653e740dbca8f98dcdb } | |
| $a_10 = { 558b3e96a955ed2c60dd700d4905532e } | |
| $a_11 = { 558b372ec737fad28c687c077a342f11 } | |
| $a_12 = { 558b7a1c9ce94529fbff88042466c704 } | |
| $a_13 = { 558b6eef020ac8404d4c046c2f476c46 } | |
| $a_14 = { 558be9ad95605feca1b77d2d57c8408b } | |
| $a_15 = { 558b3df07a837c09bfb6f986d2430786 } | |
| $a_16 = { 558b7b54ab216dca0cdd05b8436b4c40 } | |
| $a_17 = { 558b108b1065d13f8c0ec0976a77cd4e } | |
| $a_18 = { 558b684fd3ed440501c6ade8af2e8715 } | |
| $a_19 = { 558b7806b331dc5084e54e537be40a83 } | |
| $a_20 = { 558b43087b48115a13b5f8820feadcb7 } | |
| $a_21 = { 558b34d0abb2e5ba8e2dc0e4d54f89fb } | |
| $a_22 = { 558b0cc4557b3f3270f863d0069c4fb4 } | |
| $a_23 = { 558b36ad73b376adf0bdd1ff99ec751c } | |
| $a_24 = { 558bf43da76557a63f7178e3fb8bf3d3 } | |
| $a_25 = { 558b7d57cdd3747ff1a7fe98d7fc4b97 } | |
| $a_26 = { 558bd00ffd744d538c89c3922834a162 } | |
| $a_27 = { 558b2b5c4c009dcf5084338e304f420a } | |
| $a_28 = { 558b4ba4f2ed9dac13e05b7ebf38451d } | |
| condition: | |
| 22 of them | |
| } | |
| rule HackToolWin32Gendows_0edd2c7cc179572d2cb0bf93bb47b261526bff98b25013ace5a3c2d7f94c6793 { | |
| strings: | |
| $a_2 = { 558baceff51a1c3ab40f77ddf5cf78d6 } | |
| $a_3 = { 558ba478e59e054966c8e6667d80fc12 } | |
| $a_4 = { 558bb8e30d70863eeb2ce88845a35233 } | |
| $a_5 = { 558bb9e820f7ad1cc86878df4b10849e } | |
| condition: | |
| 4 of them | |
| } | |
| rule HackToolWin32Goldoseri_7eb8150593fb001987900d3ff9cd74fd27d3525469545469e3d99868039e3cab { | |
| strings: | |
| $a_2 = { 558becff7508ff15881248005dc38bff } | |
| $a_3 = { 558bec51894dfc8b45fcc7006c9a4800 } | |
| $a_4 = { 558bec518b450c50e88e6f020083c404 } | |
| $a_5 = { 558bec83ec2033c08b0cc5a8a949003b } | |
| $a_6 = { 558bec8b4508a384d149005dc38bff55 } | |
| $a_7 = { 558bec51894dfc8b4dfce821af01000f } | |
| $a_8 = { 558bec8b4508a358d34900a35cd34900 } | |
| $a_9 = { 558bec8b4d0ca1589249008b55082355 } | |
| $a_10 = { 558bec6aff68a8dd470064a100000000 } | |
| $a_11 = { 558bec51894dfc8b4dfce8c12800008b } | |
| $a_12 = { 558bec833d28d4490000750b68ff6846 } | |
| $a_13 = { 558bec56578bf9e8d83fffff8bf033c0 } | |
| $a_14 = { 558bec83ec18dd05b0584800dd5df0dd } | |
| $a_15 = { 558bec6a00b974da4900e8c12ef9ff5d } | |
| $a_16 = { 558bec56578b7d08578bf1e8c0120000 } | |
| $a_17 = { 558bec83ec08894df8518bcce82f25fe } | |
| $a_18 = { 558becb910d84900e8e3e4f9ff68b000 } | |
| $a_19 = { 558bec568b75088b460ca8837510e80e } | |
| $a_20 = { 558bec8b450850e884bdfeff83c4048b } | |
| $a_21 = { 558bec51894dfc8b4dfce831cfffff8b } | |
| $a_22 = { 558bec518b4508508d4dff51e89fb4ff } | |
| $a_23 = { 558becb90cd94900e8a3e4f9ff68d000 } | |
| $a_24 = { 558bec81ec10030000a1a085490033c5 } | |
| $a_25 = { 558bec5de9adffffff8bff558bec568b } | |
| $a_26 = { 558bec516a028d4dfce8960300008b45 } | |
| $a_27 = { 558becff750cff7510ff7508e84216fc } | |
| $a_28 = { 558becff7508ff7104ff156c14480050 } | |
| $a_29 = { 558bec83ec1c56894de48b4de4e86e9b } | |
| $a_30 = { 558bec568bf1c706083b4800e849fdff } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Gsecdump_a7735edf1e3130575430679fbd8e519ffc1e8709031122c221840ad2f3daf041 { | |
| strings: | |
| $a_2 = { 558b6950649d3ae18538446b01d35f97 } | |
| condition: | |
| 2 of them | |
| } | |
| rule HackToolWin32Hackaject_4164787f8bc7e27d788f8be33758baf7eb5ee5c9f43fff9f5c2c29b4df2f6daa { | |
| strings: | |
| $a_2 = { 558b9d5a9a3100ae1a0641a50839803a } | |
| $a_3 = { 558bece00874d7ae18e0d3878888d631 } | |
| $a_4 = { 558bd94ab4400e4d04a1616adaae50b4 } | |
| $a_5 = { 558b58e80fd0e82675082299d3a30122 } | |
| $a_6 = { 558b822cbc95b7fe967ba40c231e3f09 } | |
| $a_7 = { 558bb94c135f999c4a3822d85a21b030 } | |
| $a_8 = { 558b8f5a9f6c9f26a54616b35e1f7496 } | |
| $a_9 = { 558b0001aab60e45f11064f61500873f } | |
| $a_10 = { 558b49d9b405e884bb1405616a045d50 } | |
| $a_11 = { 558b03dc3f0bf37fdd9bee215577608b } | |
| $a_12 = { 558be183de2ba01358093c7cf082bf3a } | |
| condition: | |
| 10 of them | |
| } | |
| rule HackToolWin32Hashenfill_c8292d65dd342c015de4596559d181262c0d40d8353e6e6ba4f72e470b32f679 { | |
| strings: | |
| $a_2 = { 558bec83ec245356578b7d088365fc00 } | |
| $a_3 = { 558bec81ec0404000068010400008d85 } | |
| $a_4 = { 558bec83ec148d45fc506a20ff153430 } | |
| $a_5 = { 558bec81ec280100005333db57536a0f } | |
| $a_6 = { 558bec81ecec0200005357ff750833db } | |
| $a_7 = { 558bec83ec745356578b7d0833f657e8 } | |
| $a_8 = { 558bec83ec2853578d45d86a1c5033ff } | |
| $a_9 = { 558bec81ec000300008b450c5633f68b } | |
| $a_10 = { 558bec515633f6568d45fc5650680004 } | |
| $a_11 = { 558bec81ec8c0000005356576a015f89 } | |
| $a_12 = { 558bec83ec2456578d45dc6a1c5033ff } | |
| $a_13 = { 558bec6aff68e030400068e023400064 } | |
| condition: | |
| 10 of them | |
| } | |
| rule HackToolWin32Homac_7177ec85f7d1f788cb84704d71616bd1aa57826b67f65a3a324aacf40eb5ba1f { | |
| strings: | |
| $a_2 = { 5589e5565731f6ff7508e8e806000089 } | |
| $a_3 = { 5589e581ec94020000578b7d088d856c } | |
| $a_4 = { 5589e556578b450c83f8100f849a0100 } | |
| $a_5 = { 5589e5b8c4110000e8df0d0000535657 } | |
| $a_6 = { 5589e583ec28578b7d086a286a008d45 } | |
| $a_7 = { 5589e556578b7d0c8b75105657e8de07 } | |
| $a_8 = { 5589e5578b7d0c57e8170800006a0050 } | |
| $a_9 = { 5589e55157e8be00000089c7803f2275 } | |
| $a_10 = { 5589e551505356578b450c8320008365 } | |
| $a_11 = { 5589e5b828190000e83e050000535657 } | |
| $a_12 = { 5589e581ec100800005356578b451866 } | |
| condition: | |
| 10 of them | |
| } | |
| rule HackToolWin32Hoylecann_d06065d01fbfdaf20edcc165413dbbeda87fccdc40c52230644bd3b3bdcb6dd8 { | |
| strings: | |
| $a_2 = { 558b018b5018ffd284c074298b4e048b } | |
| $a_3 = { 558bec5153565733dbe8e2e9ffff8b4d } | |
| $a_4 = { 558bec568bf1c70638085700a180585e } | |
| $a_5 = { 558bec85ff7403c607005633c033f685 } | |
| $a_6 = { 558bec518b45088a4d0b8945fc8a55fe } | |
| $a_7 = { 558bec515356576888000000e8816801 } | |
| $a_8 = { 558bec83e4f883ec345356578bd9e85d } | |
| $a_9 = { 558bec83e4c08b450883ec3c85c05674 } | |
| $a_10 = { 558bec568b7508837e180074188b4e18 } | |
| $a_11 = { 558bec8b4508ff34c5b8e15900ff15a8 } | |
| $a_12 = { 558bec568bf180be8400000000741e8b } | |
| $a_13 = { 558bec568b75086a0056e8a1f3ffff8b } | |
| $a_14 = { 558bec83ec20538b1d88965600568b35 } | |
| $a_15 = { 558bec83e4f883ec0c538b5d0c83fb21 } | |
| $a_16 = { 558bec8b450885c0740c8b401885c074 } | |
| $a_17 = { 558bec83ec385356578b7d0857684556 } | |
| $a_18 = { 558bec8b45108b4d088b550c6a005051 } | |
| $a_19 = { 558bec0fb645088941145dc20400cccc } | |
| $a_20 = { 558bec8b4508d940185de9510e0400cc } | |
| $a_21 = { 558bec8b819000000085c0743e8b5008 } | |
| $a_22 = { 558bec53566a14e8f6fe04008bf033db } | |
| $a_23 = { 558bec8b450885c0750432c05dc3578b } | |
| $a_24 = { 558bec568b751085f6578b7d08741f8b } | |
| $a_25 = { 558bec83e4f883ec64a1cce0590033c4 } | |
| $a_26 = { 558bec8b4d088079480074238b413885 } | |
| $a_27 = { 558bec51b801000000840590c95e0075 } | |
| $a_28 = { 558bec8b45088b481c8b550c8a040a5d } | |
| $a_29 = { 558bec515657bf11000000be9c005700 } | |
| $a_30 = { 558bec568b750c83ee01f7de571bf68d } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32HTran_a89666e04d45c32ce7924bb1493877b4baadf5576e9cd5a5f07f1dcbb1312ae0 { | |
| strings: | |
| $a_2 = { 558bec81ec24030000536a17e8c90400 } | |
| $a_3 = { 558bec83e4f881ecec010000a1004040 } | |
| $a_4 = { 558beca1004040008bc83305744a4000 } | |
| $a_5 = { 558bec83ec0c803d8c4a4000007407b0 } | |
| $a_6 = { 558bec83ec18a10040400033c58945fc } | |
| $a_7 = { 558bec81ec240300006a17e855090000 } | |
| $a_8 = { 558bec8325a44a40000083ec245333db } | |
| $a_9 = { 558bec837d08007507c6058d4a400001 } | |
| $a_10 = { 558bec803d8d4a4000007406807d0c00 } | |
| condition: | |
| 8 of them | |
| } | |
| rule HackToolWin32Httprat_97334b518474396e77402221b6749ec2743c7eef50d6d3973e358963484bb9ca { | |
| strings: | |
| $a_2 = { 558b0561d9bc472444a55df0d6c92e70 } | |
| $a_3 = { 5589e55756538b0dc018400081f9fe46 } | |
| $a_4 = { 5589e581ec580400005756538b45088b } | |
| $a_5 = { 558b82efe8b0ee9817b1ebd77a1c0cf1 } | |
| $a_6 = { 5589e583ec245756538b4d0c8b410803 } | |
| $a_7 = { 558b0a69d75d206923090f73ae42c188 } | |
| condition: | |
| 6 of them | |
| } | |
| rule HackToolWin32IEPassview_5427ccbf0fb0553e28b99eaa0876f5ae331a00786b44fded4e1420e3e6f7761c { | |
| strings: | |
| $a_2 = { 558b3bc8a7c3ccc7e060ab85eb031ff1 } | |
| condition: | |
| 2 of them | |
| } | |
| rule HackToolWin32Injectxin_1f3b2bc46bc494c803efbcc54a01435ea018a6abd8037d61aa11fb87c15d78bc { | |
| strings: | |
| $a_2 = { 558b36e1f8bceedbb66a80cf0cef8f47 } | |
| $a_3 = { 558bc3cff0c518c670adac872cd85b1c } | |
| $a_4 = { 558b9b73eb86306c5c6f1e101f3acc28 } | |
| $a_5 = { 558b4489ca7f71a70110d2d93e078add } | |
| $a_6 = { 558b22e6f23e80d5bb3ac7aa11c29b17 } | |
| $a_7 = { 558bf5799e0a474c4f5519836717f1cf } | |
| condition: | |
| 6 of them | |
| } | |
| rule HackToolWin32IPCCrack_8405facbd5d6439b321db04ca7da43c2b4da86eeecf1590596d43092cf5708b9 { | |
| strings: | |
| $a_2 = { 558bac249000000056578b3da0524000 } | |
| $a_3 = { 558be956578d4c2410e8ed1f00008b44 } | |
| $a_4 = { 558bec6aff688859400068643e400064 } | |
| condition: | |
| 3 of them | |
| } | |
| rule HackToolWin32Kapahyku_2335fbfeb7b525ef5b12d3f4e65b980ddddae90ec0d1e1addede047d96b7b4c0 { | |
| strings: | |
| $a_2 = { 558bec538b5d0c538b5d08536820a661 } | |
| $a_3 = { 558bec53568b750885f675068b350079 } | |
| $a_4 = { 558bec83c4e88945fc8b45fc83b88002 } | |
| $a_5 = { 558bec83c4f8e8c998f3ff8855fb8945 } | |
| $a_6 = { 558bec83c4e853565733db894dfc8bd8 } | |
| $a_7 = { 558bec51535684d2740883c4f0e8fa3b } | |
| $a_8 = { 558bec6a006a0053568bf233d25568f3 } | |
| $a_9 = { 558bec6a005333c05568b414430064ff } | |
| $a_10 = { 558bec83c4f8e821e1f5ff8855fb8945 } | |
| $a_11 = { 558bec83c4d85356578b450ce8e7ccf4 } | |
| $a_12 = { 558b4508e800b4feffe8effdffff5980 } | |
| $a_13 = { 558bea8bd88bc58b537ce8926df2ff74 } | |
| $a_14 = { 558bec33c05568d5c7600064ff306489 } | |
| $a_15 = { 558bf18bda8be88d7b018bd78bc6e86a } | |
| $a_16 = { 558beca114656100e84b85ffff5dc204 } | |
| $a_17 = { 558bec51568bf06a208bcaa17ce44800 } | |
| $a_18 = { 558bec535684d2740883c4f0e8c7d2f3 } | |
| $a_19 = { 558bec6a005356578bfa33d25568da1c } | |
| $a_20 = { 558bec83c4d853a1a0a56100a3f01661 } | |
| $a_21 = { 558bec6a0053568bd833c05568848c52 } | |
| $a_22 = { 558bc3e8bae8ffff59e901010000558b } | |
| $a_23 = { 558bec51538bd98955fc8b45fce89ecf } | |
| $a_24 = { 558bec8b4d08b858ec6000eb028bc28b } | |
| $a_25 = { 558bec5356bebcc8610083caffa1c0c8 } | |
| $a_26 = { 558bec51538955fc8bd88b45fce8d2f2 } | |
| $a_27 = { 558bec5153568bd88d45fc8b15c43644 } | |
| $a_28 = { 558becb8020000002b45088b04858858 } | |
| $a_29 = { 558bec83c4ece8a958fbff8855fb8945 } | |
| $a_30 = { 558bec83c4f8568bf06a008bcaa17ce4 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Keygen_2a78ac85cbb9a5ff1aa5bc7fa5ee25b2c9791e439f66220f7c0b3b8ed6602582 { | |
| strings: | |
| $a_2 = { 558bec5657538b5d080fb6c3ff750c50 } | |
| $a_3 = { 558bec60ff7518ff7508e8cdfaffffbe } | |
| $a_4 = { 558becff750cff7508ff7510e8fc3200 } | |
| $a_5 = { 558bec53515256578b750833c9eb3541 } | |
| $a_6 = { 558bec81c400fcffff568db500fcffff } | |
| $a_7 = { 558b451083f866752aa121e60110c600 } | |
| $a_8 = { 558bec8b450c3d0201000074523d0001 } | |
| $a_9 = { 558bec53515257568b5d088b7d0c8bd3 } | |
| $a_10 = { 558b93163f63ef28c9db2cc2da319a91 } | |
| $a_11 = { 558bec56578b4d108b75088b7d0ceb0f } | |
| $a_12 = { 558bec81c4c0ebffff5657538d8500f4 } | |
| $a_13 = { 558bec83c4f4ff75148f45f48d45fc50 } | |
| $a_14 = { 558bec81c4c0efffff5657538d8500f8 } | |
| $a_15 = { 558bec81c4a0fbffff5657536a70ff35 } | |
| $a_16 = { 558bec8b45088a48210ac97504fec1eb } | |
| $a_17 = { 558bec81c440fbffff565753c745fc00 } | |
| $a_18 = { 558bec5152578b7d085757e854560000 } | |
| $a_19 = { 558bec83c4f05657538d7df057ff7508 } | |
| $a_20 = { 558bec83c4f4565753c745fc00000000 } | |
| $a_21 = { 558bec81c460ffffff837d18017536c7 } | |
| $a_22 = { 558bec83c4fc60ff7508e833fdffff8b } | |
| $a_23 = { 558bec81c400fcffff5356578b450c3d } | |
| $a_24 = { 558bec81c4a4f3ffff565753c745fc00 } | |
| $a_25 = { 558bec8b550c8b45088a08eb123a0a74 } | |
| $a_26 = { 558bec83c4fc60c645ff008b75080bf6 } | |
| $a_27 = { 558bec83c4f86a0068800000006a026a } | |
| $a_28 = { 558bec5152578b7d085757e8764a0000 } | |
| $a_29 = { 558bec83c4f85657538b451483f83272 } | |
| $a_30 = { 558bec565753837d106473548b450c3b } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Lisgab_0411468fc2c989b06fb983e1485ab575b0e84997a7f62d6536149d00925c516b { | |
| strings: | |
| $a_2 = { 558bec833de023420000741968e02342 } | |
| $a_3 = { 558bec8b450856508bf1e86b2d0000c7 } | |
| $a_4 = { 558bec83ec1056ff750c8d4df0e877c2 } | |
| $a_5 = { 558bec83ec0c5356ff15d02042008bd8 } | |
| $a_6 = { 558bece86424ffff8b8098000000eb0a } | |
| $a_7 = { 558bec83ec0ca19c94420033c58945fc } | |
| $a_8 = { 558bec51568bf16a008d4dfce83dc401 } | |
| $a_9 = { 558becff7508ff15482142005dc38bff } | |
| $a_10 = { 558bec83ec0c5333db5657391dac8a46 } | |
| $a_11 = { 558becf6450802578bf974255668e602 } | |
| $a_12 = { 558bec518365fc00837d0c01750768c4 } | |
| $a_13 = { 558bec5356578b7d088bf1bbc0000000 } | |
| $a_14 = { 558bec8bc18b4d080fb6915d7e759a80 } | |
| $a_15 = { 558bec83ec10eb0dff7508e83a180000 } | |
| $a_16 = { 558bec8b4508a3a0f944005dc38bff55 } | |
| $a_17 = { 558bec568bf1c70614120110ff156811 } | |
| $a_18 = { 558bec6aff68430c420064a100000000 } | |
| $a_19 = { 558bec568b7508b8a09142003bf07222 } | |
| $a_20 = { 558bec6aff683403011064a100000000 } | |
| $a_21 = { 558becb820100000e85be9ffffa19c94 } | |
| $a_22 = { 558bec6aff680004011064a100000000 } | |
| $a_23 = { 558bec8b4d088d450c50516a3252e810 } | |
| $a_24 = { 558becb8e41a0000e835e4ffffa19c94 } | |
| $a_25 = { 558bec5356578b7d088bf1bbe4000000 } | |
| $a_26 = { 558bec56ff75088bf1e861e9feffc706 } | |
| $a_27 = { 558bec6aff68fd09420064a100000000 } | |
| $a_28 = { 558bec8b4d08a15451011083ec088b40 } | |
| $a_29 = { 558bece896030000ff7508e8df010000 } | |
| $a_30 = { 558bec5151a19c94420033c58945fc53 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Lsascan_614b9b77f7d7784302721f7ee83bafbdad60aa5d528930f20e58595cda3d6755 { | |
| strings: | |
| $a_2 = { 558bec833d0c034100027405e8712800 } | |
| $a_3 = { 558bec8b4508a3440f41005dc38bff55 } | |
| $a_4 = { 558bec8b45088b0d74bf400056395004 } | |
| $a_5 = { 558bec83ec10a130e040008365f80083 } | |
| $a_6 = { 558bec83ec1053ff75108d4df0e851ae } | |
| $a_7 = { 558bec565733f6ff7508e8a23300008b } | |
| $a_8 = { 558bec568b3554064100eb215750ff75 } | |
| $a_9 = { 558bec8b4508ff34c598e44000ff1558 } | |
| $a_10 = { 558bec83ec0c5356ff15a4b040008bd8 } | |
| $a_11 = { 558bec568b75085756e846f2ffff5983 } | |
| $a_12 = { 558becff05340641006800100000e8f9 } | |
| $a_13 = { 558bec6a00ff750cff7508e8000033d2 } | |
| $a_14 = { 558bec83ec0c5333db5657391d840f41 } | |
| $a_15 = { 558bec8b4508a3300f4100a3340f4100 } | |
| $a_16 = { 558bec5633f6397508751ae809f3ffff } | |
| $a_17 = { 558bec53568b35b8b04000578b7d0857 } | |
| $a_18 = { 558bec83ec1853ff75108d4de8e88980 } | |
| $a_19 = { 558bec83ec20a130e0400033c58945fc } | |
| $a_20 = { 558bec81ec5c030000a130e0400033c5 } | |
| $a_21 = { 558bec83ec24a130e0400033c58945fc } | |
| $a_22 = { 558bec8b450883f8fe7518e8c39effff } | |
| $a_23 = { 558bec68ccb44000ff158cb0400085c0 } | |
| $a_24 = { 558bec6afe68b8ce400068f02f400064 } | |
| $a_25 = { 558bec837d08007515e83b91ffffc700 } | |
| $a_26 = { 558bec8b4508a3400641005dc38bff55 } | |
| $a_27 = { 558bec56e88a0600008bf085f60f8432 } | |
| $a_28 = { 558bec81ec1c050000a130e0400033c5 } | |
| $a_29 = { 558bec83ec105333db538d4df0e891c9 } | |
| $a_30 = { 558bec568b7508b848e040003bf07222 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32MailLogger_2903e1865777479f326757ce227711b149a3b893698ec0ad34e3ed0ae3761cc5 { | |
| strings: | |
| $a_2 = { 558bec83ec1856576aff8d4de8e87b08 } | |
| $a_3 = { 558bec83ec185356576a19e8b2410000 } | |
| $a_4 = { 558bec6aff6878cc42006888cb400064 } | |
| $a_5 = { 558bec5151568bf1578b3d10b042008b } | |
| $a_6 = { 558b2d30b2420056578b3d80b3420033 } | |
| $a_7 = { 558bec8b4508ff3485504f4300ff1594 } | |
| $a_8 = { 558bec5153568bf157ff36ff1574b042 } | |
| $a_9 = { 558bec51515657e87c06000083786800 } | |
| $a_10 = { 558bec83ec485356576880040000e8bc } | |
| $a_11 = { 558bec6aff6880c142006888cb400064 } | |
| $a_12 = { 558bec5657ff75088b3db0b24200ffd7 } | |
| $a_13 = { 558bec83ec105356576a30e876d9ffff } | |
| $a_14 = { 558bec5133c057390518a843008945fc } | |
| $a_15 = { 558bec518365fc00e829f4feff8b4d08 } | |
| $a_16 = { 558b451c3bc77505a12c9043008b4d10 } | |
| $a_17 = { 558b0850ff51108bf03bf50f8cfd0000 } | |
| $a_18 = { 558bec6aff68088d420064a100000000 } | |
| $a_19 = { 558bec5151568bf1578b3d4cb042008b } | |
| $a_20 = { 558bec51568bf18d4dfce837f8ffff83 } | |
| $a_21 = { 558bec83ec34e8eb1a00008945fc8b40 } | |
| $a_22 = { 558bec6aff68a0c142006888cb400064 } | |
| $a_23 = { 558b0d7c5243000fb6c3f64441018074 } | |
| $a_24 = { 558bec8b450c5333db3bc37507a12c90 } | |
| $a_25 = { 558bec81ec90000000535657ff1530b3 } | |
| $a_26 = { 558bec6aff68e48b420064a100000000 } | |
| $a_27 = { 558bec51518b450c85c0750fa12c9043 } | |
| $a_28 = { 558bec51518365fc005356578b3d784a } | |
| $a_29 = { 558bec5657ff750cff7508ff15d4b242 } | |
| $a_30 = { 558bec51538d4dfce82a130000ff0d2c } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Mailpassview_183d7a25be0189294bfe9bc2e3caf4ef00a94b4c7bf222d555e91a580710cc08 { | |
| strings: | |
| $a_2 = { 558bec33c05568f980480064ff306489 } | |
| $a_3 = { 558beca14c6a4a00e8abffffff33c055 } | |
| $a_4 = { 558bec33c05568b859460064ff306489 } | |
| $a_5 = { 558beca108584a008b00e8b1000300a1 } | |
| $a_6 = { 558bec53568b45088b40fce8d866feff } | |
| $a_7 = { 558bec6a00538bd833c05568ad0a4200 } | |
| $a_8 = { 558bec33c055682e92430064ff306489 } | |
| $a_9 = { 558bec33c055681958460064ff306489 } | |
| $a_10 = { 558becdd4510dc6018dc35046d4a00dc } | |
| $a_11 = { 558bec33c05568007c430064ff306489 } | |
| $a_12 = { 558bec5153bb446a4a00a14c6a4a00e8 } | |
| $a_13 = { 558bec33c0556889be420064ff306489 } | |
| $a_14 = { 558bec6a0033c05568fefe400064ff30 } | |
| $a_15 = { 558bec6a0033c055680efe400064ff30 } | |
| $a_16 = { 558bc7e8aed7ffff50e8bcedfdff83c4 } | |
| $a_17 = { 558be98bfa8bf0b3018bc6e80183fdff } | |
| $a_18 = { 558bec84d2740883c4f0e82589feff89 } | |
| $a_19 = { 558bec6a0033c055688e1f460064ff30 } | |
| $a_20 = { 558bec5153568bda8945fc8bc38b1598 } | |
| $a_21 = { 558bec538b5d088d8330020000e8aa0e } | |
| $a_22 = { 558bea8bf88bc7e841beffff8bf0bb01 } | |
| $a_23 = { 558bec6a005333c05568af20460064ff } | |
| $a_24 = { 558bec33c05568bded400064ff306489 } | |
| $a_25 = { 558bec51535684d2740883c4f0e84e7e } | |
| $a_26 = { 558b8f36b24e962d0315e3275e17875f } | |
| $a_27 = { 558bec5153568bd88bc3e821c8fbff8d } | |
| $a_28 = { 558b45f48b40019952508b45f48b4005 } | |
| $a_29 = { 558bec53565733c05568fbf2410064ff } | |
| $a_30 = { 558bec33c055683d29420064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Mikatz_7af83557b30b03594c4f19010d74de358981d2dfe9996f899068cbab7f48992c { | |
| strings: | |
| $a_2 = { 558bec8b4508568d34c5c03d0310833e } | |
| $a_3 = { 558bec8b4508a39c4e03105dc38bff55 } | |
| $a_4 = { 558bec56ff75088bf1e814130000c706 } | |
| $a_5 = { 558bec83ec10ff75088d4df0e88893ff } | |
| $a_6 = { 558bc745f0ec6a00ffc745f4750cff75 } | |
| $a_7 = { 558bec56578b7d08578bf1e8663a0100 } | |
| $a_8 = { 558bec6aff685d85021064a100000000 } | |
| $a_9 = { 558bec83e4f881ec74030000a1b43303 } | |
| $a_10 = { 558bec6aff68f087021064a100000000 } | |
| $a_11 = { 558becf6450801568bf1c706cca20210 } | |
| $a_12 = { 558bec83e4f86aff685888021064a100 } | |
| $a_13 = { 558bec6aff68f086021064a100000000 } | |
| $a_14 = { 558bec8b450883f8fe7518e8cb14ffff } | |
| $a_15 = { 558bec6aff686e96021064a100000000 } | |
| $a_16 = { 558bec8b4508b9203f03103bc1721f3d } | |
| $a_17 = { 558bec568b7508b8203f03103bf07222 } | |
| $a_18 = { 558bec56e8291b00008b40048b750889 } | |
| $a_19 = { 558bec83ec0c33c9563bf97516e881e1 } | |
| $a_20 = { 558bec83ec4ca1b433031033c58945fc } | |
| $a_21 = { 558bec6aff68eb85021064a100000000 } | |
| $a_22 = { 558bec83ec105333db538d4df0e825b0 } | |
| $a_23 = { 558bec83ec08538b5d1457e80a320100 } | |
| $a_24 = { 558bec6aff68ab87021064a100000000 } | |
| $a_25 = { 558bec56578b7d08578bf1e8363a0100 } | |
| $a_26 = { 558becff05ec5703106800100000e8ba } | |
| $a_27 = { 558bec33c083ec0c3bf8750ae8af4200 } | |
| $a_28 = { 558becff7508ff15b4a002105dc38bff } | |
| $a_29 = { 558bec83e4f883ec64a1b433031033c4 } | |
| $a_30 = { 558bec56ff75088bf1e8c7120000c706 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Mimikatz_5f2c3b5a08bda50cca6385ba7d84875973843885efebaff6a482a38b3cb23a7c { | |
| strings: | |
| $a_2 = { 558b45639da663a7e213ec6bc06639bb } | |
| $a_3 = { 558b4d050ee14ca9d946d6414311bfd2 } | |
| condition: | |
| 2 of them | |
| } | |
| rule HackToolWin32MultiUnwrapper_60708631da0280d8a4b53246834c663c0154181d3a314d33933d0f10e200bc3d { | |
| strings: | |
| $a_2 = { 558bec535756fdb05c8b4d0c8b7d0803 } | |
| $a_3 = { 558bec6a006a00a0a6714000660fb6c0 } | |
| $a_4 = { 558bec518b4508836104008361100056 } | |
| $a_5 = { 558bec6a106819704000ff75086a00e8 } | |
| $a_6 = { 558bec837d08017505e8662600006810 } | |
| $a_7 = { 558bec81c4f8fdffff565753c785fcfd } | |
| $a_8 = { 558bec68ac7d4000ff7508ff35529840 } | |
| $a_9 = { 558bec8b750c03763c8b7d088bd681c2 } | |
| $a_10 = { 558bec81c4d8feffff53515256578db5 } | |
| $a_11 = { 558bec83c4fc68af2e410068ab2e4100 } | |
| $a_12 = { 558bec515356578b45080dffffff0035 } | |
| $a_13 = { 558bec6867e540006a406a04ff7508ff } | |
| $a_14 = { 558bec81c4d8fdffffff75086a08e8e3 } | |
| $a_15 = { 558bec81c4ecfeffff8d85f8feffff68 } | |
| $a_16 = { 558becbf708240008b4d088b550c8d34 } | |
| $a_17 = { 558bec83c4f860c645ff00c745f80000 } | |
| $a_18 = { 558bec81c47cfeffff5657e80b070000 } | |
| $a_19 = { 558bec81ec340400008b450883f0ff89 } | |
| $a_20 = { 558bec83ec0c56be265340005733ff57 } | |
| $a_21 = { 558bec81c4c0feffff8d85c2feffff50 } | |
| $a_22 = { 558bec83c4f06a006a006a036a006a01 } | |
| $a_23 = { 558bec83c4ec60c745f0000000006a00 } | |
| $a_24 = { 558bec83c4fc51568b7d088b4d0c8b75 } | |
| $a_25 = { 558bec83c4ec68af2e410068ab2e4100 } | |
| $a_26 = { 558bec56578b75088bcebaffffffff33 } | |
| $a_27 = { 558bec83c4fc6a006a00a0a671400066 } | |
| $a_28 = { 558bec83c4f86a0068800000006a026a } | |
| condition: | |
| 22 of them | |
| } | |
| rule HackToolWin32Nbsi_ff97f89544c75072efb5991e0dda2880c874d27cb17c8d4e80b540f460a287e1 { | |
| strings: | |
| $a_2 = { 558bec83ec0c687f5f60b50c64a1d064 } | |
| $a_3 = { 558b7e617a86ffd6c30fb2c9eca2cbac } | |
| $a_4 = { 558b522d1ba50da3d06025d68aee51d3 } | |
| condition: | |
| 3 of them | |
| } | |
| rule HackToolWin32Netpass_98e6520ddcb207241a33c654fab516d76aa6088eb765e3ad731beb31d6632bda { | |
| strings: | |
| $a_2 = { 558bec515333db881f8a06eb1fb1f22a } | |
| condition: | |
| 2 of them | |
| } | |
| rule HackToolWin32NKD_8bb027f432dae0ef179ee0998f9e6b8681fb46d486eeb575e3cad6ce90835824 { | |
| strings: | |
| $a_2 = { 558b3e900604c75fe93fab80b8a4cb2e } | |
| $a_3 = { 558b4c248177d53300e2a6a35e841f77 } | |
| $a_4 = { 558b241cb2a1a3498aeab8f453f17477 } | |
| $a_5 = { 558b44416d16be1102740e83c6105d00 } | |
| $a_6 = { 558be88d25b51000a94e83c6042081e6 } | |
| $a_7 = { 558b49d6d66f40813bd0735cf1d5a418 } | |
| $a_8 = { 558b5237b4c2e80f49dfc4b45f84b580 } | |
| $a_9 = { 558b06028bc8b8c5e97fd049ec5476da } | |
| condition: | |
| 7 of them | |
| } | |
| rule HackToolWin32Ntscan_d846453bf2efe19d398e486beb1cb619be7d74118e8e67c4cfa3023ff3b0f861 { | |
| strings: | |
| $a_2 = { 558bec83ec1c5356578b3d10b34100be } | |
| $a_3 = { 558bec515153568b7508578bcee8dc29 } | |
| $a_4 = { 558bec5151568bf1578b3d5cb041008b } | |
| $a_5 = { 558bec81ec0001000056ff750cff1538 } | |
| $a_6 = { 558b0c85247842008b7c24245157ff15 } | |
| $a_7 = { 558bec5151568bf1578b3d60b041008b } | |
| $a_8 = { 558bec535657e8502300008bd833f68b } | |
| $a_9 = { 558bec5356be686542005756ff1548b2 } | |
| $a_10 = { 558bec81ec0c0300005356578bf1e881 } | |
| $a_11 = { 558bec6aff6868cf410068e0b4400064 } | |
| $a_12 = { 558bec6aff6800d1410068e0b4400064 } | |
| $a_13 = { 558bec518d45fc6800f0410050c745fc } | |
| $a_14 = { 558bec518d45fc68b8ef410050c745fc } | |
| $a_15 = { 558becb804100000e861a8ffff535633 } | |
| $a_16 = { 558bec5657ff75088b3d30b34100ffd7 } | |
| $a_17 = { 558bec6aff68f0d0410068e0b4400064 } | |
| $a_18 = { 558bbc24680100006af057ff15f0b341 } | |
| $a_19 = { 558b8784010000680c10000050ff1538 } | |
| $a_20 = { 558bec8b450885c075025dc3833d9c61 } | |
| $a_21 = { 558bec5756538b750c8b7d088d059461 } | |
| $a_22 = { 558bec5153568bf157ff36ff15e0b141 } | |
| $a_23 = { 558bec8b4508ff34853c2e4200ff1500 } | |
| $a_24 = { 558bec5151568bf1578b3d58b041008b } | |
| $a_25 = { 558bec83ec10687d7d4100b9405c4200 } | |
| $a_26 = { 558bec515356578bf9e8125700008bf0 } | |
| $a_27 = { 558bec5151568bf1578b3d54b041008b } | |
| $a_28 = { 558bec83ec148d45ec50ff15dcb14100 } | |
| $a_29 = { 558bec83ec185356576a19e812150000 } | |
| $a_30 = { 558bec6aff68d8d0410068e0b4400064 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Onaht_a26e75fec3b9f7d5a1c3d0ce1e89e4b0befb7a601da0c69a4cf96301921771dd { | |
| strings: | |
| $a_2 = { 558b6c24145657c7442410000000008b } | |
| $a_3 = { 558bec6aff68e0504000687049400064 } | |
| $a_4 = { 558b6c240c33db563bcd57891dc86540 } | |
| $a_5 = { 558b2d00504000568b742418578b7c24 } | |
| $a_6 = { 558b6c243c56578b7c24408a4c241433 } | |
| condition: | |
| 5 of them | |
| } | |
| rule HackToolWin32Oylecann_6d4c0136b2cf316e7ce9b020e3cf9478f8e54db0b320a4cdc5d64571410759a6 { | |
| strings: | |
| $a_2 = { 5589e5505351568b75088b4d0cc1e902 } | |
| $a_3 = { 558be80c93da523857a0f80d75a8fefb } | |
| $a_4 = { 5589e581c58df2da08d228c4ce175fc6 } | |
| $a_5 = { 5589e5adc611d2900e46c12313bc23b5 } | |
| $a_6 = { 558b5c2410e8400c5d81edfb86458d85 } | |
| $a_7 = { 558bbd48546b1af0b90b6e25e9c662b6 } | |
| $a_8 = { 558b64e1512e13a0af9efb0be992dbab } | |
| $a_9 = { 558b2c66fc97893d0f132740fd704381 } | |
| $a_10 = { 558b6e559e8697abff12a051bd3427ef } | |
| $a_11 = { 558b53bbfc69a86e2f5b05f27690bb0f } | |
| $a_12 = { 558bcfec297423142238f5ac3b991cf0 } | |
| condition: | |
| 10 of them | |
| } | |
| rule HackToolWin32Passdash_05db63d8bc9a840de4064685c15f43e6ac3a6fafab6344461805e9f88ada667c { | |
| strings: | |
| $a_2 = { 558b6c2408c1f90ac1e10a8bc52bc13b } | |
| $a_3 = { 558bec833de8f444000075128b45088b } | |
| $a_4 = { 558bec6aff68505e410064a100000000 } | |
| $a_5 = { 558bec0fb6450850e8654e000085c00f } | |
| $a_6 = { 558bec56e8ad7bffff8b75083bb09800 } | |
| $a_7 = { 558bec8b4508ff34c570da4100ff15e0 } | |
| $a_8 = { 558bec81ec1c050000a134d0410033c5 } | |
| $a_9 = { 558bd12bd05657f7c200fcffff750433 } | |
| $a_10 = { 558bec8b450883c1095183c00950e84b } | |
| $a_11 = { 558b7b06555477609121b0c8185864f2 } | |
| $a_12 = { 558bec83ec14a134d0410033c58945fc } | |
| $a_13 = { 558bec83ec145657ff75088d4dece8dd } | |
| $a_14 = { 558b3b328a3bc49ae978d7accb1d46ef } | |
| $a_15 = { 558bec83ec1053ff75108d4df0e8ec64 } | |
| $a_16 = { 558bec56ff75088bf1e810e1feffc706 } | |
| $a_17 = { 558beca180fa440083ec0c53568b3544 } | |
| $a_18 = { 558bec81ec28030000a134d0410033c5 } | |
| $a_19 = { 558bec833d40f14400027405e81c5400 } | |
| $a_20 = { 558bec83ec1853ff75108d4de8e89179 } | |
| $a_21 = { 558bec56ff3544d441008b35f0604100 } | |
| $a_22 = { 558bec56ff75088bf1e8afccfeffc706 } | |
| $a_23 = { 558bec83ec10ff75088d4df0e8f67dff } | |
| $a_24 = { 558bec538b5d08568bf1c706f8614100 } | |
| $a_25 = { 558bec5633f63935e8f4440075303975 } | |
| $a_26 = { 558bec568bf1c706c87b4100e8804fff } | |
| $a_27 = { 558bec83ec205756e8c71f000033ff59 } | |
| $a_28 = { 558bec83ec10a134d0410033c58945fc } | |
| $a_29 = { 558bec83ec10a134d041008365f80083 } | |
| $a_30 = { 558bece8d57bffff8b8098000000eb0a } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Passview_d8490eaf4ca31ba5f26950d98d738d884501e392daeff761e8826b8acf632340 { | |
| strings: | |
| $a_2 = { 558becb804100000e8d3510000a0d8ad } | |
| $a_3 = { 558bec81ec30010000568b7508578d85 } | |
| $a_4 = { 558bec81ec200100008365f800837d18 } | |
| $a_5 = { 558bec83ec288b450c8365e0008945d8 } | |
| $a_6 = { 558bec6aff6880824000683677400064 } | |
| $a_7 = { 558bec8d45105033c0ff751050681f00 } | |
| $a_8 = { 558bec83ec20566a65e8ded6ffffbebc } | |
| $a_9 = { 558bec83ec208b45108945e08b451889 } | |
| $a_10 = { 558bec81ec100200008d85f0fdffff68 } | |
| $a_11 = { 558bec83ec10538b5d0856578d73208d } | |
| $a_12 = { 558bec81ec00040000a0d8ad40005357 } | |
| $a_13 = { 558bec83ec28568b75088d45085056e8 } | |
| $a_14 = { 558bec51518b45148945148d45f85033 } | |
| $a_15 = { 558bec837d18005674158b4510ff30ff } | |
| $a_16 = { 558bec81ec0c010000ff7508e8ddceff } | |
| $a_17 = { 558bec81ec00020000568b750857ff76 } | |
| $a_18 = { 558bec8b45148b4d1050ff750c89088b } | |
| $a_19 = { 558becb840200000e832540000ff750c } | |
| $a_20 = { 558bec81ec080200008d85f8fdffff68 } | |
| $a_21 = { 558bec81ec380100005657ff750833ff } | |
| $a_22 = { 558bec5356578b7d086a0857e8c4ffff } | |
| $a_23 = { 558bec83ec2453568d45f85750c745f8 } | |
| $a_24 = { 558becff7508ff7510e837580000ff75 } | |
| $a_25 = { 558bec5356ff750c8b750856e8c1ffff } | |
| $a_26 = { 558bec81ec0c0100005657ff7508e897 } | |
| $a_27 = { 558bec81ec200200005333db57c745e0 } | |
| $a_28 = { 558bec515733ffff7508897dfcff15fc } | |
| $a_29 = { 558becff75148d4514ff7510506a00ff } | |
| $a_30 = { 558bec837d1800744d53568b7514578b } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Patch_1258c22bb9c1782fce75c9dc7d0501b92560c0df010f32613429fd58ecf8f199 { | |
| strings: | |
| $a_2 = { 558bec56ff75088bf18d4d08e849ddff } | |
| $a_3 = { 558bec83ec1c53568b7508578b7e148b } | |
| $a_4 = { 558bec81ec9c0000008b45088b904001 } | |
| $a_5 = { 558bec515153568b750c5785f68bd974 } | |
| $a_6 = { 558bec83ec488b4d0883b91401000000 } | |
| $a_7 = { 558bec837d0c00567e208b7514ff4d0c } | |
| $a_8 = { 558bec81ec500900005356576a445e33 } | |
| $a_9 = { 558bec56ff7514e8083f0000ff7514ff } | |
| $a_10 = { 558bec817d10e0ff00005356578b7d08 } | |
| $a_11 = { 558bec83ec18dd0598b84200dd5df8dd } | |
| $a_12 = { 558bec6aff6880bd420068081b420064 } | |
| $a_13 = { 558bec83ec30568bf1837e04000f8491 } | |
| $a_14 = { 558bec81ec0004000056578bf1e8e3fe } | |
| $a_15 = { 558becb86c100000e80f760100535657 } | |
| $a_16 = { 558bec5153568d45fc57bbf401000050 } | |
| $a_17 = { 558bec5356576819191900ff15589042 } | |
| $a_18 = { 558bec8b4d1085c95774298b7d088b55 } | |
| $a_19 = { 558bec83ec185356682c0400006a4089 } | |
| $a_20 = { 558bec535657556a006a006854054200 } | |
| $a_21 = { 558bec51568bf18b0685c074058a4808 } | |
| $a_22 = { 558bec81ec00010000a1c8d142005683 } | |
| $a_23 = { 558bec5151535633f65756566a035656 } | |
| $a_24 = { 558bec83ec385356578b7d088b87c801 } | |
| $a_25 = { 558bec81ec2c010000d90588534300d8 } | |
| $a_26 = { 558bec5357ff7514e8650000008bd833 } | |
| $a_27 = { 558bec81ec4802000053568b750c5733 } | |
| $a_28 = { 558bec83ec288b55088b82c80100008b } | |
| $a_29 = { 558bec51538b5d08568b73148b460485 } | |
| $a_30 = { 558bec515356e889e3ffff8bf0ff7650 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Patcher_e749d9abf305f4de5ef4600e5949e77746644ff9e4ae5e58c3ca688397c7b169 { | |
| strings: | |
| $a_2 = { 558bec83c4fc03cb57f55b81eb061543 } | |
| condition: | |
| 2 of them | |
| } | |
| rule HackToolWin32Paycrack_14bd1debca3de71f0903e40d08e25ff29181292a3a98e97c9d13d614c313fcfe { | |
| strings: | |
| $a_2 = { 558bec83ec0c68421547feb164a14c50 } | |
| condition: | |
| 2 of them | |
| } | |
| rule HackToolWin32Pipecmd_85f008b39b31c117e093a561b16b3d931f5697688f76d374738ddfdb7a8dd374 { | |
| strings: | |
| $a_2 = { 558bec83ec5456578b7d0c33f6833f01 } | |
| condition: | |
| 2 of them | |
| } | |
| rule HackToolWin32QQExplorer_e6f043816f074030ecf41e9505969e83ff67a98cee4a36106fdc2a6d08c2165a { | |
| strings: | |
| $a_2 = { 558b401bdcc476c8fa4b4bc805fc89f2 } | |
| $a_3 = { 558be2f7d68c47ec44f0f1efe0cb0342 } | |
| $a_4 = { 558b279406a297eb9318cd95b4c9efff } | |
| condition: | |
| 3 of them | |
| } | |
| rule HackToolWin32Qqmima_5fc05b2f122266aa86e64f1c2117001b60e5cabfe8a05af360c8558d9ee97aaf { | |
| strings: | |
| $a_2 = { 558beccebedbff81c4ecfeffff536804 } | |
| condition: | |
| 2 of them | |
| } | |
| rule HackToolWin32Rabased_fe828977ac87ed7dd1df3a0833701d1567194f758691db83388a6d7a703845e6 { | |
| strings: | |
| $a_2 = { 558b6c1fb14fb6533a3dff05faf28dd7 } | |
| $a_3 = { 558b73b9d5e30a8a8830853c0afd4aa8 } | |
| $a_4 = { 558b45503acb95695b84a3ea0aee65f6 } | |
| $a_5 = { 558b4f1720f687678e6980c6deea1814 } | |
| $a_6 = { 558b071037d873dc1b7309761b1477f6 } | |
| $a_7 = { 558b4433ec11b3f6ffa0f56ca1d1541c } | |
| $a_8 = { 558b77a467be4d73d4fe480a62984dd5 } | |
| $a_9 = { 558bb48e5709bfd3a661e3c91505417c } | |
| $a_10 = { 558bd16796100abb7c4b13dc7e1dd86d } | |
| $a_11 = { 558b0c46f09c876d22a7c61b15d4739c } | |
| $a_12 = { 558bf2120de26200b25dab9b0a820a33 } | |
| $a_13 = { 558bcfb709cefa6873b19ae5aac093fc } | |
| $a_14 = { 558b62bf22b1fd709ca4dbacce9d2570 } | |
| $a_15 = { 558b10ebf33d6e25d176887652a9f890 } | |
| $a_16 = { 558b67402a6cbc81c4e2af5fc0f9b5ec } | |
| $a_17 = { 558bbc57c3ec7d69eb83e86da775de39 } | |
| $a_18 = { 558b4fecd139f5f36ec2314dc459663a } | |
| $a_19 = { 558b752568b4aa9b0fb47631b87cf123 } | |
| $a_20 = { 558b31f9527aaac4659ba8ca5153a03a } | |
| $a_21 = { 558b98fd387db1fcbf4cd5c2fa1c71e5 } | |
| $a_22 = { 558b6cc421125da2cc462fe5c9564160 } | |
| $a_23 = { 558b141d83b5c53fdc0a534e87fb0837 } | |
| $a_24 = { 558b6fe706391b97f63fcd34fec6c120 } | |
| $a_25 = { 558b4239403fe6f3c710bf12169bc7ec } | |
| $a_26 = { 558b3f92aa98fb98c803729956bfa4ec } | |
| $a_27 = { 558b64a8300e403eae614f168b7f6625 } | |
| $a_28 = { 558b4eeea598c5f2212ef2c305d11814 } | |
| $a_29 = { 558bde19e3422f0e67cd9b66d5861c97 } | |
| $a_30 = { 558b930017e7a2eea153cd04f86c4977 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Radinject_afeafc48de1f44ecc8b8650af92cbb74d647ee4a882f2cb7ccde09bfc8d5f17a { | |
| strings: | |
| $a_2 = { 558bec81c4a4feffffc745fc00000000 } | |
| condition: | |
| 2 of them | |
| } | |
| rule HackToolWin32Rdpbrute_c570b2a727efa5ff68ccffa4f8daffe444af5d362c8cd18b14d0a8b3c71076fe { | |
| strings: | |
| $a_2 = { 558bec5153568b7508894dfc8b4d0c57 } | |
| $a_3 = { 558bec837d100074168b4d088b018a10 } | |
| $a_4 = { 558bf8e8373400008306188b068bcf83 } | |
| $a_5 = { 558bec6aff6830494100683e17410064 } | |
| $a_6 = { 558bec83ec6c8d450856508d45fc508d } | |
| $a_7 = { 558bec56578b7d086a206a308bf157e8 } | |
| $a_8 = { 558b06668b0883c0028906668b1083c0 } | |
| $a_9 = { 558bec51518065ff00538a5d10568b75 } | |
| $a_10 = { 558bec51ff75108365fc00b910b74200 } | |
| $a_11 = { 558bec83ec2c8b4514834ddcff804dfe } | |
| $a_12 = { 558bec83ec10568bf183beb4ad010000 } | |
| $a_13 = { 558bec83ec145356578bf98b4d086a08 } | |
| $a_14 = { 558bec81ec00010000536860c14100ff } | |
| $a_15 = { 558bec51576a006a016a008d45fc6a00 } | |
| $a_16 = { 558bec5153568b750883650800894dfc } | |
| $a_17 = { 558bec518b55083b550c74238bca83c2 } | |
| $a_18 = { 558bec81ec2c0100008b450c5356578b } | |
| $a_19 = { 558bec51807d08035356578bf973798b } | |
| $a_20 = { 558bec83ec148d45fc56508d45ec8bf1 } | |
| $a_21 = { 558bec8b55085356578b02ff7508668b } | |
| $a_22 = { 558bec5153568b75085785f68bd97538 } | |
| $a_23 = { 558becff75148b450848ff751048ff75 } | |
| $a_24 = { 558bec83ec448b55088b4518834dc4ff } | |
| $a_25 = { 558bec81ec900000005356576a405b8b } | |
| $a_26 = { 558bec51538b5d0856578d45fc538bf9 } | |
| $a_27 = { 558bec81ec7c040000568d45fc57508d } | |
| $a_28 = { 558bec83ec18568b7508894de88b068a } | |
| $a_29 = { 558bec81ecd0000000538b5d0856570f } | |
| $a_30 = { 558bec8b4508817d0cff00000056578b } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Salvaf_580dd031550f9095f7c2a8457b89b6cc1c3d3a78dc530aa4a09e487b58eb5bb3 { | |
| strings: | |
| $a_2 = { 558be8d4a9a368542950a04ee9c92224 } | |
| $a_3 = { 558b09b7146c06d0d275d983bdbaf3d2 } | |
| condition: | |
| 2 of them | |
| } | |
| rule HackToolWin32SamDump_1a6a112fa17b49e57ce20abf787054d86f7ec0b52c7728c869db2ff287708e74 { | |
| strings: | |
| $a_2 = { 558becb824100000e8a3dfffff535657 } | |
| $a_3 = { 558bec6a408b450c508b4d0851e8fefe } | |
| $a_4 = { 558bec51a1307a42008945fc837d08ff } | |
| $a_5 = { 558b4508c1f8058b4d0883e11f8b1485 } | |
| $a_6 = { 558bec51535657837d08007521689052 } | |
| $a_7 = { 558bec51833d287f4200017e16680701 } | |
| $a_8 = { 558bec833d3c884200007407a1ac8742 } | |
| $a_9 = { 558bec83ec288b450850e8f102000083 } | |
| $a_10 = { 558bec51c745fc507f42008b45fc8b48 } | |
| $a_11 = { 558bec83ec08837d0ce0760433c0eb78 } | |
| $a_12 = { 558b45fc0fbf484883c10151e85a0a00 } | |
| $a_13 = { 558bec51833d287f4200017e16688000 } | |
| $a_14 = { 558bec83ec0c8b45083b059c8b420073 } | |
| $a_15 = { 558bec51833d287f4200017e136a028b } | |
| $a_16 = { 558becff1568a142005dc3cccccccccc } | |
| $a_17 = { 558bec51833d388642000175118b4508 } | |
| $a_18 = { 558bec83ec3856a1bc8b42006bc0148b } | |
| $a_19 = { 558bec6a006a006a01a1e8854200508b } | |
| $a_20 = { 558beca1ec8542005dc3cccccccccccc } | |
| $a_21 = { 558bec8b45083b059c8b4200720433c0 } | |
| $a_22 = { 558bec83ec08837d0800750733c0e987 } | |
| $a_23 = { 558bec833de0854200027405e84f7600 } | |
| $a_24 = { 558bec83ec545356578d7dacb9150000 } | |
| $a_25 = { 558bec8b45083b059c8b420073378b4d } | |
| $a_26 = { 558bec51c745fcfeffffffe8a0190000 } | |
| $a_27 = { 558bec83ec148b450850e8a101000083 } | |
| $a_28 = { 558bec83ec08535657a1307a420083e0 } | |
| $a_29 = { 558bec51535657a1307a420083e00485 } | |
| $a_30 = { 558bec51833db88b4200000f841b0100 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32SanmaoSMTPMailCracker_049c6ba7ef2cdf11065678f2f564d9e5efe9ed21898175f418ddbffb7e319fc8 { | |
| strings: | |
| $a_2 = { 558bec83ec2c5356578bf1e8a22d0000 } | |
| $a_3 = { 558bec83ec1c53568b35843343006a03 } | |
| $a_4 = { 558bec6aff6800684300689453410064 } | |
| $a_5 = { 558bec5153578bd96a10e897b4ffff85 } | |
| $a_6 = { 558bec83ec108d45f0568bf150ff15f4 } | |
| $a_7 = { 558bec56576841cd4200b9cc554400e8 } | |
| $a_8 = { 558bec83ec1c56be106043008b066a02 } | |
| $a_9 = { 558bec5356be287044005756ff15b432 } | |
| $a_10 = { 558bec83ec34e89c9600008945fc8b40 } | |
| $a_11 = { 558bec5151568bf1578b3da03043008b } | |
| $a_12 = { 558b2d1835430056578b7c24148bf157 } | |
| $a_13 = { 558b4524890dac3144006bc03c034528 } | |
| $a_14 = { 558bec6aff68e8674300689453410064 } | |
| $a_15 = { 558bec5151568bf1578b3d243043008b } | |
| $a_16 = { 558bec6aff68d8654300689453410064 } | |
| $a_17 = { 558bec83ec0c53bb8037440033c983eb } | |
| $a_18 = { 558bec518d45fc6848a8430050c745fc } | |
| $a_19 = { 558bec6aff68b8674300689453410064 } | |
| $a_20 = { 558bec6aff68d8674300689453410064 } | |
| $a_21 = { 558bec81ec90000000535657ff153435 } | |
| $a_22 = { 558bec6aff68786b4300689453410064 } | |
| $a_23 = { 558bec5633f639357c714400750fff75 } | |
| $a_24 = { 558bec83ec185356576a19e86a300000 } | |
| $a_25 = { 558bec83ec10538b5d0c565753ff1574 } | |
| $a_26 = { 558bec6aff6838684300689453410064 } | |
| $a_27 = { 558becb82c120000e8aeaeffff8d8568 } | |
| $a_28 = { 558bec6aff6888674300689453410064 } | |
| $a_29 = { 558bec56ff7514e87c580000ff7514ff } | |
| $a_30 = { 558bec81eccc0000008d45f050ff1530 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32ScreenLock_e6ef2b529f553b569c7d6f71cdb4e2a1a6b24d9d0eddf8408429f3b2e25be91c { | |
| strings: | |
| $a_2 = { 558b7982da52f89f5190ad51713903d3 } | |
| $a_3 = { 558bc4f97a8804bde0f01aa5d068cd98 } | |
| $a_4 = { 558b375414260182d9449096cac77b14 } | |
| $a_5 = { 558bb23817567cf430d5208e0387b595 } | |
| $a_6 = { 558beec22acfecdd9acb918d2c3e5d0c } | |
| condition: | |
| 5 of them | |
| } | |
| rule HackToolWin32Skipun_e1720526fda756c9838cf9b3ff47d4bd5794bd82cb4d5e21cf8d8c9b4d766673 { | |
| strings: | |
| $a_2 = { 558b8baea5568e1785f5aa14e957a52e } | |
| $a_3 = { 558b558c5589758db58c358aa58bd58a } | |
| $a_4 = { 558b9d056af9c0a233728d4ca9bfd9ff } | |
| $a_5 = { 558bdabf2cbcbc04fc45bfa04d5820df } | |
| $a_6 = { 558bc9d8a3a77da61f8b204e30f6ad5d } | |
| $a_7 = { 558b36841ca6bd592a4ea42f4d0b9e8b } | |
| $a_8 = { 558b9e47b6d4bc5467e9ad30e878ff74 } | |
| $a_9 = { 558b3c702c006ee860aed24e07204aac } | |
| $a_10 = { 558b887561173f34a8106d1d66eaf495 } | |
| $a_11 = { 558b1ebca22576b63d3934482d2c79ad } | |
| $a_12 = { 558b9d72b5fc07ca2e727989d3f4af22 } | |
| $a_13 = { 558b6e1ecce4f112507b17a6e6497aec } | |
| $a_14 = { 558bafe12ce648e7cf587601da906b4f } | |
| $a_15 = { 558bd50f317ab58349d893ec29562cef } | |
| $a_16 = { 558beb3684c23b6eec300c507af754be } | |
| $a_17 = { 558b75d30f77f6f1ac0d29a3c60d40e7 } | |
| $a_18 = { 558b483b6f9dcfb80fcb1e1564195974 } | |
| $a_19 = { 558bdb0118588ab5e1b801cda70c38a4 } | |
| $a_20 = { 558b8f9af048fae679a4e17a86371e3d } | |
| $a_21 = { 558b8b4d55df84e3922a5fe31d3ba784 } | |
| $a_22 = { 558b1b3f7e539e8f51e194fd4989cda1 } | |
| $a_23 = { 558b20f074237a0bbe60e7e1b0455795 } | |
| $a_24 = { 558b1bed09629b19afe91fe8d1b93075 } | |
| $a_25 = { 558b43d3cbef71a582792132da52498b } | |
| $a_26 = { 558b65a96d8a90948a8a956525216521 } | |
| $a_27 = { 558b6f09f1c27b8c90f4320c4aec625e } | |
| $a_28 = { 558b77d1b74b7bb1d7b3ea802bf2998c } | |
| $a_29 = { 558b01f063d79dff4c00b50bfc910b6c } | |
| $a_30 = { 558b83ae999bbfbf68e6cfaff91a5a8f } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Skymmer_9156ded82c471e5060fa34b8c01836749f62a3b959cafbcf789473b735ea4509 { | |
| strings: | |
| $a_2 = { 5589e583e00457e8a0345f811aef0cd1 } | |
| $a_3 = { 558bc8d400a857bf880cfa0af81f0276 } | |
| $a_4 = { 558b14c7f8ce71804d849f24964880e4 } | |
| $a_5 = { 558b95b153a8494286d07333a796555e } | |
| $a_6 = { 5589e5d2f18f80c8830ef23775900775 } | |
| $a_7 = { 558b40a78f94c012b69160b826b46bc8 } | |
| $a_8 = { 558b049f685cb149d114cf5e62440ce7 } | |
| $a_9 = { 558b84f4531ee96c45b831f03c071f05 } | |
| $a_10 = { 558b0def9e315100c8d57468693aad79 } | |
| $a_11 = { 558b6c514cbf955fd59c258410942e6f } | |
| $a_12 = { 558b8eec130a6df5344cf09e7141dc3a } | |
| $a_13 = { 558bcb304e52504a56b88ce29d6a8e02 } | |
| $a_14 = { 5589e5505351568b75088b4d0cc1e902 } | |
| $a_15 = { 558b9ff7fa95e8aa84858f0ce05c0699 } | |
| $a_16 = { 558b00f73740b8c5501d79004f0a6a47 } | |
| $a_17 = { 558bfb1c0963ce0291bfb298607c7ad6 } | |
| $a_18 = { 558bb860a1371b57e03106035c654018 } | |
| $a_19 = { 558b09f839f530689d003f2cec210bd6 } | |
| $a_20 = { 558b186e103d8ec92df429f62488b9cf } | |
| $a_21 = { 558b57a33dd77a8a0160d7518786b3d7 } | |
| $a_22 = { 558b8df4f348aca006ef78f666c05472 } | |
| $a_23 = { 558bd84a505bd0ac3c1326d77c807016 } | |
| $a_24 = { 558b794e2f00e8e6163d7e7decee1dae } | |
| condition: | |
| 19 of them | |
| } | |
| rule HackToolWin32Socialpassview_71a2501786a808512236d2cb32ff7b583ce5e9294dc026cdfb15ca2fd14b8b98 { | |
| strings: | |
| $a_2 = { 558bec83ec1453568bb1e0010000578b } | |
| $a_3 = { 558bec5153568bd98bf2573b730c7d49 } | |
| $a_4 = { 558bec8b45088078730074088b80c000 } | |
| $a_5 = { 558bec5151568bf28975f885f6743680 } | |
| $a_6 = { 558bec83ec1057ff750c8d4df0e851e7 } | |
| $a_7 = { 558bec56578b7d08ff7744e84999fcff } | |
| $a_8 = { 558bec565733f6ff750cff7508e8bc9f } | |
| $a_9 = { 558bec83ec248d4ddcff7508e890aeff } | |
| $a_10 = { 558bec8b550c56578b7d088bcfe801fe } | |
| $a_11 = { 558bec837d080074075dff25247c4600 } | |
| $a_12 = { 558bec51568b75085785f6750a6a0759 } | |
| $a_13 = { 558bec83ec385356578bf98bda8b0f0f } | |
| $a_14 = { 558bec56578b7d08ff77088b37ff4740 } | |
| $a_15 = { 558bec83e4f88b4d100fb6411e480f84 } | |
| $a_16 = { 558bec5153568bf2578975fc8bd9e8b9 } | |
| $a_17 = { 558bec8b5508568bf1c70694a945008b } | |
| $a_18 = { 558bec8b4508565785c078603b05f8cc } | |
| $a_19 = { 558bec83e4f88b550c83ec3c8d44240c } | |
| $a_20 = { 558bec518d45fc5068c86545006a00ff } | |
| $a_21 = { 558bec83ec30538bc1568b18578bb8e4 } | |
| $a_22 = { 558bec83e4f881ecf4000000a1406046 } | |
| $a_23 = { 558bec81eccc000000a14060460033c5 } | |
| $a_24 = { 558bec51535633f646578bf985d27516 } | |
| $a_25 = { 558bec515356578bfa894dfce879d2ff } | |
| $a_26 = { 558bec83ec1c56e84388ffff85c07422 } | |
| $a_27 = { 558bec53565733ffe8fff5ffff8bd88b } | |
| $a_28 = { 558bec568bf185d275148b5508e8e302 } | |
| $a_29 = { 558bec8b4d10538b0956578b7d08b201 } | |
| $a_30 = { 558bec5153568bf2578bf985f675056a } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32SqlCrack_9e72675c3894c6125bb3f76adc290f5e46fe1bf110994c3e42899e144ebd2c0b { | |
| strings: | |
| $a_2 = { 558bec83ec2ca1681341003345045356 } | |
| $a_3 = { 558bec83ec18dd0530fa4000dd5df8dd } | |
| $a_4 = { 558bec83ec14a168134100334504538b } | |
| $a_5 = { 558bec81ec0c010000a1681341003345 } | |
| $a_6 = { 558bec8b4508568d34c5b0134100833e } | |
| $a_7 = { 558bec51518d45f850ff1570e040008b } | |
| $a_8 = { 558bec515153565733db6a07895df8e8 } | |
| $a_9 = { 558bec83ec105333db391df422410056 } | |
| $a_10 = { 558b42df48328e366676312a4865f990 } | |
| $a_11 = { 558bec81ec20040000a1681341003345 } | |
| $a_12 = { 558bec81ec18050000a1681341003345 } | |
| $a_13 = { 558bec83ec2ca1681341003345045389 } | |
| $a_14 = { 558bec83ec28a168134100334504538b } | |
| $a_15 = { 558b6c2420565768cce7400055894424 } | |
| $a_16 = { 558bec83ec10568d45f850ff1570e040 } | |
| $a_17 = { 558bec56576a08e8d90c000033f64639 } | |
| $a_18 = { 558bec83ec2ca1681341003345045689 } | |
| $a_19 = { 558b6c24308b4548c70481140000008b } | |
| $a_20 = { 558bec83ec485356576a0458e812bcff } | |
| $a_21 = { 558bec83ec148b4d08a1d02641008b15 } | |
| $a_22 = { 558bac245408000033db5633f63beb89 } | |
| $a_23 = { 558bec8b4508ff34c5b0134100ff1558 } | |
| $a_24 = { 558bc1c1f8058d3c85002741008bc183 } | |
| $a_25 = { 558bec83ec58a1681341003345045356 } | |
| $a_26 = { 558b2d50e14000568bb4241c01000057 } | |
| $a_27 = { 558bec515153568b35f0224100578b7d } | |
| $a_28 = { 558bec83ec0ca1681341003345048065 } | |
| $a_29 = { 558becb80c100000e869bfffffa16813 } | |
| $a_30 = { 558b6c2424565768cce7400055894424 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Sqlinject_1a871b3a0de26d27ad023b84192dce47bca3a97d9dcb7e02d84b50371ce84a84 { | |
| strings: | |
| $a_2 = { 558ba4823acf2779864e2ec3c8e8b127 } | |
| $a_3 = { 558b51d6c3b78111874b68a160809db4 } | |
| $a_4 = { 558b96f1e4040580535d6d074c252865 } | |
| $a_5 = { 558bfd5b62c8f07e00be9dca36dbf6af } | |
| $a_6 = { 558bad9105aca173c4187484235bfb4f } | |
| $a_7 = { 558b665c5187141204bb3a9af3cd7fab } | |
| $a_8 = { 558b1a6ccbf3e50f03a29536ab2cbd18 } | |
| $a_9 = { 558b1a5ec6092c57aa1c42d5575ee2c8 } | |
| $a_10 = { 558b295022b914185922d4b971042388 } | |
| $a_11 = { 558b2fa614afab953edb0427e65d618a } | |
| $a_12 = { 558b5a3775f7bb22e34f05e1e3a08a78 } | |
| $a_13 = { 558b36a250407a687b9aafad6de15717 } | |
| $a_14 = { 558b032b255573630a883a61a20ea454 } | |
| $a_15 = { 558bc2ad01afefbb8c08951e61953f33 } | |
| $a_16 = { 558b05ee400a44c696515af7b63528cc } | |
| $a_17 = { 558bd482d5ddd1209cd5b1ed3a661211 } | |
| $a_18 = { 558b65e64517df2109a74ad1e044b3a6 } | |
| $a_19 = { 558bacea41eaebc543eb4d400a01988e } | |
| $a_20 = { 558b5634ebb00b93f1a0223eea101d09 } | |
| $a_21 = { 558b4ce50c74fcbd0c7102a15efd7496 } | |
| $a_22 = { 558b3171fea1e68fa10384be010a683e } | |
| $a_23 = { 558b57d678e335546c66261eab67f661 } | |
| $a_24 = { 558bf8943005005fd76a094d4044f513 } | |
| $a_25 = { 558b997d03986383f374974dcbf4a54a } | |
| $a_26 = { 558b11f3dc645478bda2f6c3d2eda0d7 } | |
| $a_27 = { 558bed1a8fe4671706727a976f6e942c } | |
| $a_28 = { 558b572eb5b40f9a6d970ba767704630 } | |
| $a_29 = { 558be088bc485510acbfb408f1021759 } | |
| $a_30 = { 558b0596408811b474193c2f34cb3102 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32SuperScan_7859586c038558c3dac6d92c9dd336be2ddb46c709f301907571e96f63bd80ac { | |
| strings: | |
| $a_2 = { 558bec83ec2c53568b3584914000576a } | |
| $a_3 = { 558bec83ec2853568b3584914000576a } | |
| $a_4 = { 558bec83ec405356578b353492400033 } | |
| $a_5 = { 558bec8b450c5648480f84b10000002d } | |
| $a_6 = { 558bec83ec30a118b24000568945f857 } | |
| $a_7 = { 558bec83ec208d45e06a2050ff750cff } | |
| $a_8 = { 558bec568bf18a4d148b46208848148b } | |
| $a_9 = { 558bec83ec28535657ff750cff7508ff } | |
| $a_10 = { 558bec83ec1c8b4508538945f4a120cc } | |
| $a_11 = { 558bec81ec04040000837d0c00570f84 } | |
| $a_12 = { 558bec83ec246804b54000ff750cff15 } | |
| $a_13 = { 558bec83ec145657be18b540008d7dec } | |
| $a_14 = { 558bec81ec180400000fb74508538b5d } | |
| $a_15 = { 558bec83ec405356578d45e08b353892 } | |
| $a_16 = { 558bec568b35b8914000ff750cff7514 } | |
| $a_17 = { 558bec833de4d5400000740bff7508e8 } | |
| $a_18 = { 558bec6aff68c0974000681086400064 } | |
| $a_19 = { 558bec83ec28ff750cff7508ff15ac91 } | |
| $a_20 = { 558bec81ec280100005356578b358491 } | |
| $a_21 = { 558bec81ec5802000053576898b44000 } | |
| $a_22 = { 558bec81ec00020000a14ccb400085c0 } | |
| $a_23 = { 558bec81ec280200008b4d0c535657b8 } | |
| $a_24 = { 558bec8b4d08538b5d0c894d088a0141 } | |
| $a_25 = { 558bec83ec3c565733c0bf34bb400083 } | |
| $a_26 = { 558b2d44d5400056578b3d40d5400068 } | |
| $a_27 = { 558bec81ec040100008b450c5356576a } | |
| $a_28 = { 558bec81ec6002000068a09740006870 } | |
| $a_29 = { 558bec83ec205633f68d45e05650566a } | |
| $a_30 = { 558bec81ec4c01000053568b750c8d85 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Timrev_1411b9339c7cdc21dce0976cb14f6a606cc0bf6ac90f00c6c5ba1abe5af9887d { | |
| strings: | |
| $a_2 = { 558bec55c400ea3e68d61a64ff326489 } | |
| $a_3 = { 558bd32326e05294202a4989114cac75 } | |
| $a_4 = { 558be833dbeb600d0a0d0a5757506163 } | |
| $a_5 = { 558bc53e8b8d67020000bb8302000003 } | |
| $a_6 = { 558b34243d59029a2f94677b51a89b1f } | |
| $a_7 = { 558b7d14c4a758838e903cc381fb1040 } | |
| $a_8 = { 558bd9e8c743e30d01c8046a0468b272 } | |
| $a_9 = { 558b06c4ef0a898ecd21ace5ac002ea3 } | |
| $a_10 = { 558be231497306bea9c47c0dae5e660c } | |
| $a_11 = { 558b40b084b4e62b132ea15d42edfd3f } | |
| condition: | |
| 9 of them | |
| } | |
| rule HackToolWin32Virledi_b46e36fc31365c1bb1c6963916147048180d4d69c5520b7c66acdae38b386fe3 { | |
| strings: | |
| $a_2 = { 558bec83ec0c68b617400064a1000000 } | |
| $a_3 = { 558bec83ec1468b617400064a1000000 } | |
| $a_4 = { 558bec83ec0c68b612400064a1000000 } | |
| $a_5 = { 558bec83ec0868b617400064a1000000 } | |
| $a_6 = { 558bec83ec1868b617400064a1000000 } | |
| $a_7 = { 558bec83ec1868b612400064a1000000 } | |
| $a_8 = { 558bc947518c9e96b69eb71d38740f1c } | |
| condition: | |
| 6 of them | |
| } | |
| rule HackToolWin32Vncpass_51314fb72d4111636080e4a99b4bb020264b8a09e51b11eda2ea4952eff51725 { | |
| strings: | |
| $a_2 = { 558bec6844714000ff15145040005968 } | |
| $a_3 = { 558bec6864704000ff15145040005968 } | |
| $a_4 = { 558bec6850774000ff15145040005968 } | |
| $a_5 = { 558bec68e4704000ff15145040005968 } | |
| $a_6 = { 558beca1e07c40003b05407c40007c0d } | |
| $a_7 = { 558bec68e86b400068d86b4000ff1534 } | |
| $a_8 = { 558bec6870734000ff15145040005968 } | |
| $a_9 = { 558bec83ec0c5683251478400000eb0b } | |
| $a_10 = { 558bec83ec0c56ff7508e8c108000059 } | |
| $a_11 = { 558becff152450400099b9e8030000f7 } | |
| $a_12 = { 558bec81ec780500005657a06c7d4000 } | |
| $a_13 = { 558bec8b450c8b4004a328784000837d } | |
| $a_14 = { 558bec6854724000ff15145040005968 } | |
| $a_15 = { 558bec689c754000ff15145040005968 } | |
| $a_16 = { 558bec6894774000ff1514504000595d } | |
| $a_17 = { 558bec83ec0c56ff7508e8110c000059 } | |
| $a_18 = { 558becff750868246c4000ff15145040 } | |
| $a_19 = { 558bec6aff68d050400068fa49400064 } | |
| $a_20 = { 558bec68e0724000ff15145040005968 } | |
| $a_21 = { 558bec6864744000ff15145040005968 } | |
| $a_22 = { 558bec68cc714000ff15145040005968 } | |
| $a_23 = { 558becff7508ff15005040005dc3558b } | |
| $a_24 = { 558bec6874764000ff15145040005968 } | |
| condition: | |
| 19 of them | |
| } | |
| rule HackToolWin32Wce_40b0e8182990403ea00be3bd0dcec156e57056c263b6292942b8f29599889231 { | |
| strings: | |
| $a_2 = { 558bec6a01ff750cff7508e800005dc2 } | |
| $a_3 = { 558bec6a00ff750cff7508e800005dc2 } | |
| $a_4 = { 558bec56be008b45088908c740040000 } | |
| condition: | |
| 3 of them | |
| } | |
| rule HackToolWin32WDigest_d6a67788b931e443678c4d5ed544955fa90a418f6468aa2fecdea71ea73b44e6 { | |
| strings: | |
| $a_2 = { 558bec83ec348b550c53568bf08b4638 } | |
| $a_3 = { 558bec5151565785c9747785c074738b } | |
| $a_4 = { 558bec51568b750c56e86915ffff8945 } | |
| $a_5 = { 558bec8b0683ec10578d4df851ff7510 } | |
| $a_6 = { 558bec51518b450853568b3033db5789 } | |
| $a_7 = { 558bec518d4508506802e8460068b0e7 } | |
| $a_8 = { 558bec83ec288365f8008365fc005733 } | |
| $a_9 = { 558bec83ec14538bd88b4508f6402804 } | |
| $a_10 = { 558bec81eca80000005356576a305889 } | |
| $a_11 = { 558bec83ec24535633db578bf88b4508 } | |
| $a_12 = { 558bec83ec30a1e01c490033c58945fc } | |
| $a_13 = { 558bec83ec1053568b7510578bc6c1e0 } | |
| $a_14 = { 558bec518b4d08535633f63bfe75083b } | |
| $a_15 = { 558becb87073736d5dc3558bec83e4f8 } | |
| $a_16 = { 558bec83ec488945ec8b450853568b75 } | |
| $a_17 = { 558bec53568b3528824600578b7d0857 } | |
| $a_18 = { 558bec83e4f883ec2c33c06689442414 } | |
| $a_19 = { 558bec83e4f883ec4c53568b750c33c0 } | |
| $a_20 = { 558bec83e4f8518b45085356576a205b } | |
| $a_21 = { 558bec51833dc41e4900fe7505e88a1b } | |
| $a_22 = { 558bec518d45fc50ff15fc83460050ff } | |
| $a_23 = { 558bec8b450883ec1856578d4df051c6 } | |
| $a_24 = { 558bec83ec0c5668000000f06a1833f6 } | |
| $a_25 = { 558bec83ec74a1e01c490033c58945fc } | |
| $a_26 = { 558bec515153568bd88b450833f6578b } | |
| $a_27 = { 558bec83ec1056ff750c8d4df0e8d0ee } | |
| $a_28 = { 558bec51565733ff578d45fc5068f0a3 } | |
| $a_29 = { 558bec5153565733f6568d45fc5068cc } | |
| $a_30 = { 558bec83ec745333db57538d45f05068 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Welevate_626a289478b51c3f60bf7f8543646caab42a565bcba2e441889c9336c575c410 { | |
| strings: | |
| $a_2 = { 558bec83ec1053ff75108d4df0e8e188 } | |
| $a_3 = { 558bec83ec0c894dfc837d080074538b } | |
| $a_4 = { 558becff750cff7508ff35c8ae4200e8 } | |
| $a_5 = { 558bec83ec14a17cba42008b4d086bc0 } | |
| $a_6 = { 558bec83ec10a12cb942008a008365f8 } | |
| $a_7 = { 558bec83ec14535657e8b1d0feff8365 } | |
| $a_8 = { 558bec83ec10ff750c8d4df0e8aba7fe } | |
| $a_9 = { 558bec6aff68580a420064a100000000 } | |
| $a_10 = { 558bec6aff68d809420064a100000000 } | |
| $a_11 = { 558bec68b4534200ff150c11420085c0 } | |
| $a_12 = { 558bec6aff68bd09420064a100000000 } | |
| $a_13 = { 558bec5de9841500008bff558becff75 } | |
| $a_14 = { 558bec51535657ff3508b80010e8e5ca } | |
| $a_15 = { 558bec83ec20894de08b45088945fceb } | |
| $a_16 = { 558bec83ec10ff750c8d4df0e825a7fe } | |
| $a_17 = { 558bec81eccc0000008b45088945fc8b } | |
| $a_18 = { 558bec83ec10ff750c8d4df0e824a4fe } | |
| $a_19 = { 558bec8b450c8a008b4d0888015dc38b } | |
| $a_20 = { 558bec81ec28030000a1b4a1420033c5 } | |
| $a_21 = { 558beca12cb9420083ec305333db3818 } | |
| $a_22 = { 558bec83ec7ca1b4a1420033c58945fc } | |
| $a_23 = { 558bece83a2c0000ff7508e8872a0000 } | |
| $a_24 = { 558bec8b0d7cba4200a180ba42006bc9 } | |
| $a_25 = { 558bec5633f639357cb44200750733c0 } | |
| $a_26 = { 558becff7508ff35c0a14200ff151011 } | |
| $a_27 = { 558bec515333db563bfb751ee8d74100 } | |
| $a_28 = { 558bec568b3534af4200eb215750ff75 } | |
| $a_29 = { 558bec83ec1053ff75148d4df0e81c93 } | |
| $a_30 = { 558bec83ec1853ff75108d4de8e80694 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Wincred_bbe7d20fcf5f109c05ce53c060fd8fa9560768d5afc31fd094665171817e1472 { | |
| strings: | |
| $a_2 = { 558b1c3d7fe1d9285499e867823cc5c1 } | |
| $a_3 = { 558b5f6cc6684eafbcb8a3a79188047b } | |
| $a_4 = { 558bddb652daaa808ef7b25be58327d3 } | |
| $a_5 = { 558b4ae7e67e88416afdad1ba68e84f2 } | |
| $a_6 = { 558bc7112ea060cad508e67444eb2453 } | |
| $a_7 = { 558b657ebdafafeac645945a38d88609 } | |
| $a_8 = { 558b54a21cc993cdf48b42933d3e832f } | |
| $a_9 = { 558b61449c8068185eb2af3992e717db } | |
| condition: | |
| 7 of them | |
| } | |
| rule HackToolWin32Wirekeyview_74c29c34ad63cf26b7a5e51d463bfa008a799ecf480a7459a072e03e3d5381a2 { | |
| strings: | |
| $a_2 = { 558b73f8f38a3770e8c13b6187a40c5d } | |
| $a_3 = { 558bc507f5be51b7a2ad759ade4f6ef6 } | |
| $a_4 = { 558b4da2bca0aa590596f3fbcd5b5fcb } | |
| $a_5 = { 558bd6644558509f86663659a78d944b } | |
| $a_6 = { 558b954e2f6ec1a45764485f374b7f87 } | |
| $a_7 = { 558bb453461121cf614acd768f9e5d1a } | |
| $a_8 = { 558b75a0dd2436a3a61f155d18fdd8f5 } | |
| $a_9 = { 558bb34cae8935d9b6561c27dbe8c7c4 } | |
| condition: | |
| 7 of them | |
| } | |
| rule HackToolWin32WMIShell_c33bc677d17a9de14f17fa796610ad996bddb6a52d282296dc34e3e3b065d420 { | |
| strings: | |
| $a_2 = { 558bec8b450885c075025dc3833de413 } | |
| $a_3 = { 558bec5151a1c41841005683f8037519 } | |
| $a_4 = { 558b2d20c040008944240c8944241056 } | |
| $a_5 = { 558bec6aff6808c4400068fc8b400064 } | |
| $a_6 = { 558bec83ec1c518d4de4e85effffff68 } | |
| $a_7 = { 558bec83ec1c518d4de4e813ffffff68 } | |
| $a_8 = { 558bec5153568b356ceb400057837e10 } | |
| $a_9 = { 558bec6aff68f8c3400068fc8b400064 } | |
| $a_10 = { 558becb82c120000e862d6ffff8d8568 } | |
| $a_11 = { 558bec6aff68d0c3400068fc8b400064 } | |
| $a_12 = { 558bec6aff6820c4400068fc8b400064 } | |
| $a_13 = { 558bec535657556a006a006854444000 } | |
| $a_14 = { 558bec6aff6810c8400068fc8b400064 } | |
| $a_15 = { 558bec83ec14a1b41841008b15b81841 } | |
| $a_16 = { 558bec51515333db391dcc1841005657 } | |
| $a_17 = { 558bec83ec1c518d4de4e883ffffff68 } | |
| $a_18 = { 558bec83ec1c518d4de4e8bbffffff68 } | |
| $a_19 = { 558bec6aff6828c8400068fc8b400064 } | |
| $a_20 = { 558bec51833de41341000053751d8b45 } | |
| $a_21 = { 558bec6aff68e8c3400068fc8b400064 } | |
| $a_22 = { 558bec83ec10568bf18b4e1c33d23911 } | |
| $a_23 = { 558bec83ec0c53568b7508573b35a018 } | |
| $a_24 = { 558bec6aff68c0c3400068fc8b400064 } | |
| $a_25 = { 558bec83ec1c518d4de4e841ffffff68 } | |
| $a_26 = { 558b2de4c04000565733db33f633ff3b } | |
| $a_27 = { 558bec83ec10538b5d0883fbff568bf1 } | |
| $a_28 = { 558bec515153568b35880b4100578b56 } | |
| $a_29 = { 558bec5151833d041441000056577421 } | |
| $a_30 = { 558bc18bf1c1f80583e61f8d3c85a017 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32WpePro_8c330b1fbd24075ffc80ed1a4aef21e4fb8804ddd8d56cd2ef08d0acefdae91c { | |
| strings: | |
| $a_2 = { 558bec6aff6880ab480064a100000000 } | |
| $a_3 = { 558bec6aff6878b84900682444450064 } | |
| $a_4 = { 558bdebf080c4b0083c9ff33c0f2aef7 } | |
| $a_5 = { 558bec535657e8034801008bd833f68b } | |
| $a_6 = { 558b48f85251508b44243c50ff1574f0 } | |
| $a_7 = { 558bec83ec4053568b3590f14800576a } | |
| $a_8 = { 558bec568b750868307349008bcee87c } | |
| $a_9 = { 558bec83ec106819e04700b968054d00 } | |
| $a_10 = { 558bec8b450885c075025dc3833dc80b } | |
| $a_11 = { 558bec833dfc244d0000578b7d08897d } | |
| $a_12 = { 558bec83ec2c5356578bf1e814ca0100 } | |
| $a_13 = { 558bcee8952b00008b6c242885ed7c76 } | |
| $a_14 = { 558bec5153568bf157ff36ff151cf348 } | |
| $a_15 = { 558bec83ec2c5356578bf1e8a0380000 } | |
| $a_16 = { 558bec6aff68088a480064a100000000 } | |
| $a_17 = { 558bce89ae48010000e8edf2ffff8b4e } | |
| $a_18 = { 558bec6aff6870b64900682444450064 } | |
| $a_19 = { 558b6c2414682000cc00f7d81bc05623 } | |
| $a_20 = { 558bec83ec6053568bf1578975f8e89b } | |
| $a_21 = { 558bec515153568b7508578bcee8d331 } | |
| $a_22 = { 558bec5156578bf98d4dfce839190000 } | |
| $a_23 = { 558bec568bf1ff761cff1534f6480085 } | |
| $a_24 = { 558bec5153565733ff33db813d1ccc4a } | |
| $a_25 = { 558b6c244056578b45188bf950e8a7d7 } | |
| $a_26 = { 558bcfe8534301008946308b4c24145f } | |
| $a_27 = { 558bc8e8087effff8b467c3bc5750433 } | |
| $a_28 = { 558bcbff50288b53088d4c242c516a34 } | |
| $a_29 = { 558bec56ff7508e82e2a0000ff7510ff } | |
| $a_30 = { 558bec6aff6888b64900682444450064 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin32Yacra_b576de54cdbff4ab2716f74923e7e7c5e18583eace0a92efc11b109497bddcae { | |
| strings: | |
| $a_2 = { 558bec6aff687071400068402d400064 } | |
| $a_3 = { 558bec6aff681871400068402d400064 } | |
| $a_4 = { 558becb800100000e805003cbc538b5d } | |
| $a_5 = { 558bec53ff7508e80500167785c0590f } | |
| $a_6 = { 558b2d187040008b0d208a400085c974 } | |
| $a_7 = { 558bec6aff685071400068402d400064 } | |
| $a_8 = { 558bec6aff686071400068402d400064 } | |
| $a_9 = { 558bec5151833da48a40000056577421 } | |
| $a_10 = { 558bec6aff682871400068402d400064 } | |
| $a_11 = { 558b2d90704000565733db33f633ff3b } | |
| $a_12 = { 558bec53568bf157837e30ff0f852a01 } | |
| $a_13 = { 558bec51515333db391de89f40005657 } | |
| $a_14 = { 558bec6aff688871400068402d400064 } | |
| $a_15 = { 558bec5356578bf16a0133ffe8050043 } | |
| $a_16 = { 558bec5156578bf1e8050041a285c074 } | |
| $a_17 = { 558bec83ec18535657ff7508e8050026 } | |
| $a_18 = { 558bec83ec14a1949c40008b15989c40 } | |
| $a_19 = { 558bec6aff68f074400068402d400064 } | |
| $a_20 = { 558bc18bf1c1f80583e61f8d3c85e09e } | |
| $a_21 = { 558bec6aff683871400068402d400064 } | |
| $a_22 = { 558bec535657556a006a006824194000 } | |
| $a_23 = { 558bec6aff68d874400068402d400064 } | |
| $a_24 = { 558bec83ec0c53568b7508573b35e09f } | |
| condition: | |
| 19 of them | |
| } | |
| rule HackToolWin32ZomShc_40f6ba224e55ca2e67ba68ee168631e46c6bdfb79666908db7f2bd1eaee5e646 { | |
| strings: | |
| $a_2 = { 558bb8ac6d6861ec715e2646617cf67e } | |
| $a_3 = { 558b6e20db52cd417145ae6a4feb77d9 } | |
| $a_4 = { 558bec8b45108b5508807d0c007410c6 } | |
| condition: | |
| 3 of them | |
| } | |
| rule HackToolWin64AutoKMS_7485279c1814bea11b2364475c660d83daf0706dd770fd76a58856d90959a199 { | |
| strings: | |
| $a_2 = { 558b90c7dab01b4f7905f3f2260ed5e2 } | |
| $a_3 = { 558b98ee195e1255015002a0fb9058da } | |
| $a_4 = { 558b719db66d6cc346c459742a8e560b } | |
| $a_5 = { 558bffea83ba7d8dbff100040d488953 } | |
| $a_6 = { 558b2e419c5b33c27c6c13302b70caf1 } | |
| $a_7 = { 558bd81ab5d36de0ef8ddfde4247f4d2 } | |
| $a_8 = { 558bd916763228cfdd2abff7e50ddc20 } | |
| $a_9 = { 558b54c7c4fe900193f37e058ac70efb } | |
| $a_10 = { 558b5dc6b2a79b4d4551e5d14641c216 } | |
| $a_11 = { 558bd843ff33f0b333b1a36ff4aa7a7c } | |
| $a_12 = { 558bad1aabc160e71d48c99738808b05 } | |
| $a_13 = { 558b187dd11b936d0db891b48770d74a } | |
| $a_14 = { 558bac022c48e79ce0bad4d00b670483 } | |
| $a_15 = { 558bb03d4f8843d7b6d8dc42bf670c73 } | |
| $a_16 = { 558b1c66fd3a8501a16e985eb6130f4e } | |
| $a_17 = { 558b855b83598495ac22db2a302aab08 } | |
| $a_18 = { 558b8ec76f275fc868ddfe81ca37e74c } | |
| $a_19 = { 558b2b5125cc8c638f9186b9996574ca } | |
| $a_20 = { 558b32f09f7f2dd3f3c71279ae5a6924 } | |
| $a_21 = { 558b05abe27b60ff02b0bac179e754f4 } | |
| $a_22 = { 558b7d2efafff8f349e5f2c7f4a3896c } | |
| condition: | |
| 18 of them | |
| } | |
| rule HackToolWin64BCoinMine_706ae112e98f5bd12fa5677296a2e14d67ec4ddbd7316475491234d5cb624476 { | |
| strings: | |
| $a_2 = { 558b9f1b9a7894c13e4aa4c776f03f84 } | |
| $a_3 = { 558b2c80c4f095283aa5099a41c2a57e } | |
| $a_4 = { 558ba829a1eabc954ee67b5e996d44fe } | |
| $a_5 = { 558b614fa8f515a08ab07e72973d26a8 } | |
| $a_6 = { 558bd6911dca2f6168c544066ba89911 } | |
| $a_7 = { 558b7a633094f215ca3b49b55c1ef956 } | |
| $a_8 = { 558b77ffe5e84de7fbe632f3bf8bc483 } | |
| $a_9 = { 558b216015e38c2b669082ab09bd5599 } | |
| $a_10 = { 558bd618650510bb0b19e539d3a5270f } | |
| $a_11 = { 558b9c1b9bb539fe788dae2aef4cd61a } | |
| $a_12 = { 558b6a8248a8d351107a7877351e95fd } | |
| $a_13 = { 558b276d98b5cc9a1e3d86ccb198a328 } | |
| $a_14 = { 558b1a321673aa9c17552aadb5bbdca9 } | |
| $a_15 = { 558bfbd486e00a8809badb6b354b4d6c } | |
| $a_16 = { 558ba69c88ce8e163eec4ca21e6d46c0 } | |
| $a_17 = { 558b9dff137787be2059ac489e0bd945 } | |
| $a_18 = { 558b22ec174b969da05467b653ccbedf } | |
| $a_19 = { 558b21abb12847d9e319e7fc14d4e7b7 } | |
| $a_20 = { 558ba43451aaf8e595f59450fb43fbfe } | |
| $a_21 = { 558b309f28c8b96d22349fd900464066 } | |
| $a_22 = { 558b477f4ed0b2d3eb084665671763b9 } | |
| $a_23 = { 558b34279541d3d451efabc63df2e33e } | |
| $a_24 = { 558bf3e2f07181c0152ad570b1d11eef } | |
| $a_25 = { 558bc153f1ade624f5dd1fc4237eceb6 } | |
| $a_26 = { 558bd492c73c53f25221a3db0791b333 } | |
| $a_27 = { 558b88cc2ae3814bdbf35fae62075b48 } | |
| $a_28 = { 558ba1971373d41555347306bbda0d8b } | |
| $a_29 = { 558b079fa6f898aa64e1facd8a79d1a5 } | |
| $a_30 = { 558b51d8def83079d7b14d94569a28e1 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin64CoinMiner_d774e96568e9e617284fb5ecc101548e40e6fbdeb18b39d7eb30ad8e32cd3f7a { | |
| strings: | |
| $a_2 = { 558b86c56cb2709fe3d3186b9a97bef7 } | |
| $a_3 = { 558b133f48e6dc39660d66a5c60ff354 } | |
| $a_4 = { 558b05a083fd0cd371db29342a4770e4 } | |
| $a_5 = { 558bffc23f09b3b4d7a07750339a39da } | |
| $a_6 = { 558b4ab6866a9ff2e14a1c60ebb0a3a8 } | |
| $a_7 = { 558b569609468e9d5fbec147bacb8de3 } | |
| $a_8 = { 558bf7f11754dd0e383da35288662ffe } | |
| $a_9 = { 558b09342103463b69496fcb76a95a84 } | |
| $a_10 = { 558be13a460d6d205bba795660661af9 } | |
| $a_11 = { 558b0e2c1393a5cbedd598e23efc10d0 } | |
| $a_12 = { 558b29b3afb72d29bfe1f1008f8e8da6 } | |
| $a_13 = { 558bb16b1da86417a9ddbd09e81c3f7f } | |
| $a_14 = { 558b7c5bbce4191aad3cfecfacba78e5 } | |
| $a_15 = { 558bc4fa5d2d848c30325330e695661b } | |
| $a_16 = { 558bf142e0c6f268de81589fa7a89c60 } | |
| $a_17 = { 558bb0dbfb6e732630e3597bfc672831 } | |
| $a_18 = { 558b1c42581051fe105807bc9e959929 } | |
| $a_19 = { 558b2aa19cf9619a3f0a0a6deffec443 } | |
| $a_20 = { 558b465ffc6e95443e7c11da2ba7f204 } | |
| $a_21 = { 558b8fb0fba05ed30bab79d8aebbe341 } | |
| $a_22 = { 558be3aa6ea96c9b4a3caf9c1d882f7e } | |
| $a_23 = { 558b2a81c1d19df28938f49305b0a9d1 } | |
| $a_24 = { 558b1fd024b302a45426c4f215ace61a } | |
| $a_25 = { 558b0a496c4df271cd7abf0387c7de21 } | |
| $a_26 = { 558ba2823c3fdd3358ffeaf8eda5b2e1 } | |
| $a_27 = { 558b11a37bfa107ddfec1c75960d8ecb } | |
| $a_28 = { 558b28a7aee19bc400995328acb2b37d } | |
| $a_29 = { 558b7add92dc8d0c72ef353b00492260 } | |
| $a_30 = { 558b6f4f6838355b3c597bcfc386be25 } | |
| condition: | |
| 24 of them | |
| } | |
| rule HackToolWin64Mikatz_ea95010bcdf128c85b823411588b72b056b95633793dbdb7b9c1dbd959174fbe { | |
| strings: | |
| $a_2 = { 558b0000cc40534883ec20e8f5110000 } | |
| $a_3 = { 558b4c243041b9000100008b4424340f } | |
| $a_4 = { 558b4814c1e90df6c1017419488b0d8e } | |
| $a_5 = { 558b83bc000000448b472883c004488b } | |
| $a_6 = { 558b55778d48c6ffc24803d2ff1535c4 } | |
| $a_7 = { 558b05b4ab0c0083f8647c4a8b15adab } | |
| $a_8 = { 558bf1488d05faac090048c1e6044803 } | |
| condition: | |
| 6 of them | |
| } | |
| rule HackToolWin64Moniap_b95f611c73c0176e5e8121b0300f4076c147b72115c6706c425a122ff10c10a4 { | |
| strings: | |
| $a_2 = { 558b0000d79da2124da5b40a4b76d93b } | |
| $a_3 = { 558b61bc6665f03e34384da6698f062d } | |
| $a_4 = { 558b7a2de57f1cc4b3c8b77bc32471e8 } | |
| $a_5 = { 558ba72dcaa61058fe432d8296c951c0 } | |
| $a_6 = { 558bcb54cbe9b27c41529c57e1726684 } | |
| $a_7 = { 558b2884aa24d04e2afc373c743fac8e } | |
| $a_8 = { 558b2970361152016f5c804a6265c984 } | |
| $a_9 = { 558ba61860a50061885ff866dee9bb0f } | |
| $a_10 = { 558ba7fd37c11ede091231cdf325cbe2 } | |
| condition: | |
| 8 of them | |
| } | |
| rule HackToolWinNTTcpz_5a08bedee2e6aa75a820f55851d49d9cfa293ad73abac0a30f0305e441323840 { | |
| strings: | |
| $a_2 = { 558bec83ec10538b5d0c8b436033d256 } | |
| $a_3 = { 558bec83ec58568b750c576a15596a04 } | |
| $a_4 = { 558bec81ec18010000a1043001008945 } | |
| $a_5 = { 558bec83ec10a10430010053578b7d0c } | |
| $a_6 = { 558bec83ec0ca104300100538b5d1057 } | |
| $a_7 = { 558bec51894dfc6a00ff3500300100ff } | |
| $a_8 = { 558bec83ec14a10430010053568b750c } | |
| $a_9 = { 558bec83ec0c5333db5768fe17010089 } | |
| $a_10 = { 558bec83ec145333db5657895dfc891d } | |
| $a_11 = { 558bec51568b751081fec0c62d00b800 } | |
| $a_12 = { 558bec83ec0c834df8ff5333dbc745f4 } | |
| $a_13 = { 558bec515168001001008d45f850ff15 } | |
| $a_14 = { 558beca10430010085c0b940bb000074 } | |
| $a_15 = { 558bec5151a1043001008365f800538b } | |
| $a_16 = { 558bec83ec1053568b3518200100578d } | |
| condition: | |
| 13 of them | |
| } | |
| rule JokeWin32Badgame_62c99ea25fea9d3e5917114ada0406a333b1506697bd2bc28e9d676655232a59 { | |
| strings: | |
| $a_2 = { 5589e5578b7d0c81ff0001000074717f } | |
| $a_3 = { 5589e583ec48b91200000049c7048c5a } | |
| $a_4 = { 558b7e738cadadb3af99748a89746562 } | |
| $a_5 = { 5589e553578b7d0c83ff1074537c6c8b } | |
| $a_6 = { 5589e553578b7d0c83ff100f840f0200 } | |
| $a_7 = { 5589e56a01ff7508e809020000837d10 } | |
| $a_8 = { 5589e55157e87e00000089c7803f2275 } | |
| condition: | |
| 6 of them | |
| } | |
| rule JokeWin32Crazyscr_7312b60d891fa848967ad888ba335ea5907077c8066599868a1e58399d446ee0 { | |
| strings: | |
| $a_2 = { 558b8d770aed547a413468154600cc75 } | |
| $a_3 = { 558be4a5892f2c49257507df12b83934 } | |
| $a_4 = { 558b0a93d27c68eb0ef580b00882cb7d } | |
| $a_5 = { 558b0cb389c45717eab3c8837cb35d75 } | |
| condition: | |
| 4 of them | |
| } | |
| rule JokeWin32Fakedel_2b72b124d8925b7b84dba4b0f6804f65ff602c7b2eb0b8523fc695f8c26c9530 { | |
| strings: | |
| $a_2 = { 558bec83c4f85356578945fca1100043 } | |
| $a_3 = { 558bec53568b7508c606016683b88e00 } | |
| $a_4 = { 558bec51538bda8945fc8b45fc8b8040 } | |
| $a_5 = { 558bec53565733c05568cbdb400064ff } | |
| $a_6 = { 558bec51538bda8945fc8b45fce84af4 } | |
| $a_7 = { 558bec33c055685e8f400064ff306489 } | |
| $a_8 = { 558bec6a0033c05568c27f400064ff30 } | |
| $a_9 = { 558bec33c055686da8420064ff306489 } | |
| $a_10 = { 558bec6a005333c05568d775410064ff } | |
| $a_11 = { 558bec33c05568c979410064ff306489 } | |
| $a_12 = { 558bec6a00538bd833c055682dba4000 } | |
| $a_13 = { 558bec5153884dff6683786e0074188a } | |
| $a_14 = { 558bec83c4f0a17c164300e8c81dffff } | |
| $a_15 = { 558bec51568bf0807e46007458837a04 } | |
| $a_16 = { 558bec5153a1a00a4300807808000f84 } | |
| $a_17 = { 558bec83c4f8535633c08945fca12016 } | |
| $a_18 = { 558bec8b55088b52fc8b5228e8c3fdff } | |
| $a_19 = { 558bec535684d2740883c4f0e8035cff } | |
| $a_20 = { 558bec6a0053565733c9556857cd4000 } | |
| $a_21 = { 558bec33c05568a5bb420064ff306489 } | |
| $a_22 = { 558bec33c05568e18f400064ff306489 } | |
| $a_23 = { 558bec33c055687958400064ff306489 } | |
| $a_24 = { 558bec6a006a00535633c055683d6a42 } | |
| $a_25 = { 558bec6a0033c055684a24410064ff30 } | |
| $a_26 = { 558bec6a00538bd833c055685b004200 } | |
| $a_27 = { 558bec6a0033c0556836d4400064ff30 } | |
| $a_28 = { 558bec33c05568ddbb420064ff306489 } | |
| $a_29 = { 558bec51535657894dfc8bf28b550885 } | |
| $a_30 = { 558bec6a0033c055689224410064ff30 } | |
| condition: | |
| 24 of them | |
| } | |
| rule JokeWin32Howannoy_1ff1b2dbff9f6ff8ff60c96e4c0c586f791ebd3fc05ca5f1e318aa8569168d2c { | |
| strings: | |
| $a_2 = { 558bec53568b5d08a14475410085c074 } | |
| $a_3 = { 558bec83c4dcb8b4374100e89c050000 } | |
| $a_4 = { 558bec5153568bf28945fc837dfc0074 } | |
| $a_5 = { 558bec8b450850e8404400005dc20400 } | |
| $a_6 = { 558bec33c055680a8f400064ff306489 } | |
| $a_7 = { 558bec538b5d0868f431410053e8621b } | |
| $a_8 = { 558bec833d4475410000751768dc0000 } | |
| $a_9 = { 558bec8b4508a3a84241005dc3909090 } | |
| $a_10 = { 558bec83c4d0538855f084d27e05e84d } | |
| $a_11 = { 558bec83c4dcb808364100e8800a0000 } | |
| $a_12 = { 558bec83c4d853e8fd0200008bda8945 } | |
| $a_13 = { 558bec83c4dc5356b8ac384100e827fe } | |
| $a_14 = { 558bec8b450c8b550885d2750c85c074 } | |
| $a_15 = { 558bec8b450850e854feffff595dc390 } | |
| $a_16 = { 558bec83c4d0538855f084d27e05e8a5 } | |
| $a_17 = { 558bec83c4dcb814384100e834040000 } | |
| $a_18 = { 558bec83c4d8b8c0354100e8e00a0000 } | |
| $a_19 = { 558bec53568bf08b12e8fa52ffff8bc6 } | |
| $a_20 = { 558bec83c4f40fb705e43441008945f8 } | |
| $a_21 = { 558bec5356578bf18bfa8bd88bc6e88d } | |
| $a_22 = { 558bec83c4d0538855f084d27e05e849 } | |
| $a_23 = { 558bec83c4d853e89d0500008bda8945 } | |
| $a_24 = { 558bec83c4d0538855f084d27e05e8a1 } | |
| $a_25 = { 558bec83c4d0538855f084d27e05e845 } | |
| $a_26 = { 558bec535657803d44524100008b5d08 } | |
| $a_27 = { 558bec33c05568cd14400064ff306489 } | |
| $a_28 = { 558bec6a005633c055684736400064ff } | |
| $a_29 = { 558bec518b45083b05d8414100720b6a } | |
| $a_30 = { 558bec83c4d853e8510300008bda8945 } | |
| condition: | |
| 24 of them | |
| } | |
| rule JokeWin32Irritan_94ae291c1b50fb5db70de6a2ae3464523d0ded2a9c5371197727d4006144ac8a { | |
| strings: | |
| $a_2 = { 558bec538bda51536aff83380074048b } | |
| $a_3 = { 558bec5153568bf28945fc837dfc0074 } | |
| $a_4 = { 558bec53565733c05568fa11420064ff } | |
| $a_5 = { 558bec518b45083b050c344300720b6a } | |
| $a_6 = { 558bec83c4d853e89598fdff8bda8945 } | |
| $a_7 = { 558bec83c4f85356578b5d0c8b451089 } | |
| $a_8 = { 558b45fce8a0ca0100e83bffffff5988 } | |
| $a_9 = { 558bec83c4d8538bd8b8b40f4300e81d } | |
| $a_10 = { 558bec83c4d4b8d4464300538b5d08e8 } | |
| $a_11 = { 558bec83c4f8535657833d4c48430000 } | |
| $a_12 = { 558bec83c4cc538855f084d27e05e849 } | |
| $a_13 = { 558bec6a005356578bd833c055681870 } | |
| $a_14 = { 558bec6a080fb7450850e83100000083 } | |
| $a_15 = { 558bec83c4ac833d744343000053568b } | |
| $a_16 = { 558bec803d7e014300000f95c083e001 } | |
| $a_17 = { 558b83b400000050e8a32f020089460c } | |
| $a_18 = { 558bec83c4d853e8399afdff8bda8945 } | |
| $a_19 = { 558bec5153884dff6683786a0074188a } | |
| $a_20 = { 558bec8b450850e8d20100005dc39090 } | |
| $a_21 = { 558bec83c4d853568bf28bd8b83c0f43 } | |
| $a_22 = { 558bec83c4f0538b5d088d45f050e8e9 } | |
| $a_23 = { 558bec53565784d2740883c4f0e8eeaf } | |
| $a_24 = { 558bec83c4d08855f884d27e05e86606 } | |
| $a_25 = { 558bec83c4d85356578bf98bf28bd8b8 } | |
| $a_26 = { 558bec83c4cc538855f084d27e05e8b9 } | |
| $a_27 = { 558bec5dc2080090c3909090c3909090 } | |
| $a_28 = { 558beca1844743008b55088915844743 } | |
| $a_29 = { 558becb8b1f00000e8f3edffff5dc204 } | |
| $a_30 = { 558b6a0883c105e892fdffffffd15d5f } | |
| condition: | |
| 24 of them | |
| } | |
| rule JokeWin32Kokegift_a9721f126dbb2fb0eceed96009b33333ad5b06f64b9f3730c097a130b832aede { | |
| strings: | |
| $a_2 = { 558bec518b451053568b750c8b10578b } | |
| $a_3 = { 558bec81ecf40000008b4d085356578b } | |
| $a_4 = { 558b939fb1f9a39d6cec365a77bf4799 } | |
| $a_5 = { 558bec81ecd8ba00008d8d887fffff83 } | |
| $a_6 = { 558b6408320649414141a130701f9482 } | |
| condition: | |
| 5 of them | |
| } | |
| rule JokeWin32Melter_25b2527f77452f07e64a894f04150ea58fc8977460dd41700b787486e0e311a1 { | |
| strings: | |
| $a_2 = { 558bec6aff68f843400068441c400064 } | |
| $a_3 = { 558bec6aff681044400068441c400064 } | |
| $a_4 = { 558b2d50404000565733db33f633ff3b } | |
| $a_5 = { 558bec535657556a006a0068641b4000 } | |
| $a_6 = { 558bec6aff68b840400068441c400064 } | |
| condition: | |
| 5 of them | |
| } | |
| rule JokeWin32Paranoia_373e6e5a6c072dd8dffe808b08f65301ae7557fb7c9bdd24386b28c1a3db80b2 { | |
| strings: | |
| $a_2 = { 558bec83c4f853568bf28bd88b431085 } | |
| $a_3 = { 558bec81c4b8feffff5356578955fc8b } | |
| $a_4 = { 558bec515356578bf28945fc8bc6ba58 } | |
| $a_5 = { 558bec83c4d853a114c04200a358b542 } | |
| $a_6 = { 558bec515356578bd833c0a31cc44200 } | |
| $a_7 = { 558bec83c4f45356578bda8bf0b201b8 } | |
| $a_8 = { 558becb8b1f00000e807c6ffff5dc204 } | |
| $a_9 = { 558bec6a0053565733c05568c5e14000 } | |
| $a_10 = { 558bec51535684d2740883c4f0e87a39 } | |
| $a_11 = { 558bea8bf8a16cc542008b58084b83fb } | |
| $a_12 = { 558bec6a005356578bd833c055684bbf } | |
| $a_13 = { 558b065053576a006a00e83adaffff81 } | |
| $a_14 = { 558bec6a0053565733c0556867cd4000 } | |
| $a_15 = { 558bea8bf8be14000000bb40b242008b } | |
| $a_16 = { 558bec84d2740883c4f0e885a6ffff89 } | |
| $a_17 = { 558bec6a0053565733c05568e71f4200 } | |
| $a_18 = { 558bec538b5d083b1d30b54200744aa1 } | |
| $a_19 = { 558bec83c4f853bb28c6420068e80300 } | |
| $a_20 = { 558bda8be88bc5e86df3feff84c0743a } | |
| $a_21 = { 558b45fce8dca1ffffe83bffffff5988 } | |
| $a_22 = { 558bc7e8a7e3ffff50e86d9bfeff83c4 } | |
| $a_23 = { 558bd98bfa8be88bc5e8330000006854 } | |
| $a_24 = { 558bec51535684d2740883c4f0e89a0b } | |
| $a_25 = { 558b45f88b40048bd6e8ca4effffe84d } | |
| $a_26 = { 558bec535684d2740883c4f0e8fba2fd } | |
| $a_27 = { 558bec51535684d2740883c4f0e802d1 } | |
| $a_28 = { 558bec5356578bf98bf28bd88bc6e8ad } | |
| $a_29 = { 558bec6a005356578bd833c055686abd } | |
| $a_30 = { 558bf0bf6cc44200bd70c442008b1d64 } | |
| condition: | |
| 24 of them | |
| } | |
| rule JokeWin32Rain_de26a1e17be363ae17e51ac6a9d63da302b193cf496991731825c427efebf75c { | |
| strings: | |
| $a_2 = { 558bec833d2426420000740aa1242642 } | |
| $a_3 = { 558bec538bd88b45088b40fc8bd3e8d9 } | |
| $a_4 = { 558bea8bf8be14000000bb401242008b } | |
| $a_5 = { 558bec51538bda8945fc8bc3bac07840 } | |
| $a_6 = { 558bece8e8dcffff5dc20400558bece8 } | |
| $a_7 = { 558becb8b1f00000e80bd7ffff5dc204 } | |
| $a_8 = { 558bec51535684d2740883c4f0e80e07 } | |
| $a_9 = { 558bec51535684d2740883c4f0e87e1c } | |
| $a_10 = { 558bec51538bd86a008bcab85c7b4000 } | |
| $a_11 = { 558bec5356578bf98bf28bd88bc6e8ad } | |
| $a_12 = { 558bec84d2740883c4f0e875a9ffff89 } | |
| $a_13 = { 558bec83c4f853565733c0556821ab40 } | |
| $a_14 = { 558bec33d255682a1a400064ff326489 } | |
| $a_15 = { 558bec5153568bda8bf06a0a8bc6e801 } | |
| $a_16 = { 558bec515356578bf28945fc8bc6ba4c } | |
| $a_17 = { 558b065053576a006a00e85edaffff81 } | |
| $a_18 = { 558bec83c4f853bb2426420068e80300 } | |
| $a_19 = { 558bec51535684d2740883c4f0e83a3e } | |
| $a_20 = { 558bec83c4f4e8ed22feffe8d035feff } | |
| $a_21 = { 558bec51538bd868ffff00008bcab85c } | |
| $a_22 = { 558bec53565733c0556889aa400064ff } | |
| $a_23 = { 558bec83c4e88d45e850e8f5eaffff0f } | |
| $a_24 = { 558b4304e8e6feffff5946a168254200 } | |
| $a_25 = { 558be8a1881142008b70084e85f67c22 } | |
| $a_26 = { 558bec6a0053565733c0556849de4000 } | |
| $a_27 = { 558bec83c4d853a114204200a3001542 } | |
| $a_28 = { 558bea8bf8a1682542008b58084b83fb } | |
| $a_29 = { 558bec83c4f85356578bd8803d192442 } | |
| $a_30 = { 558bec51535684d2740883c4f0e8fada } | |
| condition: | |
| 24 of them | |
| } | |
| rule JokeWin32RussianJep_d2d089e68df2ba4a270ae7c55325c90a5168219a68e1981741ab35128cc0654c { | |
| strings: | |
| $a_2 = { 558bec83c4a053565733db895da0894d } | |
| $a_3 = { 558bc7e88bdcffff50e89de7feff83c4 } | |
| $a_4 = { 558bec33c055688695400064ff306489 } | |
| $a_5 = { 558bec8b45088b400850e859fcffff59 } | |
| $a_6 = { 558bec83c4f85356578945fca1100044 } | |
| $a_7 = { 558bec538bd833d28bc3e8950efeff33 } | |
| $a_8 = { 558bec51538bda8945fc8b45fc8b8040 } | |
| $a_9 = { 558bec5153568b750c8b5d088bc3e871 } | |
| $a_10 = { 558bec33c05568edc8430064ff306489 } | |
| $a_11 = { 558bec51538bda8945fc8b45fce84af4 } | |
| $a_12 = { 558bec33c055680996400064ff306489 } | |
| $a_13 = { 558bda8be8c64524018b45048b40043b } | |
| $a_14 = { 558bec5356578bf18bfa8bd88bc6e885 } | |
| $a_15 = { 558bec6a0033c05568380d410064ff30 } | |
| $a_16 = { 558bec84d2740883c4f0e87579ffff89 } | |
| $a_17 = { 558bec83c4ec538945fc8b45fce842f9 } | |
| $a_18 = { 558bec33c05568ddac410064ff306489 } | |
| $a_19 = { 558bec518945fc33d25568ac47400064 } | |
| $a_20 = { 558bec6a005333c055685511410064ff } | |
| $a_21 = { 558bec5153884dff6683786e0074188a } | |
| $a_22 = { 558bec53565784d2740883c4f0e84a4c } | |
| $a_23 = { 558bec51568bf0807e46007458837a04 } | |
| $a_24 = { 558bec6a0033c055683df6400064ff30 } | |
| $a_25 = { 558bec6a0033c05568bee8400064ff30 } | |
| $a_26 = { 558b465ce83affffff598bf88d4de833 } | |
| $a_27 = { 558bec51535684d2740883c4f0e8b2c6 } | |
| $a_28 = { 558bec83c4f8535633c08945fca12016 } | |
| $a_29 = { 558bec8b55088b52fc8b5228e8c3fdff } | |
| $a_30 = { 558bec538bd88b4508508bc3e85f34fe } | |
| condition: | |
| 24 of them | |
| } | |
| rule JokeWin32ScreenRoses_ecb7c800b85f488fcfec42c85f9d91b4942016214691c8d507c094d3dc778f7b { | |
| strings: | |
| $a_2 = { 558bec8b450850e898ffffff595dc300 } | |
| $a_3 = { 558bec8b550864a1040000008b48f885 } | |
| $a_4 = { 558bec53833d70914000007525a17897 } | |
| $a_5 = { 558bec8b450850e8430800005dc39090 } | |
| $a_6 = { 558bec53568b450881e850834000b918 } | |
| $a_7 = { 558bec538b5d083b1d00884000720533 } | |
| $a_8 = { 558bec83c4ac833d749140000053568b } | |
| $a_9 = { 558bec83c4d8a13c9540008945e8c745 } | |
| $a_10 = { 558bec83c4f88b45088945fc8d45fc8b } | |
| $a_11 = { 558becff750cff7508e8c3feffff83c4 } | |
| $a_12 = { 558b97578597598a9153829158889156 } | |
| $a_13 = { 558bec83c4e0b898824000535657e882 } | |
| $a_14 = { 558bec83c4f8a10088400085c0568b75 } | |
| $a_15 = { 558bec68004000008b450c508b550852 } | |
| $a_16 = { 558bec83c4f85356578b450c8b551089 } | |
| $a_17 = { 558bec83c4c4b8f0804000535657e865 } | |
| $a_18 = { 558bec538b5d0853e89e4100005985c0 } | |
| $a_19 = { 558bec8b4508506a006a00e87cffffff } | |
| $a_20 = { 558bec535657803d4c924000008b5d08 } | |
| $a_21 = { 558bec8b4508648b15040000008b4af8 } | |
| $a_22 = { 558bec8b45083b0500884000730933d2 } | |
| $a_23 = { 558bec535657bb02000000837d18008b } | |
| $a_24 = { 558bec8b450881e850834000b9180000 } | |
| $a_25 = { 558bec51538b5d0833c08d55fcc703c4 } | |
| $a_26 = { 558bec83c4e0b8848140005356578b5d } | |
| $a_27 = { 558bec68008000006a008b450850e87c } | |
| $a_28 = { 558bec83c4f8535657bf1c9140008b75 } | |
| $a_29 = { 558bec5356578b750856e8f06400008b } | |
| $a_30 = { 558bec8b4508506a006a01e864ffffff } | |
| condition: | |
| 24 of them | |
| } | |
| rule JokeWin32Small_84d337748e5810adb48aa58d59b69bc65df603fb0d31b68c7177c16d09768d25 { | |
| strings: | |
| $a_2 = { 558bec83ec0868f610400064a1000000 } | |
| $a_3 = { 558bec83ec0c68f610400064a1000000 } | |
| condition: | |
| 2 of them | |
| } | |
| rule JokeWin32VB_31143cfc1254927025df4b90e58333c34110995905a6033b3a31aa57b93d206c { | |
| strings: | |
| $a_2 = { 558bec83ec0c68f610400064a1000000 } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSAutoItPassup_77b544be97c47e2b10ce80734bdc8d2ff9c8f844332d57504cb06e95c8337f1d { | |
| strings: | |
| $a_2 = { 558b66f9cac03f93ac879dc7d51fc292 } | |
| $a_3 = { 558b2d341b1e0ebab00821aadc3b34db } | |
| $a_4 = { 558b1b42653c121d3932e1d1fb3b6c0e } | |
| $a_5 = { 558b34dd673fb7f1debd614a496feef5 } | |
| $a_6 = { 558b1e4b4857f4af668c255b0c936a29 } | |
| $a_7 = { 558b4a9c17ef24aff7db4fc0af35892c } | |
| $a_8 = { 558b95720ed1d73deae33a11e6a1056e } | |
| $a_9 = { 558b4f95d9c339668b05d7670011dabc } | |
| $a_10 = { 558b6ffbafd6dbfcae51965102b985cf } | |
| $a_11 = { 558b8f9461558ae4ee3906b6a72a7f57 } | |
| $a_12 = { 558bfe2dd7abf7e64914498c4e98d768 } | |
| $a_13 = { 558bd2a890e0a824f217390a6b166691 } | |
| $a_14 = { 558bec83ec0c68a612400064a1000000 } | |
| $a_15 = { 558b163c03d0515f13569548d58caeba } | |
| $a_16 = { 558b9e8dbb7fc13b2d30a1639dff0078 } | |
| $a_17 = { 558bbb4da6f5ea73d4ad1a169c65ccd5 } | |
| $a_18 = { 558b542367a2f4ef7f2386bb954a6a12 } | |
| $a_19 = { 558bc4d3d0e294a16935a2d3e5a6e76d } | |
| $a_20 = { 558b56d0755b8b7b3826433d81989063 } | |
| $a_21 = { 558b7cb86feb5bf6213ca55523fda5eb } | |
| $a_22 = { 558b739a9846aba0d5397bcb45dedd0d } | |
| $a_23 = { 558bc446c95e56b2f43af2ec5ac672c5 } | |
| $a_24 = { 558b374c8afa97c19a693731b3101863 } | |
| $a_25 = { 558b9bc4d74d46db5d3db4d7539f18a9 } | |
| $a_26 = { 558b3245b955f3bba922bcea8dbd29f6 } | |
| $a_27 = { 558bac974bc7e7dfee3caa984929aabb } | |
| $a_28 = { 558b14f09a0140c88775d8c64eda4fab } | |
| $a_29 = { 558bec83ec1868a612400064a1000000 } | |
| $a_30 = { 558b214166d74eeea26414ba895cfc9b } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSMSILCosratu_8679a8ed4a59aa606760bc3113369cd56cabed3f507d9b12c39316b399e9f46f { | |
| strings: | |
| $a_2 = { 558be7ee92702dab6a41e60a0456e872 } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSMSILCyborg_4398c80c430c096ea3f0b481a289a0aa52df31be950d35e849b3f499f1007ea8 { | |
| strings: | |
| $a_2 = { 558bec81ec300400005356578b7d0833 } | |
| $a_3 = { 558bec51837d080553568bf18975fc75 } | |
| $a_4 = { 558b6c244c565755e8b7db0000d9ee33 } | |
| $a_5 = { 558bec5733ff39b8c40100007439397d } | |
| $a_6 = { 558b6c240c578b7c240c85ff747483fd } | |
| $a_7 = { 558bec81ec0001000068fe0000008d85 } | |
| $a_8 = { 558bec83ec1053568bb79003000033db } | |
| $a_9 = { 558bec568bf10fbf4d10578b7d0c0fbf } | |
| $a_10 = { 558bec83ec3c53568bf0e8bfd7ffff8b } | |
| $a_11 = { 558bec817d08000800008b4d0c75238b } | |
| $a_12 = { 558bec83ec30837d1008894df80f85e8 } | |
| $a_13 = { 558bec51510fb6500233c98a2853568a } | |
| $a_14 = { 558bec81ec000200005657befe000000 } | |
| $a_15 = { 558bec51518945fc8d45fc50568d45f8 } | |
| $a_16 = { 558bec81ec78030000538b5d085683c3 } | |
| $a_17 = { 558bec83e4f8518b4508535605f0feff } | |
| $a_18 = { 558bec81ec080d0000535657be301c41 } | |
| $a_19 = { 558b6c240c568b303bd67c518b4d0089 } | |
| $a_20 = { 558bec83ec346a2c8d45d06a0050e83f } | |
| $a_21 = { 558bec83ec2c8365e0008365e4008d45 } | |
| $a_22 = { 558bec81ec7c0500005356578d8588fa } | |
| $a_23 = { 558bec5356578b3df810410033db5353 } | |
| $a_24 = { 558bec8b869003000081ec0002000053 } | |
| $a_25 = { 558b2db40041005657751f6a008d4424 } | |
| $a_26 = { 558bec837d0800535774498b3d081241 } | |
| $a_27 = { 558bdee8fceeffff8b9c24241000008b } | |
| $a_28 = { 558bec83ec3c5633f63bc6894dc4c745 } | |
| $a_29 = { 558bec81ec00040000568bf0e83f4cff } | |
| $a_30 = { 558bceffd085c074128b44241483c001 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSMSILMauthy_26e01289aedcfcfc79783595685b35b34347ee936bd62c6985a84ad75c6a3b0d { | |
| strings: | |
| $a_2 = { 558b38cb0ed3085ec15cd1e312935ba0 } | |
| $a_3 = { 558bf496ca58e0d08fb52599b0f0109c } | |
| $a_4 = { 558b21bfdbf4092d99e50c0b3a576eaf } | |
| $a_5 = { 558b00706f6700000a02230000000000 } | |
| $a_6 = { 558b8b3f7e48e11f15b72b699309ef5d } | |
| $a_7 = { 558b87076a48e11f15b72b5c6df0cf55 } | |
| condition: | |
| 6 of them | |
| } | |
| rule PWSMSILOrcus_e92ea6dfe574139c84d94b049c2b308c0250dd401a4fbc6612d17879faefe48a { | |
| strings: | |
| $a_2 = { 558b07b7ca7baff732afe97702e6d8a5 } | |
| $a_3 = { 558b7aa6d78e6ccda974dcc473fecaa5 } | |
| $a_4 = { 558bfc640721edaa367057a9db12f90a } | |
| $a_5 = { 558beca2c5a4d38db541b17eb19dc32f } | |
| $a_6 = { 558bfad51fccf69343dbcf7aecfcded8 } | |
| $a_7 = { 558b470d0af1ee7a33982ae669527797 } | |
| $a_8 = { 558b96f16d1293d48ad66dc21a56c67d } | |
| condition: | |
| 6 of them | |
| } | |
| rule PWSPDFPdfphish_f27d877bcc42a9ac9615b10c5cbda50472090448728dcc65bc9faf27a98d8646 { | |
| strings: | |
| $a_2 = { 558b299fe5abfc1d3b1b155e6f547850 } | |
| $a_3 = { 558bf74f06597c954ba2ee89098e3fc2 } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSPDFPhish_cefb1a6879b1a9f2af02012e8618d540de5d8beced881c9b4bf2517f68b21213 { | |
| strings: | |
| $a_2 = { 558b6e51887ff00844d71df86975bbbc } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSVBSFodvorus_cab6b759886041e92c432acdff2f10340929cb963089dcaa165a8c67939544d5 { | |
| strings: | |
| $a_2 = { 558b0a9fe37d087c90fc1528db1d23a6 } | |
| $a_3 = { 558ba9e54bd43576997741175b02877f } | |
| $a_4 = { 558b16edfead0bd8115f6fa43157de0a } | |
| $a_5 = { 558bbb0d77e0a30fa6de935f9f15affc } | |
| $a_6 = { 558bd62171a22aa3abb1f77c76cf7de9 } | |
| $a_7 = { 558be8fda3e65459986d83412b458af8 } | |
| $a_8 = { 558b3b91f411d3d34558ea6c18d1bab3 } | |
| $a_9 = { 558b8827be41fa8e890e8a03b17821c4 } | |
| condition: | |
| 7 of them | |
| } | |
| rule PWSWin32Agent_44933611bcc6803cfbefc2773642ff274dec9f7378d6e256db9fe942cfe97159 { | |
| strings: | |
| $a_2 = { 558bec81c400ffffff538b45088b40fc } | |
| $a_3 = { 558b45f48b406c8b55f0e89de4ffff8b } | |
| $a_4 = { 558bec538bd833d28b83d8030000e829 } | |
| $a_5 = { 558bec6a00538bd833c05568d8e24200 } | |
| $a_6 = { 558bec33c05568cdfa480064ff306489 } | |
| $a_7 = { 558bec53568bd885db75068b1db44d4a } | |
| $a_8 = { 558bec53568bf18bd88b4508e88fc4f7 } | |
| $a_9 = { 558bec53568bd98bf08b4508e84f14f8 } | |
| $a_10 = { 558bec33c055687199480064ff306489 } | |
| $a_11 = { 558bec53565784d2740883c4f0e82a9c } | |
| $a_12 = { 558bec83c4f4538945fc8d55f68b4508 } | |
| $a_13 = { 558bec33c0556815374a0064ff306489 } | |
| $a_14 = { 558bec51535684d2740883c4f0e8823c } | |
| $a_15 = { 558bec5356578bf88bc7e8c965f7ff8b } | |
| $a_16 = { 558beca14cba4a00e8abffffff33c055 } | |
| $a_17 = { 558bec33c05568a8ad480064ff306489 } | |
| $a_18 = { 558bec53565784d2740883c4f0e8c6b8 } | |
| $a_19 = { 558bec33c0556878c9410064ff306489 } | |
| $a_20 = { 558bec51535684d2740883c4f0e8f26d } | |
| $a_21 = { 558bec515356578945fc8b45fce8926b } | |
| $a_22 = { 558bec538bd833d28b8308040000e831 } | |
| $a_23 = { 558bec33c05568b04f450064ff306489 } | |
| $a_24 = { 558bec538bd833d28b83d8030000e85d } | |
| $a_25 = { 558bec538bd8b2018b83c0030000e8ed } | |
| $a_26 = { 558bec6a006a00568bf033c05568df85 } | |
| $a_27 = { 558bec33c055686708430064ff306489 } | |
| $a_28 = { 558bec5356578bf18bd80fb7c28bd0b1 } | |
| $a_29 = { 558bec6a00538bd833c0556858a44100 } | |
| $a_30 = { 558bec536683b8da00000000741c8b55 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Axespec_0f29d5ce3b0db41bbd038caf99a5cf3ca466ae45b0e3ea429b1ff81932e50768 { | |
| strings: | |
| $a_2 = { 558b262543f90e1f987c9c3a0807152a } | |
| $a_3 = { 558bec81ecbc020000560bb5f7fdffff } | |
| $a_4 = { 558bec83e4f881ec24010000568bf085 } | |
| $a_5 = { 558be924213b770a3f9859c9422a82f2 } | |
| $a_6 = { 558bec81ecfc0400005356578b8547fc } | |
| $a_7 = { 558bec81eca8060000535657018597fc } | |
| $a_8 = { 558bec83ec0856576858d24000ff1510 } | |
| $a_9 = { 558bec81ec90030000535657518bc629 } | |
| $a_10 = { 558b9f841c62c0d931969250c7043810 } | |
| $a_11 = { 558b2d583040005252528d44241450ff } | |
| $a_12 = { 558bac24a80100008b550856578b7d0c } | |
| $a_13 = { 558bec81ecf40100005333c056578945 } | |
| $a_14 = { 558b5c990ccd9435437ae58166419d2c } | |
| condition: | |
| 11 of them | |
| } | |
| rule PWSWin32Banjori_a4dd0871c0537fec2489e5d26979a224fb6b0a1d2b5d3eb05141602b23dab0f6 { | |
| strings: | |
| $a_2 = { 558bec83c4e433db689711400064a100 } | |
| $a_3 = { 558bec83c4f45756baa9c8d780b8a750 } | |
| $a_4 = { 558bec53568b55088b723c8b74167803 } | |
| $a_5 = { 558bec57568b7d0883c7368b570885d2 } | |
| condition: | |
| 4 of them | |
| } | |
| rule PWSWin32Banker_83b029829f8f9249b6057409b63bbba6da06b19276ee55fdf2707f4f8adeccf6 { | |
| strings: | |
| $a_2 = { 558bd966e8c74304c16a04a1bdd67d9f } | |
| $a_3 = { 558b2dbfffffffff576dc850ebf6fc23 } | |
| $a_4 = { 558b8fffff0b20e2ae7b9088899fccf3 } | |
| $a_5 = { 558b178c166c18e4f88a20562a7c508b } | |
| $a_6 = { 558b424483c0242076202e9fe8c5f7ef } | |
| $a_7 = { 558b8e93f0b0664ad98ab8a90e40eab7 } | |
| $a_8 = { 558b8a9889a74fbc313b5cbb05904c87 } | |
| $a_9 = { 558b7efbffc6c904846df81c12709341 } | |
| condition: | |
| 7 of them | |
| } | |
| rule PWSWin32Barok20_ea7371b72197fb03843ea7ea33e57f7437ca75722f65572256019c8283cc8f9e { | |
| strings: | |
| $a_2 = { 558bec51894dfc8b4dfce85b06faff8b } | |
| $a_3 = { 558bec83ec0c894df48b4df4e891a605 } | |
| $a_4 = { 558bec51894dfc8b45fc83c05050e803 } | |
| $a_5 = { 558bec51894dfc8b4dfce812d803008b } | |
| $a_6 = { 558bec83ec0c894df48b4df4e80d7ffe } | |
| $a_7 = { 558bec51894dfcb8484e4d008be55dc3 } | |
| $a_8 = { 558bec8b450850e8ff66fbff5dc20400 } | |
| $a_9 = { 558bec83ec2c894dd46819040000686c } | |
| $a_10 = { 558bec51e867160000ff1514354f00a3 } | |
| $a_11 = { 558bec6aff6865db4c0064a100000000 } | |
| $a_12 = { 558bec51894dfc6a008b4dfce8b764f8 } | |
| $a_13 = { 558bec6aff68d7b94c0064a100000000 } | |
| $a_14 = { 558bec83ec10894df06a5268f0734e00 } | |
| $a_15 = { 558bec51894dfcb8f8274d008be55dc3 } | |
| $a_16 = { 558bec51535657894dfc8b4dfce834b1 } | |
| $a_17 = { 558bec6aff6835c14c0064a100000000 } | |
| $a_18 = { 558bec51535657894dfc8b4dfce8108f } | |
| $a_19 = { 558bec6a036a008b450850e87c5f0100 } | |
| $a_20 = { 558bec51894dfc8b4dfce866a6fcff8b } | |
| $a_21 = { 558bec83ec08894df88b45f85068b837 } | |
| $a_22 = { 558bec6aff6858724d0068dc9e400064 } | |
| $a_23 = { 558bec833da8084f000075146afde80d } | |
| $a_24 = { 558bec6aff687fd44c0064a100000000 } | |
| $a_25 = { 558bec6aff6889cc4c0064a100000000 } | |
| $a_26 = { 558bec6aff6895c14c0064a100000000 } | |
| $a_27 = { 558bec51e894cf02008945fc8b45fc83 } | |
| $a_28 = { 558bec6aff6820d94c0064a100000000 } | |
| $a_29 = { 558bec51894dfc8b4dfc83c114e8a17b } | |
| $a_30 = { 558bec51894dfc68de010000688c6e4e } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Barok_5b07c4632d91a58d74ceaafc8c5b22f2bcd9e90eb913a7daf6d31a709135bbcf { | |
| strings: | |
| $a_2 = { 558bec51894dfc8b4dfce85b06faff8b } | |
| $a_3 = { 558bec83ec08535657894df868d04d4c } | |
| $a_4 = { 558bec51833da4d54e00007407b80100 } | |
| $a_5 = { 558bec83ec0c894df48b4df4e891a605 } | |
| $a_6 = { 558bec51894dfc8b45fc83c05050e803 } | |
| $a_7 = { 558bec6aff686ac74c0064a100000000 } | |
| $a_8 = { 558bec6aff68e7cc4c0064a100000000 } | |
| $a_9 = { 558bec51894dfc8b4dfce812d803008b } | |
| $a_10 = { 558bec83ec0c894df48b4df4e80d7ffe } | |
| $a_11 = { 558bec8b450850e8ff66fbff5dc20400 } | |
| $a_12 = { 558bec83ec08535657894df86840f54b } | |
| $a_13 = { 558bec83ec2c894dd46a5e6818874e00 } | |
| $a_14 = { 558bec6aff683bb54c0064a100000000 } | |
| $a_15 = { 558bec51894dfcb868044d008be55dc3 } | |
| $a_16 = { 558bec51894dfc6a008b4dfce8b764f8 } | |
| $a_17 = { 558bec6aff6810af4c0064a100000000 } | |
| $a_18 = { 558bec68000003006800000100e84e3a } | |
| $a_19 = { 558bec51535657894dfc8b4dfce834b1 } | |
| $a_20 = { 558bec51b984d84e00e8f1dd06008945 } | |
| $a_21 = { 558bec83ec08535657894df868e0e04b } | |
| $a_22 = { 558bec833d58884e00007406ff155888 } | |
| $a_23 = { 558bec51535657894dfc8b4dfce8108f } | |
| $a_24 = { 558bec51894dfcb818474d008be55dc3 } | |
| $a_25 = { 558bec6aff68edc64c0064a100000000 } | |
| $a_26 = { 558bec6aff6802ba4c0064a100000000 } | |
| $a_27 = { 558bec51894dfc8b4dfce866a6fcff8b } | |
| $a_28 = { 558bec6aff6807c64c0064a100000000 } | |
| $a_29 = { 558bec6aff6858ac4c0064a100000000 } | |
| $a_30 = { 558bec6aff68b9b44c0064a100000000 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Bissldr_d3f09e305bf081dad2ebd19211e012c92b92dbcacef13ea5f77c03afefcc4ee2 { | |
| strings: | |
| $a_2 = { 558bfe57fc25f696608e1342904fac81 } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32Bividon_11d96bcc2ba4c26b7f21aea1aaccb9df506acb4b53397b1100779402ff1f6f40 { | |
| strings: | |
| $a_2 = { 558bec515356578b7d0883c7ec57a194 } | |
| $a_3 = { 558bec33c05568715e400064ff306489 } | |
| $a_4 = { 558bec33c0556812b5400064ff306489 } | |
| $a_5 = { 558bec33c05568bd46400064ff306489 } | |
| $a_6 = { 558bec515356578bd833c0a3b0c54000 } | |
| $a_7 = { 558bec33c05568c051400064ff306489 } | |
| $a_8 = { 558bec83c4f8538945fc8b45fce82eb3 } | |
| $a_9 = { 558bec33c05568b163400064ff306489 } | |
| $a_10 = { 558bec33c05568e6ec400064ff306489 } | |
| $a_11 = { 558bce2bcb418bd38bc7e8c449ffff5d } | |
| $a_12 = { 558bec33c055681e5f400064ff306489 } | |
| $a_13 = { 558bec33c05568180d410064ff306489 } | |
| $a_14 = { 558bec83c4ec5356575568eaa4400064 } | |
| $a_15 = { 558bec515356578bf28bd8803dbc3541 } | |
| $a_16 = { 558bec83c4f053568955fc8bf033c089 } | |
| $a_17 = { 558bec33c055681357400064ff306489 } | |
| $a_18 = { 558b451c0fb717c1e20203c203c38b00 } | |
| $a_19 = { 558bec81c4bcfeffff5356578945fc8b } | |
| $a_20 = { 558bf0bf10364100bd143641008b1d08 } | |
| $a_21 = { 558bec81c4a4feffff33c08985a4feff } | |
| $a_22 = { 558bec83c4f05356578bda33c08945fc } | |
| $a_23 = { 558bec518945fc33d255682c40400064 } | |
| $a_24 = { 558bec33c05568c169400064ff306489 } | |
| $a_25 = { 558bec83c4d45756538945fca0db3641 } | |
| $a_26 = { 558bec33c055683a41400064ff306489 } | |
| $a_27 = { 558bec515356578bd98bf28945fc8b7d } | |
| $a_28 = { 558bea8bf88bc7e89d47ffff8bf0bb01 } | |
| $a_29 = { 558bec81c468feffff535657894df889 } | |
| $a_30 = { 558bec33d25568ae18400064ff326489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Bropaler_ef9ac3933f1cd88fdd17f4f61b5ea5103491b273798ca57ac39cf6993d785ea0 { | |
| strings: | |
| $a_2 = { 558b8f414c00ae7b9088899fccf3b739 } | |
| $a_3 = { 558bec83c49053565733db895da0895d } | |
| $a_4 = { 558bec33c05568cd91410064ff306489 } | |
| $a_5 = { 558bec8b450885c07405e8adbefeff5d } | |
| $a_6 = { 558bec515356578bf28bd8833d1c7844 } | |
| $a_7 = { 558bec51e80ba2ffff668945fe8a45fe } | |
| $a_8 = { 558bec33c05568254c410064ff306489 } | |
| $a_9 = { 558bec33c055686d36410064ff306489 } | |
| $a_10 = { 558bec6a00538bd833c0556814304100 } | |
| $a_11 = { 558bec83c4e033c08945e08945e48945 } | |
| $a_12 = { 558becb9830000006a006a004975f953 } | |
| $a_13 = { 558bec538bd88bc3e89366ffff506a00 } | |
| $a_14 = { 558bec33c055684968400064ff306489 } | |
| $a_15 = { 558bec538bd88b4508508bc3e8fbb5ff } | |
| $a_16 = { 558bec33c055685c4b410064ff306489 } | |
| $a_17 = { 558bec33c05568d835410064ff306489 } | |
| $a_18 = { 558bec33c05568a7a6410064ff306489 } | |
| $a_19 = { 558bec51538b5d088d53188bc3e8e6ff } | |
| $a_20 = { 558bec51538bda8945fc8b45fce88ec0 } | |
| $a_21 = { 558bec33c05568c44b410064ff306489 } | |
| $a_22 = { 558bec33c05568416a410064ff306489 } | |
| $a_23 = { 558bec33c05568d187410064ff306489 } | |
| $a_24 = { 558bec83c4f40fb70524b041008945f8 } | |
| $a_25 = { 558bec33c055686187410064ff306489 } | |
| $a_26 = { 558bec81c464feffff535657c7053c77 } | |
| $a_27 = { 558bec6a005333c0556836ce400064ff } | |
| $a_28 = { 558bec33c055686165400064ff306489 } | |
| $a_29 = { 558bec83c4f8535657be307644008b46 } | |
| $a_30 = { 558becff7508e8b1feffff5dc2040090 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Bzub_428fc5e2849e5bb4b058d9d740b9772504a36840c3f049453b92d956b80d70fa { | |
| strings: | |
| $a_2 = { 558bae383c82cc220476b6b8c2b86546 } | |
| $a_3 = { 558bec83ec3453568bf157807e040075 } | |
| $a_4 = { 558bec81ec600300005356576a1f33f6 } | |
| $a_5 = { 558bec5356be949c42005756ff15dc90 } | |
| $a_6 = { 558bec51518b45088365fc008b000fb7 } | |
| $a_7 = { 558b854f002a9cc44610b670db4f23b4 } | |
| $a_8 = { 558b6c240c33db563beb57743e68302b } | |
| $a_9 = { 558bec83ec2c568bf1ff7508e8952400 } | |
| $a_10 = { 558bec83ec30668b852e220000536639 } | |
| $a_11 = { 558bec6aff6838024200686428410064 } | |
| $a_12 = { 558bec81ec180600005356ba81000000 } | |
| $a_13 = { 558bec83ec7853568b7510576a0833c0 } | |
| $a_14 = { 558b242fa0e3feb931f870803ad3f327 } | |
| $a_15 = { 558bec6aff6800084200686428410064 } | |
| $a_16 = { 558bec6aff68e0014200686428410064 } | |
| $a_17 = { 558b0683782c02750c56e83813000059 } | |
| $a_18 = { 558bec6aff6828024200686428410064 } | |
| $a_19 = { 558bec83ec485356576880040000e8b6 } | |
| $a_20 = { 558bec83ec5056578b7d0885ff0f84c6 } | |
| $a_21 = { 558bec53565768302b4200ff7508e832 } | |
| $a_22 = { 558bec8b450885c075025dc3833ddc84 } | |
| $a_23 = { 558bec518b450833d253568b48048b00 } | |
| $a_24 = { 558bec81ec1802000053565733f6b981 } | |
| $a_25 = { 558bec83ec28578bf9897de4807f0400 } | |
| $a_26 = { 558bec6aff68f0074200686428410064 } | |
| $a_27 = { 558b718bfe39bff6f0f6a7c912a860e6 } | |
| $a_28 = { 558bec51515657e87d06000083786800 } | |
| $a_29 = { 558bec51535633f63935dc8442007548 } | |
| $a_30 = { 558bec8b450856833c8500304200008d } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Ceekat_bafba58220cd40c046f7f9f3b7055734d654828127812130b6dbd320daeafba0 { | |
| strings: | |
| $a_2 = { 558b0713570c367866b7d8eaffffffd1 } | |
| $a_3 = { 558b822c1adfedefae5ca38dd48d43ac } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32Cimuz_f529c0f8ea870e763d8d95b8c3167c72a292ebd03bb738488810dbf4c0dd948a { | |
| strings: | |
| $a_2 = { 558bd6e0494af6b5936958b8b5df05d3 } | |
| $a_3 = { 558becfb1c536b66ef245bece4ff35a9 } | |
| $a_4 = { 558bec6aff68801c400068a448400064 } | |
| $a_5 = { 558bec8b450c568b75088bd04885d274 } | |
| condition: | |
| 4 of them | |
| } | |
| rule PWSWin32Comotor_3c353ea4556877d336dd61ec9b444816d5c0ec25ac19fe6080a9ccba42e9e0c3 { | |
| strings: | |
| $a_2 = { 558becb854140000e88c090000535657 } | |
| $a_3 = { 558bec515356be14110010578b3d9420 } | |
| $a_4 = { 558bec81ec300100008365f80056be14 } | |
| $a_5 = { 558bec5356be14110010578b3d942001 } | |
| $a_6 = { 558bec515356be04100010578b3d5040 } | |
| $a_7 = { 558becb8041000105050ff1550400010 } | |
| $a_8 = { 558bec515356be04104000578b3d4420 } | |
| $a_9 = { 558bec538b5d0c85db7e418b45085657 } | |
| $a_10 = { 558bec81ec300a0000538b1d44204000 } | |
| $a_11 = { 558bec83ec14538b1d5040001056be04 } | |
| $a_12 = { 558bec81ec0401000053565768f40100 } | |
| $a_13 = { 558bec81ec0c0200008a151411001053 } | |
| $a_14 = { 558bec68040100006a00ff750ce80f05 } | |
| $a_15 = { 558bec81ec300b00005356be04100010 } | |
| $a_16 = { 558bec5657be0401000033ff5657ff75 } | |
| $a_17 = { 558bec81ec440e000053568d85fcfeff } | |
| $a_18 = { 558bec83ec1c5356be04100010578b3d } | |
| $a_19 = { 558bec5156be04100010578b3d504000 } | |
| $a_20 = { 558bec83ec1856be14110010578b3d94 } | |
| $a_21 = { 558bec81ec240200008d85dcfdffff50 } | |
| $a_22 = { 558bec81ec0c0200005356bb04104000 } | |
| $a_23 = { 558bec83ec545356576a1033db5933c0 } | |
| $a_24 = { 558bec515356be041000105656ff1550 } | |
| $a_25 = { 558bec81ec0401000056be0410400057 } | |
| $a_26 = { 558bec81ec2c0200005356be14110010 } | |
| $a_27 = { 558bec81ec300100008365f80056be04 } | |
| $a_28 = { 558bec518365fc00538b5d1056be1411 } | |
| $a_29 = { 558bec518365fc00538b5d1056be0410 } | |
| $a_30 = { 558bec81ec44020000a0141100105657 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Cuepilini_6cfbf79e9f9a9fbdc4be0cd484d957110ec8c023063aec841bf5927079a0a17f { | |
| strings: | |
| $a_2 = { 558b6c240c8b08568b7500578b3db080 } | |
| $a_3 = { 558bec83ec0ca170c100105356578b30 } | |
| $a_4 = { 558bec83ec10a12050400053568365fc } | |
| $a_5 = { 558bec56579090909090908b7508b90a } | |
| $a_6 = { 558bec81ec0802000053565790909090 } | |
| $a_7 = { 558bec83ec1c53568b75088d45e45750 } | |
| $a_8 = { 558bec81ec28030000538b1dac800010 } | |
| $a_9 = { 558bec83ec0c5356579090909090908b } | |
| $a_10 = { 558bec81ecf4010000ff750c8d850cfe } | |
| $a_11 = { 558b6c2410565785c9750c8bfd83c9ff } | |
| $a_12 = { 558bec51515356579090908bc090908b } | |
| $a_13 = { 558bec83ec0853565790909090680006 } | |
| $a_14 = { 558becff2570280010cccccccccc8bff } | |
| $a_15 = { 558bec569090909090908b75086a1456 } | |
| $a_16 = { 558becff2578280010cccccccccc8bff } | |
| $a_17 = { 558bec5356579090909090908b0d641c } | |
| $a_18 = { 558bec53909090909090688c9200106a } | |
| $a_19 = { 558beca18408010085c0b940bb000074 } | |
| $a_20 = { 558bec5136894dfc368b45fc3e8b0836 } | |
| $a_21 = { 558bec83ec18576a0068000000026a03 } | |
| $a_22 = { 558bec0fb745105657ff750c50ff7508 } | |
| $a_23 = { 558bec81ec2803000053565790909090 } | |
| $a_24 = { 558bec56579090909090909090909090 } | |
| $a_25 = { 558bec5690909090909068e4b80010ff } | |
| $a_26 = { 558bec81ec700100005356578d45f068 } | |
| $a_27 = { 558bac2418020000568bf58a188acb3a } | |
| $a_28 = { 558becff257c4c0010cccccccc558bec } | |
| $a_29 = { 558bec8b4508a3341000109090909090 } | |
| $a_30 = { 558bec9090909090908b4508506860f8 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Cupsop_6f49c59099eb7e85dc7d507f4512c74d323417b2e756e95c481f4fd085fd7b2a { | |
| strings: | |
| $a_2 = { 558bec568b750856ff1564304000eb11 } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32Dande_673aed0327e2573d2774c5a0e6928aa16135204851458ee97108b7329a16c0f3 { | |
| strings: | |
| $a_2 = { 558bec81ec000200008d451450ff7510 } | |
| $a_3 = { 558bec515356578b3d14200100be0001 } | |
| $a_4 = { 558bec81ec0c010000538b1d14200100 } | |
| $a_5 = { 558bec83ec18565768f82001008d45e8 } | |
| $a_6 = { 558bec83ec0c8b45088a880001000053 } | |
| $a_7 = { 558bec83ec208b4508566a208945e86a } | |
| $a_8 = { 558bec5633c0508d4d0851505050ff75 } | |
| $a_9 = { 558bec83ec245368a0200100ff750ce8 } | |
| condition: | |
| 7 of them | |
| } | |
| rule PWSWin32Delf_06756ee2c8082dfdfa2c3cc9701c9ea5080f377e1e8b4473e135dbd464ca656b { | |
| strings: | |
| $a_2 = { 558bec83ec08682612400064a1000000 } | |
| $a_3 = { 5589e5908b45c8c74004e8a403008b45 } | |
| $a_4 = { 558bec83ec14682612400064a1000000 } | |
| $a_5 = { 558bec83ec0c682612400064a1000000 } | |
| condition: | |
| 4 of them | |
| } | |
| rule PWSWin32Dexter_9a2aac89fade57669a6ad17cf06a35e685ea1ec2380f89f28d1763d9f98caf1e { | |
| strings: | |
| $a_2 = { 558bec81ec8006000068107f40008d85 } | |
| $a_3 = { 558bec83ec0c8b45080fbe0883f92874 } | |
| $a_4 = { 558bec83ec088b450c50ff1530904000 } | |
| $a_5 = { 558bec837d0c117409817d1400000080 } | |
| $a_6 = { 558bec51b80100000085c074316aff8b } | |
| $a_7 = { 558bec68e08c4000e84306000083c404 } | |
| $a_8 = { 558bec81ec0c010000837d0801750aa1 } | |
| $a_9 = { 558bec0fbe450883f8417c090fbe4d08 } | |
| $a_10 = { 558bec83ec10c745f0b71dc104680004 } | |
| $a_11 = { 558bec518b45108945fc8b4d1083e901 } | |
| $a_12 = { 558bec51c745fc000000008b450c0fbe } | |
| $a_13 = { 558bec51c745fc000000008b45fc833c } | |
| $a_14 = { 558bec83ec08538b45088945fc8b4d0c } | |
| $a_15 = { 558bec81ec5c0300006a006800002084 } | |
| $a_16 = { 558bec83ec40c745dc00000000682801 } | |
| $a_17 = { 558becb80100000085c074288b0db083 } | |
| $a_18 = { 558bec83ec0cc745f8010000008b45f8 } | |
| $a_19 = { 558bec83ec48c745b800000000c745bc } | |
| $a_20 = { 558bec83ec148d45ec50ff1598914000 } | |
| $a_21 = { 558bec510fb6450850e8c2ffffff83c4 } | |
| $a_22 = { 558bec81ec88040000c745f001000000 } | |
| $a_23 = { 558bec83ec20c745f800000000681460 } | |
| $a_24 = { 558bec81eca0020000c745e480000000 } | |
| $a_25 = { 558bec51c745fcffffffff8b450c508b } | |
| $a_26 = { 558bec81ecb4000000c745e000000000 } | |
| $a_27 = { 558bec81ec14010000c745e400000000 } | |
| $a_28 = { 558bec51c745fc00000000833dd88c40 } | |
| $a_29 = { 558bec81ec040100008b45080fbe0883 } | |
| $a_30 = { 558bec83ec1c8d45fc506a28ff151891 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32DNFOnline_0f149d616cd0b73440661eadae3a649afa80c6145dd369b6e17044e3e33fb714 { | |
| strings: | |
| $a_2 = { 558bec83ec64741f15243085c07478fe } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32Donips_19f7398c7ecdfaf54760727b1831e3128d452ce689730e8d53fe72a67152856d { | |
| strings: | |
| $a_2 = { 558bec51837d08007406050c00750433 } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32Dozmot_09573c0b16b70423db4edd4cf06e3d437cbe96a2e2a93d390affdaa15b822362 { | |
| strings: | |
| $a_2 = { 558bf8ffd30faff855ff151050001083 } | |
| $a_3 = { 558b2d98500010565753ffd585c00f84 } | |
| $a_4 = { 558b2d58204000565768183140006a00 } | |
| $a_5 = { 558bf0ff1500500010eb048b7424188b } | |
| $a_6 = { 558b6c2414565733ff85ed7e1e8b7424 } | |
| $a_7 = { 558b6c2408575533ffff159850001085 } | |
| $a_8 = { 558b6c240c568bdd8b742414c1e30857 } | |
| $a_9 = { 558bf0ffd33bc675155557ff15642040 } | |
| $a_10 = { 558bcf00000068502300000000006173 } | |
| $a_11 = { 558bec83ec205657be1c1000108d7df4 } | |
| $a_12 = { 558bec6aff68a051001068c042001064 } | |
| $a_13 = { 558b5424148b4c24108d842448010000 } | |
| $a_14 = { 558b2d4c500010ffd56a10e8df210000 } | |
| $a_15 = { 558bac24140100005657556868610010 } | |
| $a_16 = { 558bf0ffd32bc685c07e6a5733f6ffd3 } | |
| $a_17 = { 558b2d9850001056578b7c24185333f6 } | |
| $a_18 = { 558b2d9c500010568b35b0500010578b } | |
| condition: | |
| 14 of them | |
| } | |
| rule PWSWin32Dyzap_5c090801cd3b554b3f2409bc52e95ddd491540ae618500f907b677902ba3f818 { | |
| strings: | |
| $a_2 = { 558bec51535633db5368a8824100e8f4 } | |
| $a_3 = { 558bec83ec14837d0c057d0733c0e9c3 } | |
| $a_4 = { 558bec53568b750c5785f6750bff7508 } | |
| $a_5 = { 558bec5633f639750874325768403f00 } | |
| $a_6 = { 558bec5de9bbfeffff558becff7508e8 } | |
| $a_7 = { 558bec568b750856e8a03000008bd033 } | |
| $a_8 = { 558bec81ec1004000056e833d8ffff8b } | |
| $a_9 = { 558bec83ec108d55f033c95657bea451 } | |
| $a_10 = { 558bec83ec1c538d45f80f57c050ff75 } | |
| $a_11 = { 558bec83ec0c8b4d0c8bc15356578b7d } | |
| $a_12 = { 558bec6a006a0068d1e244d36a08e81a } | |
| $a_13 = { 558bec56e8bb25ffff8b750885c0741c } | |
| $a_14 = { 558bec83ec485356576a25586a736689 } | |
| $a_15 = { 558bec81ec50040000538b5d0868d06e } | |
| $a_16 = { 558bec8b450883e0015dc3558bec6a00 } | |
| $a_17 = { 558bec83ec388365fc00538b5d0885db } | |
| $a_18 = { 558bec33c050506876d610d650e83fc9 } | |
| $a_19 = { 558bec33c0505068773114c950e803f6 } | |
| $a_20 = { 558bec5151568b35c0a041008bc6578b } | |
| $a_21 = { 558bec83ec0c538b5d085668f4794100 } | |
| $a_22 = { 558bec83ec206a2a586a2e668945f458 } | |
| $a_23 = { 558bec568b751085f67429538b5d0c57 } | |
| $a_24 = { 558bec8b451885c0566a1a590f44c150 } | |
| $a_25 = { 558bec6a01ff750cff7508e81afbffff } | |
| $a_26 = { 558bec83ec148365f0008d45f0536a00 } | |
| $a_27 = { 558bec8b450c53568b7508578b4e0403 } | |
| $a_28 = { 558bec81eca0000000535733db535368 } | |
| $a_29 = { 558bec6a00ff3564fc4900e83346ffff } | |
| $a_30 = { 558bec5657bf0802000057e816ebffff } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Emasen_efe3d47d0b1a4e9009718885d582d36230cc45610bb9c5b5e5893d66293605d4 { | |
| strings: | |
| $a_2 = { 558bec83ec1053568bf1578b7d14807e } | |
| $a_3 = { 558bec5657ff7508e8b12a00008bf08d } | |
| $a_4 = { 558b7199c3e58988bd5194a5079477ac } | |
| $a_5 = { 558bec83ec10535633db8bf1385d2c8b } | |
| $a_6 = { 558bcec7055c304700ec030000e808fd } | |
| $a_7 = { 558be46aaff1dbef39712055a0828010 } | |
| $a_8 = { 558bec833d0c55470000750fff750cff } | |
| $a_9 = { 558bc8e89efdffff473bfb7cd58b4628 } | |
| $a_10 = { 558b6c2424568bf18bcde8b928fcff85 } | |
| $a_11 = { 558bec6aff68505145006874d4420064 } | |
| $a_12 = { 558bcfe8810802008b6c24148bf88b07 } | |
| $a_13 = { 558be956576a438d8d88000000e8dd16 } | |
| $a_14 = { 558b814dda4afb7763a609ad318f58a6 } | |
| $a_15 = { 558bd9568b4c241c57e8def9fdff8b7c } | |
| $a_16 = { 558befe84f5422e83cc08eea09ea22db } | |
| $a_17 = { 558bcee8b567ffff8b4b185f85c97412 } | |
| $a_18 = { 558be61eda5126d75960fc31aefd8af2 } | |
| $a_19 = { 558b06624396d5aa097ab7ecb58f364d } | |
| $a_20 = { 558bec83ec6433c05638450c8bf10f95 } | |
| $a_21 = { 558bec83ec7c53568b750833c057894d } | |
| $a_22 = { 558ba536ddf7d00545cb3fda0e9575ae } | |
| $a_23 = { 558bec5756538b750c8b7d088d05943a } | |
| $a_24 = { 558b442420c705a0304700820000008b } | |
| $a_25 = { 558bcee8566a000055e82f1a020083c4 } | |
| $a_26 = { 558b6c24105657742aa1643947008b5c } | |
| $a_27 = { 558bec515153894df88b4d085657e8b7 } | |
| $a_28 = { 558bec33c039050c554700750fff750c } | |
| $a_29 = { 558be9578b4d1083c11ce8f08c010033 } | |
| $a_30 = { 558b271e10b653a7eb731070c7f4871d } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Enterak_a835261904f625268df859eda4a219d7bafdf0328968569b5bdefd91841c5083 { | |
| strings: | |
| $a_2 = { 558bec6055e8f4feffff61ff3548f901 } | |
| $a_3 = { 558b2d041100105657b0816a00884424 } | |
| $a_4 = { 558b2d3c110010563bc3570f84800000 } | |
| $a_5 = { 558b2d1c1200105657c7442414000000 } | |
| $a_6 = { 558b2d3c11001056578b7c24246a2057 } | |
| $a_7 = { 558bec81eccc030000535657b9070000 } | |
| $a_8 = { 558becff35b4d7011083042405c39090 } | |
| $a_9 = { 558bec64a1000000006aff6868b80110 } | |
| $a_10 = { 558b2d2412001056578b7c2418c74424 } | |
| $a_11 = { 558b6c240856576a1455ff153c110010 } | |
| $a_12 = { 558bec57566055e8e4feffff61ff3570 } | |
| $a_13 = { 558b6c240c565755e822feffff8bf88b } | |
| $a_14 = { 558bec81ec040100008b450c5333db56 } | |
| $a_15 = { 558bec6055e804fcffff61ff35e46202 } | |
| $a_16 = { 558b6c240c5657688000000055ffd385 } | |
| $a_17 = { 558bec81ec94010000a1f84b00105356 } | |
| $a_18 = { 558b6c241c56578b7c241c896c241085 } | |
| $a_19 = { 558b751ca11cd901106a056838dc0110 } | |
| $a_20 = { 558bec51a17435001069c0fd43030005 } | |
| $a_21 = { 558bec57566055e894fdffff61ff35f0 } | |
| $a_22 = { 558b2df4110010568b35fc110010578b } | |
| $a_23 = { 558b2d1c110010684818001050ffd58b } | |
| $a_24 = { 558bf78bd98bfa83c9fff2ae8bcb4fc1 } | |
| condition: | |
| 19 of them | |
| } | |
| rule PWSWin32Facepass_4bbf2e25dcc17a4707098ce04600b656c8651f0bf63289bf312e278b77ebe456 { | |
| strings: | |
| $a_2 = { 558bec81ec1404000053565768340343 } | |
| $a_3 = { 558bec81ec040400005368dc8742008d } | |
| $a_4 = { 558bec518b450c8b0053565783e81033 } | |
| $a_5 = { 558bec81ec0c0600005357681c8d4200 } | |
| $a_6 = { 558bec81ec1c0400005368707e42008d } | |
| $a_7 = { 558bec83e4f881ec180200008d042450 } | |
| $a_8 = { 558bec83e4f881ec5807000053576870 } | |
| $a_9 = { 558bec81ec0404000053687c8342008d } | |
| $a_10 = { 558bec83e4f86aff687e15420064a100 } | |
| $a_11 = { 558bec83ec18a1d05e43008365e8008d } | |
| $a_12 = { 558bec33c03905288e470050ff7510ff } | |
| $a_13 = { 558bec81ec080400005368009942008d } | |
| $a_14 = { 558bec83ec1853ff75108d4de8e8bdc0 } | |
| $a_15 = { 558becb820850000e8b4420100535657 } | |
| $a_16 = { 558bec83ec74a1d05e430033c58945fc } | |
| $a_17 = { 558bec81ec2c0a000053565768d07042 } | |
| $a_18 = { 558bec6afe68401a430068005c410064 } | |
| $a_19 = { 558bec83e4f86aff68f914420064a100 } | |
| $a_20 = { 558bec83ec30a1d05e430033c58945fc } | |
| $a_21 = { 558bec81ec2004000053565768480a43 } | |
| $a_22 = { 558bec81ec0404000053680c4e42008d } | |
| $a_23 = { 558bec83ec28a1d05e430033c58945fc } | |
| $a_24 = { 558bec5151a1d05e430033c58945fca1 } | |
| $a_25 = { 558bec81ec04040000535668c04f4200 } | |
| $a_26 = { 558bec81ec04040000535768207b4200 } | |
| $a_27 = { 558bec81ec04040000535668a8864200 } | |
| $a_28 = { 558bec83ec10a1d05e43008365f80083 } | |
| $a_29 = { 558bec81ec08040000535668086b4200 } | |
| $a_30 = { 558bec83e4f86aff68ef15420064a100 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32FakeAIM_64c00fcfd75e051ad4677fd9c32489dbb1d396a3a4ac84ccd9d2bc4e5d90541f { | |
| strings: | |
| $a_2 = { 558bec83ec0c6806ffb7f76f64a1b850 } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32Faker_b723c80e0995cae0954d312fd5f2714126aab928ccf38e2bc8edcb10dfb38074 { | |
| strings: | |
| $a_2 = { 558bec83ec0c68c611400064a1000000 } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32Fignotok_816137f94c4a2378bff7345ec392c1dbaa8a748703df5789a764cef8ba5de3b9 { | |
| strings: | |
| $a_2 = { 558b202f1af4a6742fcdf7ce32741106 } | |
| $a_3 = { 558b43ac58bb888894578c123befa900 } | |
| $a_4 = { 558b08ae12878fefac76f7d9138e514d } | |
| $a_5 = { 558bec83e4f8cfa91453428a75a6b857 } | |
| $a_6 = { 558bd58bcd8bec558bdd05d809000050 } | |
| $a_7 = { 558b3405e401ea2587ae9d5a4417e4f7 } | |
| $a_8 = { 5589e581c50400000081c50400000083 } | |
| $a_9 = { 5589e581c504000000e95bf2ffff870c } | |
| $a_10 = { 5589e5e97575ffff51e9efbe00000bc0 } | |
| $a_11 = { 5589e5e95a3600005781ec0400000054 } | |
| $a_12 = { 558b89ff4c36608a8debc990c24c058a } | |
| $a_13 = { 5589e581c504000000e9df2affff545f } | |
| $a_14 = { 5589e553bb0400000001dd5b52ba0400 } | |
| $a_15 = { 558bfd03fa8a9fa02300003118494042 } | |
| $a_16 = { 558b3d13ec12cb8d27107f0fc310e3f0 } | |
| $a_17 = { 5589e581c504000000e9b890000081ec } | |
| $a_18 = { 5589e5e963daffff57e9e59f00005068 } | |
| $a_19 = { 5589e581c504000000e92af6ffff01cb } | |
| $a_20 = { 558b5e70289cbf4b0988265bc12a97f6 } | |
| $a_21 = { 558bec5421ccd311d0a97035275f22f0 } | |
| $a_22 = { 558bf10d4ba36ae28d8a81ce9d630355 } | |
| $a_23 = { 5589e557bf04000000e95735000052ba } | |
| $a_24 = { 5589e5e92ccdfeff5e68124d0000890c } | |
| $a_25 = { 558bec83c4f08b7508c745fc00000000 } | |
| $a_26 = { 5589e581c5040000006874330000e951 } | |
| $a_27 = { 558b1c24688d4b0000890424e98c5400 } | |
| $a_28 = { 558bd54ecd8cec0edd3005d887506467 } | |
| $a_29 = { 5589e56800190000893c24e9a1210000 } | |
| $a_30 = { 558bec568b750c578b7d088bcf81e1ff } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Fiu_c54cabc9038e929850d3505834cac916a622ea37344c924e2465904b90bd1dc4 { | |
| strings: | |
| $a_2 = { 558beca0c209b4008b56044af7ea50a1 } | |
| $a_3 = { 558bec568b76048b56068bc225ff0009 } | |
| $a_4 = { 558bec8b5e042bc92bd2b440cd215dc2 } | |
| $a_5 = { 558bec83ec0833c05050e8de025959a3 } | |
| $a_6 = { 558bec568b7604ff7606ff34e81d0c59 } | |
| $a_7 = { 558bec83ec025657a0c409b4008946fe } | |
| $a_8 = { 558bec568b76048b56068b4e088bc289 } | |
| $a_9 = { 558bec83ec1856578b760433ff8b1c8b } | |
| $a_10 = { 558becb80c135033c050ff76048d4606 } | |
| $a_11 = { 558bec33c050ff7606ff7604b80a0050 } | |
| $a_12 = { 558bec8b5e04d1e3f787c40801007406 } | |
| $a_13 = { 558bec56578b76048b7e060bf6750eb8 } | |
| $a_14 = { 558bec56578b76048b7e0a56e89efe59 } | |
| $a_15 = { 558bec8b5608b4448a46068b5e048b4e } | |
| $a_16 = { 558bec8b5604a0c309b4000bc0751983 } | |
| $a_17 = { 558bec83ec04b801428b5e0433c933d2 } | |
| $a_18 = { 558bec83ec0656578b7e048b45143b45 } | |
| $a_19 = { 558bec83ec0256578b7604837c16ff75 } | |
| $a_20 = { 558becb800448b5e04cd21922580005d } | |
| $a_21 = { 558bec56578b76048b7e060bf67433c7 } | |
| $a_22 = { 558bec56578b76048b7e060bf6742ac7 } | |
| $a_23 = { 558bec56578b76048b7e060bf67439c7 } | |
| $a_24 = { 558bec568b7604c604004e33c0ba0a00 } | |
| $a_25 = { 558bec568b76048a460698508b1cff77 } | |
| $a_26 = { 558bec8b5e04d1e381a7c408fffdb442 } | |
| $a_27 = { 558bec568b76048b5608f7c208007405 } | |
| $a_28 = { 558bec8b46048b560603069c0083d200 } | |
| $a_29 = { 558bec83ec0856578b76048b46088b56 } | |
| $a_30 = { 558bec56578b76048b7e060bf67431c7 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Fotip_7cf757e0943b0a6598795156c156cb90feb7d87d4a22c01044499c4e1619ac57 { | |
| strings: | |
| $a_2 = { 558bec83ec1053568bf1578b7d14807e } | |
| $a_3 = { 558bec5657ff7508e8b12a00008bf08d } | |
| $a_4 = { 558bec83ec10535633db8bf1385d2c8b } | |
| $a_5 = { 558b8eab45465bea156ab1451befcff3 } | |
| $a_6 = { 558bcec7055c304700ec030000e808fd } | |
| $a_7 = { 558bbed80fe0efce93283e588120a1df } | |
| $a_8 = { 558bec833d0c55470000750fff750cff } | |
| $a_9 = { 558bc8e89efdffff473bfb7cd58b4628 } | |
| $a_10 = { 558b6c2424568bf18bcde8b928fcff85 } | |
| $a_11 = { 558bc327774c35319c1b529619c5be29 } | |
| $a_12 = { 558b6f1577432a3d8a4d5595a0ae32ae } | |
| $a_13 = { 558bec6aff68505145006874d4420064 } | |
| $a_14 = { 558bcfe8810802008b6c24148bf88b07 } | |
| $a_15 = { 558be956576a438d8d88000000e8dd16 } | |
| $a_16 = { 558bd9568b4c241c57e8def9fdff8b7c } | |
| $a_17 = { 558bcee8b567ffff8b4b185f85c97412 } | |
| $a_18 = { 558bd0253315debab494f4b9ba2c5ab4 } | |
| $a_19 = { 558bec83ec6433c05638450c8bf10f95 } | |
| $a_20 = { 558bec83ec7c53568b750833c057894d } | |
| $a_21 = { 558bec5756538b750c8b7d088d05943a } | |
| $a_22 = { 558b442420c705a0304700820000008b } | |
| $a_23 = { 558bd8f3fa756bb6ad6b0d96cc26afd2 } | |
| $a_24 = { 558bcee8566a000055e82f1a020083c4 } | |
| $a_25 = { 558b6c24105657742aa1643947008b5c } | |
| $a_26 = { 558bddbefa95b2bf02a55e65b95eea0d } | |
| $a_27 = { 558bec515153894df88b4d085657e8b7 } | |
| $a_28 = { 558b325b40f2879b954c2e8b5845694b } | |
| $a_29 = { 558bec33c039050c554700750fff750c } | |
| $a_30 = { 558be9578b4d1083c11ce8f08c010033 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Frethog_b4a2aa9caf5038d8637936a2e1fba76bd82ca760ee4015adb9ff63e84aeb864a { | |
| strings: | |
| $a_2 = { 558bec81ec2405000056578bff8bff90 } | |
| $a_3 = { 558bec83ec108d45f066c745f04c4f50 } | |
| $a_4 = { 558bec83ec3056576a066a016a02ff15 } | |
| $a_5 = { 558bec81ec8c0400005333db381db8b1 } | |
| $a_6 = { 558bec81ec28010000538b5d08568b35 } | |
| $a_7 = { 558bec83ec105356e86e09000085c00f } | |
| $a_8 = { 558bec81eca4000000ff75088d855cff } | |
| $a_9 = { 558bec81ec3001000053568b35947000 } | |
| $a_10 = { 558bec83ec148d45ecc745ec47657453 } | |
| $a_11 = { 558bec51803d29b7001000750cc60529 } | |
| $a_12 = { 558bec83ec14a148840010c745fc6b45 } | |
| $a_13 = { 558bec5356578b7d14297d0c6a005e74 } | |
| $a_14 = { 558bec83ec146a01ff7508ff15707000 } | |
| $a_15 = { 558bec81ec8000000053568b75085756 } | |
| $a_16 = { 558bec5151e8b1feffff84c0750a6a64 } | |
| $a_17 = { 558bec81eca4000000565733ff8d45dc } | |
| $a_18 = { 558bec81ec00040000a174b600105657 } | |
| $a_19 = { 558bec51515733c08d7df9c645f8e8ab } | |
| $a_20 = { 558bec83ec5c538d45c456508d45e533 } | |
| $a_21 = { 558bec83ec0c33c0390588b000100f84 } | |
| $a_22 = { 558bec81ec58010000e805f6ffff84c0 } | |
| $a_23 = { 558bec83ec0c909090908d45f4c745f4 } | |
| $a_24 = { 558becb858140000e87d3400005356be } | |
| $a_25 = { 558bec81ecf400000053568d856cffff } | |
| $a_26 = { 558bec51535657508b45048945fc5881 } | |
| $a_27 = { 558bec83ec1c5356576a00ff15947000 } | |
| $a_28 = { 558bec8b45085356576a5033d25e8bce } | |
| $a_29 = { 558bec83ec0c5733c08d7df5c645f4e9 } | |
| $a_30 = { 558bec83ec4053568b3570700010578b } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32GinaPass_9bff92f14a6ef0092fdf059179c42979b3e091c80f1ae81882557826b2b9388d { | |
| strings: | |
| $a_2 = { 558b91878dc3e45ecfb103ddb76d7003 } | |
| $a_3 = { 558bec83ec0cc745f4000000008b4510 } | |
| $a_4 = { 558bd684c88bd985c58bd184c78bd684 } | |
| $a_5 = { 558bd82184243cbc179f68200f480ce0 } | |
| $a_6 = { 558b091389418daaa1b62ffa020a8b55 } | |
| $a_7 = { 558bd20f841d60ffffe915c8feff55e9 } | |
| $a_8 = { 558b7bf22e98ba34e8d53d4c4687c189 } | |
| $a_9 = { 558b37b4b0e85f7fbd760a422ffa0837 } | |
| $a_10 = { 558b4d08e99d7f000084c584c885cb84 } | |
| $a_11 = { 558bec83ec14c745fc00000000e9ffae } | |
| condition: | |
| 9 of them | |
| } | |
| rule PWSWin32Glacier_2ec4450a11be85cffaffefd01892ddf158b4c19461afafdec67d15de602ba787 { | |
| strings: | |
| $a_2 = { 558bacf47186a531a2e916747e91351d } | |
| $a_3 = { 558b5353a9f44b4be9efe9f2f814fc52 } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32Gypthoy_e70fd7b5efa397419a401ec951e448a1604646df78b9fd74a5ba5739f5b08f07 { | |
| strings: | |
| $a_2 = { 558bec83ec08683618400064a1000000 } | |
| $a_3 = { 558bec83ec18683618400064a1000000 } | |
| $a_4 = { 558bec83ec0c683618400064a1000000 } | |
| condition: | |
| 3 of them | |
| } | |
| rule PWSWin32Hacksoft_eec60b7c3c92d094de9438321d33e733318033d3b02d98cbf8736e9172385b77 { | |
| strings: | |
| $a_2 = { 558bec33c05568113a400064ff306489 } | |
| $a_3 = { 558bec33c05568b939400064ff306489 } | |
| $a_4 = { 558bec515356578bd833c0a3b0654000 } | |
| $a_5 = { 558bec83c4f85356578bd8803dac6540 } | |
| $a_6 = { 558bec83c4c4b818404000e864f7ffff } | |
| $a_7 = { 558bec53803dac654000000f84cc0000 } | |
| $a_8 = { 558bec51535657894dfc8bfa8bf0e899 } | |
| $a_9 = { 558bec515356578bf28bd8803dac6540 } | |
| $a_10 = { 558bf0bf00664000bd046640008b1df8 } | |
| $a_11 = { 558bec538b450c33db8bd04a74224a74 } | |
| $a_12 = { 558bec33c055683938400064ff306489 } | |
| $a_13 = { 558bec535657bf206640008b470885c0 } | |
| $a_14 = { 558bec33c9515151515333c05568423e } | |
| $a_15 = { 558bec33d255683e18400064ff326489 } | |
| $a_16 = { 558bec518945fc33d25568d834400064 } | |
| $a_17 = { 558bec83c4f40fb7050c5040008945f8 } | |
| $a_18 = { 558bec53bb9c664000e8cafeffff85c0 } | |
| $a_19 = { 558bec33c05568653f400064ff306489 } | |
| $a_20 = { 558bf28bd8eb0853e88ceaffff8bd88a } | |
| $a_21 = { 558bec33c055687138400064ff306489 } | |
| $a_22 = { 558bec83c4f85356578945fca1205040 } | |
| $a_23 = { 558bec33c055680f40400064ff306489 } | |
| $a_24 = { 558bec33c05568a235400064ff306489 } | |
| $a_25 = { 558bec535657a12866400085c0744b8b } | |
| condition: | |
| 20 of them | |
| } | |
| rule PWSWin32Hukle_d49541de6058a52fc9c9b1880ae249a3cf0c7ebd1db9a07f6bb258ccd058de58 { | |
| strings: | |
| $a_2 = { 558bec8b450885c075025dc3833d5cb2 } | |
| $a_3 = { 558bec81ec5803000053576a4033db59 } | |
| $a_4 = { 558bec83ec54568d45fc57508bf16819 } | |
| $a_5 = { 558bec5756538b750c8b7d088d0554b2 } | |
| $a_6 = { 558b14b952e8950e000083c408473bfb } | |
| $a_7 = { 558b81e00000005699f77b08578bb9e4 } | |
| $a_8 = { 558bec51a0548d42003c20743984c074 } | |
| $a_9 = { 558bec81ec0801000080a5f8feffff00 } | |
| $a_10 = { 558b6c2424578b9de40000008b45340f } | |
| $a_11 = { 558b45bc8a4df1ff45d48848018a4df0 } | |
| $a_12 = { 558bec83ec34e8b11400008945fc8b40 } | |
| $a_13 = { 558bec6aff68f00a420068a039410064 } | |
| $a_14 = { 558bec81ec0001000056ff750cff15e4 } | |
| $a_15 = { 558bec6aff684809420068a039410064 } | |
| $a_16 = { 558bece8bd0400008b400485c07415ff } | |
| $a_17 = { 558bec51515657e87d06000083786800 } | |
| $a_18 = { 558bec6aff68800b420068a039410064 } | |
| $a_19 = { 558bec5153568bf157ff36ff1598f141 } | |
| $a_20 = { 558b0d846342000fb6c3f64441018074 } | |
| $a_21 = { 558bec83ec14a154b642008b1558b642 } | |
| $a_22 = { 558bec6aff68a80a420068a039410064 } | |
| $a_23 = { 558bec8b450856833c85e85e4200008d } | |
| $a_24 = { 558bec5151568bf1578b3d74f041008b } | |
| $a_25 = { 558bec6aff68d00a420068a039410064 } | |
| $a_26 = { 558bec81ecc80000008b45088d8d38ff } | |
| $a_27 = { 558bec83ec1c5356578b3d20f34100be } | |
| $a_28 = { 558bec5356578bf16a0133ffe8950100 } | |
| $a_29 = { 558b6c24108b43105683f8645774198b } | |
| $a_30 = { 558bec83ec2c5356578bf1e8a3efffff } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Hupigon_0c075d07c82c16bef1c1a6d77d48018a0c8dee6acff7357d63f2994fec46673a { | |
| strings: | |
| $a_2 = { 558bec83ec4c8b1153568b7108578b79 } | |
| $a_3 = { 558b6738c6d36a2b304512ab933056d3 } | |
| $a_4 = { 558bec83e4f8eb0713920067922193e9 } | |
| $a_5 = { 558bec807d0800752756be0433051083 } | |
| $a_6 = { 558bec566844330210683c3302106844 } | |
| $a_7 = { 558becff7508b9fc330510e848f7ffff } | |
| $a_8 = { 558becff7508b908340510e8f1eeffff } | |
| $a_9 = { 558b2cc506d97860f6719a1c976d6178 } | |
| $a_10 = { 558bec6aff68c874400068683c400064 } | |
| $a_11 = { 558b1ef4b2f9b7e72230aae3b78b8c41 } | |
| $a_12 = { 558b8f15ac143276343516e8d950b0c9 } | |
| $a_13 = { 558b385f0c3a504e05baa1af5bd54f6b } | |
| $a_14 = { 558bee53f9df1a490258678293f41a1c } | |
| $a_15 = { 558bec83e4f881ec9c010000538b5d08 } | |
| $a_16 = { 558b5c24049c8d64240ce9aaeaffffe8 } | |
| $a_17 = { 558bec51568b750883fefe7515e8738e } | |
| $a_18 = { 558becff7508e8f32c000059b0015dc3 } | |
| $a_19 = { 558bec83e4f883ec2c535657eb09b43e } | |
| $a_20 = { 558b2e20bb1350187861320abde71723 } | |
| $a_21 = { 558b2e74330aa3b078df188e0cf2afcd } | |
| $a_22 = { 558b70b4dc517a788fe1f97e36e96bee } | |
| $a_23 = { 558b547f90ad7a8578d57bc0a1d06f15 } | |
| $a_24 = { 558b6749c30e30819f3b6c4577ff0a25 } | |
| $a_25 = { 558b1667d85de937fe49ca4ded2e55bc } | |
| $a_26 = { 558bec8b450883c02050ff1520300210 } | |
| $a_27 = { 558b784181db1f01a9d29bccc27865ad } | |
| $a_28 = { 558b782a8380f7495ca7e278e7ba230c } | |
| $a_29 = { 558be9af78a78fb6d08347ee67788e94 } | |
| $a_30 = { 558bec81ecdc000000568bf2894df8eb } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Jomloon_040cf2b6c049e30a3ed9bdbc7e35c1f395245e562735582cc285652728164fa6 { | |
| strings: | |
| $a_2 = { 558b6c240c56578bf933f68d042e8bcf } | |
| $a_3 = { 558bec33c055680137400064ff306489 } | |
| $a_4 = { 558bec83c4f8803dac554000000f84e8 } | |
| $a_5 = { 558b6c2410578b7c241833c985ff7e1b } | |
| $a_6 = { 558b69971592180922192971fb0c9cd9 } | |
| $a_7 = { 558bec33c05568de34400064ff306489 } | |
| $a_8 = { 558bec83c4f85356578945fca1204040 } | |
| $a_9 = { 558b6c240c56578b7c241c5753556a00 } | |
| $a_10 = { 558bec83c4f8535657bf205640008b47 } | |
| $a_11 = { 558b6c242c565733ff894c241033f689 } | |
| $a_12 = { 558bec33c055681f3a400064ff306489 } | |
| $a_13 = { 558b6c24188bdf8bcd2bf58a140e3ad0 } | |
| $a_14 = { 558bac241401000056578bbc24180100 } | |
| $a_15 = { 558b88149c68a5ee2a15350a06848a0a } | |
| $a_16 = { 558bee09a3944d7b9e1ae0a530ec642b } | |
| $a_17 = { 558bec83c4f853568bf28bd8803dac55 } | |
| $a_18 = { 558bec3ea3988a02103e891d9c8a0210 } | |
| $a_19 = { 558bec83c4f88945fc33c05568153440 } | |
| $a_20 = { 558b69bdcf50492b706f085766f04152 } | |
| $a_21 = { 558bec8b45088b4d0c25ff000000894d } | |
| $a_22 = { 558b6c2414565733db55894c2418895c } | |
| $a_23 = { 558bec83c4f0b8283a4000e828fcffff } | |
| $a_24 = { 558b6c240c568b74240c576a6456b978 } | |
| $a_25 = { 558bec83c4ec538bd8803dac55400000 } | |
| $a_26 = { 558bd98b0d90590210565750518d9424 } | |
| $a_27 = { 558bec33c055683937400064ff306489 } | |
| $a_28 = { 558bec33c05568e137400064ff306489 } | |
| $a_29 = { 558bcfe851f0ffff5f5e8bc35d5b59c2 } | |
| $a_30 = { 558bc62bce8bef8a14018810404d75f7 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Katalog_929575870e2fba5dc0bc72a07b7bdb96778f86b3ab5f6ebde20c8a6d482ead17 { | |
| strings: | |
| $a_2 = { 558bec83ec18684617400064a1000000 } | |
| $a_3 = { 558bec83ec0c684617400064a1000000 } | |
| $a_4 = { 558bec83ec08684617400064a1000000 } | |
| $a_5 = { 558bec83ec14684617400064a1000000 } | |
| condition: | |
| 4 of them | |
| } | |
| rule PWSWin32KBoy_c22792dbf9a0279b36fa22f775a92ddfea9545cc842381ba84c2402c76aa393a { | |
| strings: | |
| $a_2 = { 558bec83ec18dd05f8790110dd5df0dd } | |
| $a_3 = { 558bec51568b750c56e8e35400008945 } | |
| $a_4 = { 558bec83e4f8b8d8600000e820ba0000 } | |
| $a_5 = { 558bec83ec7ca14090011033c58945fc } | |
| $a_6 = { 558bec81ec1c050000a14090011033c5 } | |
| $a_7 = { 558bec53568b3574510110578b7d0857 } | |
| $a_8 = { 558bec56ff75088bf1e844490000c706 } | |
| $a_9 = { 558bec833dd879011000741968d87901 } | |
| $a_10 = { 558becff35dca90110e81a1a00005985 } | |
| $a_11 = { 558bec5151a14090011033c58945fca1 } | |
| $a_12 = { 558bec83e4f8b814140000e8d0aa0000 } | |
| $a_13 = { 558bec83ec10a14090011033c58945fc } | |
| $a_14 = { 558bec83ec14535657e8bb9fffff8365 } | |
| $a_15 = { 558bec56ff35dc9701108b358c510110 } | |
| $a_16 = { 558bec8b450833c93b04cd4890011074 } | |
| $a_17 = { 558bec81ec28030000a14090011033c5 } | |
| $a_18 = { 558bec8b450883f8fe750fe816abffff } | |
| $a_19 = { 558bec538b5d08568bf1c706005a0110 } | |
| $a_20 = { 558bec83ec1056ff750c8d4df0e8a55a } | |
| $a_21 = { 558bec8bc18b4d08c700005a01108b09 } | |
| $a_22 = { 558bec83ec10ff750c8d4df0e87f91ff } | |
| $a_23 = { 558bec6afe68c080011068e0b3001064 } | |
| $a_24 = { 558bec8b45088b0dac9c011056395004 } | |
| $a_25 = { 558b3783c70489bddcfdffffe8f7e3ff } | |
| $a_26 = { 558bec5356576a006a0068a303011051 } | |
| $a_27 = { 558bec8b0d9c510210a1a05102106bc9 } | |
| $a_28 = { 558bec83e4f8b80c100000e8c0a80000 } | |
| $a_29 = { 558bec83ec74a14090011033c58945fc } | |
| $a_30 = { 558bec83ec10ff75088d4df0e8a07fff } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Kegotip_c37bb3af0907a4bcaafd4cdb2fdcc6cdca19e406013278ef3de59fc43ac28627 { | |
| strings: | |
| $a_2 = { 558bec0fb60508dc010885c07406837d } | |
| $a_3 = { 558bec83ec0c8b45083b0568ed010872 } | |
| $a_4 = { 558bec81ec1c050000a1e6d201088985 } | |
| $a_5 = { 558bec83ec0c8b45088b08894df8c745 } | |
| $a_6 = { 558bec0fb60540db010885c07505e99f } | |
| $a_7 = { 558bec8b45108b4d08668b1166895014 } | |
| $a_8 = { 558bec83ec14837d0800740c837d0c00 } | |
| $a_9 = { 558bec5157837d0800750433c0eb1bc7 } | |
| $a_10 = { 558bec83ec2053837d08007412837d0c } | |
| $a_11 = { 558bec83ec38837d08007406837d0c00 } | |
| $a_12 = { 558bec6aff68e0c00108685034000864 } | |
| $a_13 = { 558bec518b450c83c00233d2b9030000 } | |
| $a_14 = { 558bec83ec308b451c8b08894dfc8b55 } | |
| $a_15 = { 558bec8b4508508b4d0c51e8e002ffff } | |
| $a_16 = { 558bec510fb60560ed010885c07407b0 } | |
| $a_17 = { 558bec83ec18c745f812d00108c745f4 } | |
| $a_18 = { 558bec83ec14a130ed01088b0869c90f } | |
| $a_19 = { 558bec83ec0c8b45080fb748048b550c } | |
| $a_20 = { 558bec81ec28010000837d0800740683 } | |
| $a_21 = { 558bec83ec0c8b45080fb60883e10fc1 } | |
| $a_22 = { 558bec83ec14837d0800750733c0e99d } | |
| $a_23 = { 558bec5657837d08007406837d0c0075 } | |
| $a_24 = { 558bec83ec0cc645ff00c645f700c745 } | |
| $a_25 = { 558bec83ec108b450c8945fc8b4d0c83 } | |
| $a_26 = { 558bec83ec08837d0800750433c0eb14 } | |
| $a_27 = { 558bec0fb60508db010885c07404b001 } | |
| $a_28 = { 558bec5157c745fc000000008d3d38d4 } | |
| $a_29 = { 558bec686cbf01086890bf0108ff1544 } | |
| $a_30 = { 558bec83ec1c837d08007412837d0c00 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Kheagol_0c9c83f33a464ecdeb9f73b3ae23b849c831a2b9fbc895ff08bf654e25e18617 { | |
| strings: | |
| $a_2 = { 558bfa2d252ebefa9ee2570c4f5e1d5a } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32Kiction_03663e669098b9ccc97c5bc51375a7a4f9f8475d197659dbab595aa4d8f80fe9 { | |
| strings: | |
| $a_2 = { 558bec83c4fcc745fc020000006a0068 } | |
| $a_3 = { 558bb8ed0cb6c0b19bb5223e5cde0c09 } | |
| $a_4 = { 558bfe5b4bcc3549772257926faae674 } | |
| $a_5 = { 558bec837d0c0175136a006a00682004 } | |
| $a_6 = { 558bec83c4a4c745d030000000c745d4 } | |
| $a_7 = { 558bec8b75088bfe33d28b4d0c83fa10 } | |
| $a_8 = { 558b68ec68fd5a4d1727021f71739203 } | |
| $a_9 = { 558bec81ec440100008d85bcfeffff50 } | |
| $a_10 = { 558b682c045b2302de6de1de3689b3ba } | |
| condition: | |
| 8 of them | |
| } | |
| rule PWSWin32Kukel_8d13950f08de533dbcf2b6ee6772613cf009ae60cdaced09426c055617be779e { | |
| strings: | |
| $a_2 = { 558bd9b3e8c74304606a044f911db06f } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32Kuluoz_5032025667913782028a363637104eadfdf6585fb6c5366ce4af794a29594be6 { | |
| strings: | |
| $a_2 = { 558b707557c7e12b83f89ba0e7001f5e } | |
| $a_3 = { 558bec81eca40000008d8560ffffff50 } | |
| $a_4 = { 558bec83ec58c745cc6b0000008b4dcc } | |
| $a_5 = { 558bec83ec08c74508f96e94f28b4508 } | |
| $a_6 = { 558bec6aff68b0304000686828400064 } | |
| $a_7 = { 558b1569085ed9d35f5dc7a8e57f5f18 } | |
| $a_8 = { 558bec83ec60c745f061000000c745e4 } | |
| $a_9 = { 558b156ee8c1d6338b04a7e07d481764 } | |
| $a_10 = { 558bec83ec50c745d8563f90fac745e0 } | |
| $a_11 = { 558be8944901ff7fd3ffeb1766080cfb } | |
| $a_12 = { 558b707256e8e92f56005513008b1566 } | |
| $a_13 = { 558b1566fcc1d92b524e653c8bff9473 } | |
| $a_14 = { 558b1fe704076c2cb6b6ca720f52d026 } | |
| $a_15 = { 558bec83ec30c745f8a9d53bfdc745f0 } | |
| $a_16 = { 558b70705646e92b8b8090a8c8db7d20 } | |
| $a_17 = { 558bec81ecb0000000c78564ffffff0b } | |
| $a_18 = { 558b1fcf0c1c58aa651ccfaa4588ceae } | |
| $a_19 = { 558b6310ed0bd80714475c5e1524d9a8 } | |
| $a_20 = { 558b707056ffe9335675e92fff9094cb } | |
| $a_21 = { 558b707557c7e1338b0f1fcb00001894 } | |
| $a_22 = { 558b7072568d6c49028bd9df50035a06 } | |
| $a_23 = { 558b147a5e51c12b885fc1ab41401725 } | |
| $a_24 = { 558b156b0c48d13f890c8ca94d0a1cc2 } | |
| $a_25 = { 558bcba8f977db378b10b0184786e933 } | |
| $a_26 = { 558b17640450d12f525017661009cdcb } | |
| $a_27 = { 558b17640450d12f525017661003cdcb } | |
| $a_28 = { 558b8b9420f685e0d304e8635766ffc0 } | |
| $a_29 = { 558bcb05f8c0005c0945360603934a00 } | |
| $a_30 = { 558b176904c1c9d383f89ba0e18d9f6e } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32LammerLight_69e2f695b830a55c022a84ce59756a011e872743d1a8eb2fc044c4ae2e393394 { | |
| strings: | |
| $a_2 = { 558bd9662d044985c06a049f6872b403 } | |
| $a_3 = { 558b2631878442f3a0e9927047c0876a } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32Legendmir_1c60b23f33e0e559353fc38b6895a8dddcecce26ae4f9335a3d40f067b00d0ff { | |
| strings: | |
| $a_2 = { 558ba3684b548382f6d55de545cc9f7b } | |
| $a_3 = { 558bef183edfe9cad7008890e96f796f } | |
| $a_4 = { 558b04f2d9b921540cc75862d04bc949 } | |
| $a_5 = { 558bdb13dd7cfbe78c3c5542562ffad3 } | |
| $a_6 = { 558b938fdb7fe754c669f2190a674046 } | |
| $a_7 = { 558b545b9ab724325b4f8132e5ac6be9 } | |
| $a_8 = { 558b8a38f6c7717b65d97255ba44aee4 } | |
| $a_9 = { 558bf5c31978ff6df6c417ca5337ba5d } | |
| $a_10 = { 558b9f385bb74322edcd762189c31af8 } | |
| $a_11 = { 558b7755a19b6657d903061838fa7334 } | |
| $a_12 = { 558b98cba755bd6d90d9ae44825938fe } | |
| $a_13 = { 558b2c11baaaac32f3dfdec369efd6a4 } | |
| $a_14 = { 558b6d61d5852fbb4823491ea2a0e36d } | |
| $a_15 = { 558bba7beb4b7b35f9a5a49d59596627 } | |
| $a_16 = { 558b2df1f2c0f1d02053ded4fd7e071e } | |
| $a_17 = { 558b9e1df901470057b0698bae0d1b00 } | |
| $a_18 = { 558b06872390ec1c5235170eaf54e454 } | |
| $a_19 = { 558bc2839dd02b73dce642d56d87733b } | |
| $a_20 = { 558b42affe332b7be988af66c683cc63 } | |
| $a_21 = { 558bf429c0f1d8c8821bb82dd3cdab7e } | |
| $a_22 = { 558b482dd28abb8d9f014ecf48133801 } | |
| $a_23 = { 558b02e3be063e0348b861345e5c8995 } | |
| $a_24 = { 558b1641355d6e81d3e86383e2935b66 } | |
| $a_25 = { 558bbf70df00cefe2e62f863ecdb1511 } | |
| $a_26 = { 558bc6e5238316323370efa4800b4c28 } | |
| $a_27 = { 558b27a2678eb0624a1cccdcea9f6044 } | |
| $a_28 = { 558b9a61e7710a544f023ab5e658e1ed } | |
| $a_29 = { 558b0f2ca22aadab34bc04a1139d94fa } | |
| $a_30 = { 558b0ba6f4a7eb2ae2279486f8fb3f7e } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Lexfir_9ecbec2a18b90639e9b262f0c10af5d860b8f5ea6ac37ff9832531bc7ca4728d { | |
| strings: | |
| $a_2 = { 558bec81ec2c0a0000a120d0001033c5 } | |
| $a_3 = { 558bec83ec60a120d0001033c58945fc } | |
| $a_4 = { 558bec81ec38010000a120d0001033c5 } | |
| $a_5 = { 558bec568bf18b4608c70640a3001085 } | |
| $a_6 = { 558bec5153568bf18a1603c68945fc8b } | |
| $a_7 = { 558bec5185c07506ff1568a100106a00 } | |
| $a_8 = { 558bec83ec20566a018d45e050ff1560 } | |
| $a_9 = { 558bec5153568b75108bc6c1e8048d44 } | |
| $a_10 = { 558bec81ecb0000000a120d0001033c5 } | |
| $a_11 = { 558bec81ec8c080000a120d0001033c5 } | |
| $a_12 = { 558bec8b4508568bb198000000575689 } | |
| $a_13 = { 558bec8b899c0000008b015dff602855 } | |
| $a_14 = { 558becff1514a00010ff750cff7508ff } | |
| $a_15 = { 558bec566800010000ff75088bf08d47 } | |
| $a_16 = { 558becff7508ff1554a20010595dc204 } | |
| $a_17 = { 558bec8b4508a3942601105dc2040055 } | |
| $a_18 = { 558bec566830040000ff1538a200108b } | |
| $a_19 = { 558bec5151565733f65633ff47576a02 } | |
| $a_20 = { 558bec518d430457508945fcff1564a1 } | |
| $a_21 = { 558bec83ec14568b3524a000108d45f8 } | |
| $a_22 = { 558bec5185f67438803e00743356ff15 } | |
| $a_23 = { 558bec83e4f86aff688699001064a100 } | |
| $a_24 = { 558bec83e4f86aff685099001064a100 } | |
| $a_25 = { 558bec83ec20a120d0001033c58945fc } | |
| $a_26 = { 558bec83e4f883ec24a120d0001033c4 } | |
| $a_27 = { 558bec8379040556ff7508750e837908 } | |
| $a_28 = { 558bec51e8f2fcffff85c0750432c0c9 } | |
| $a_29 = { 558bec535657556a006a0068f8930010 } | |
| $a_30 = { 558bec8b450853565785c00f84920000 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Lineage_622e2837dd21e2893449f7c5223f967f6540273c0bb4fddd9cab7d37916b60ec { | |
| strings: | |
| $a_2 = { 558bec8b4508a3e00145005dc38bff55 } | |
| $a_3 = { 558bbe5f83ab15f65f10b09899d9de8e } | |
| $a_4 = { 558bec5de953dcffff8bff558bec5153 } | |
| $a_5 = { 558bba5f49a73cf7752d04654c0f28f9 } | |
| $a_6 = { 558b52c29b77ef85cda20b1008eb7aee } | |
| $a_7 = { 558b33d9798175cc9527f17028e69a79 } | |
| $a_8 = { 558bcc217de05d1709e06495e7b02542 } | |
| $a_9 = { 558bec515156578b3d98a042008bf183 } | |
| $a_10 = { 558bec83ec0ca19802430033c58945fc } | |
| $a_11 = { 558bec8b4508a3acf944005dc38bff55 } | |
| $a_12 = { 558b4810328ea640acfe3d0f04d96058 } | |
| $a_13 = { 558becb800100000e84b910000538b5d } | |
| $a_14 = { 558b655f097db59c45999223e173e5ec } | |
| $a_15 = { 558bb93b222ce1add047be2e5139feba } | |
| $a_16 = { 558bec8b4508a3a4f944005dc38bff55 } | |
| $a_17 = { 558becb800140000e8bbcc0000807d14 } | |
| $a_18 = { 558bec83ec14a1081445008b4d086bc0 } | |
| $a_19 = { 558b28a8830cba686eecd0c17f731ba1 } | |
| $a_20 = { 558bec81ec1c050000a19802430033c5 } | |
| $a_21 = { 558bc1f33850ab869dfc9866cb6c90d8 } | |
| $a_22 = { 558becb800200000e87f4301008b4508 } | |
| $a_23 = { 558becb8e41a0000e8a665ffffa19802 } | |
| $a_24 = { 558b22630009a0600c9fc39efe2ebbc6 } | |
| $a_25 = { 558bec8b4508ff34c518044300ff15fc } | |
| $a_26 = { 558becb850120000e828160100837d08 } | |
| $a_27 = { 558b12eaf252a1cdc02c7101040e79ee } | |
| $a_28 = { 558be50180bbf1945ce9114745d5c777 } | |
| $a_29 = { 558b379376f22bfe9a29c7a5feaf043d } | |
| $a_30 = { 558bec6afe6810da42006870fa410064 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Lmir_2b2f8f7a6744525836e907937bb4e417b8688c1e7b8be501101e2badd876dc91 { | |
| strings: | |
| $a_2 = { 558bec81ec08000000e83900000085c0 } | |
| $a_3 = { 558bcfe8186103008b4e50b8fdffffff } | |
| $a_4 = { 558bec5756538b750c8b7d088d058455 } | |
| $a_5 = { 558b6c240c56576aff8b45008bb59c01 } | |
| $a_6 = { 558b6c247456578b45008b5d088b7504 } | |
| $a_7 = { 558bcee821d7ffff3b4424407f0b478b } | |
| $a_8 = { 558bec6aff68d85e3710687458071064 } | |
| $a_9 = { 558bec83ec6053568bf1578975f8e853 } | |
| $a_10 = { 558b04ba50e86427000083c408473bfb } | |
| $a_11 = { 558bec6aff68306d081064a100000000 } | |
| $a_12 = { 558bec81ec48000000c745fc00000000 } | |
| $a_13 = { 558bec6aff68205f3710687458071064 } | |
| $a_14 = { 558bcee851c2ffff8be88b442418473b } | |
| $a_15 = { 558bcee88657ffff8b4e108b87a00200 } | |
| $a_16 = { 558bec5657ff750cff7508ff1538b508 } | |
| $a_17 = { 558bec5153568bf1578b4e688d86d800 } | |
| $a_18 = { 558bec81ec24000000c745fc00000000 } | |
| $a_19 = { 558bec5151568bf1578b3d0cb108108b } | |
| $a_20 = { 558bec81ec5c000000c745fc00000000 } | |
| $a_21 = { 558bec5151dd4508dc1d203f3710dd45 } | |
| $a_22 = { 558bcbe807ffffff5e5d5bc204008b4b } | |
| $a_23 = { 558bac24940100008b88c80100005657 } | |
| $a_24 = { 558bec83ec10dd4508dc1d303f3710df } | |
| $a_25 = { 558b6c240c56578b7c241c8b450481ff } | |
| $a_26 = { 558bc8ff929000000085c075953b7424 } | |
| $a_27 = { 558bec6aff68d091081064a100000000 } | |
| $a_28 = { 558bec81ec440000006808000000e82d } | |
| $a_29 = { 558bcfe88a55feff85c08d6e68740a50 } | |
| $a_30 = { 558bec5633f639357c583a10750fff75 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Lolyda_ed59b94e725ca55332ea28962975c29299ea427648b4bab4f35aea34d116b6da { | |
| strings: | |
| $a_2 = { 558bec83ec145356be448000105668ac } | |
| $a_3 = { 558bec83ec0c5657be7c8800108d7df4 } | |
| $a_4 = { 558bec83ec10566a006a016a02ff15b8 } | |
| $a_5 = { 558bec83ec1056e8600800008b75088b } | |
| $a_6 = { 558bec5151508b45288945f88b451489 } | |
| $a_7 = { 558bec83ec288365fc00565733f68d7d } | |
| $a_8 = { 558bec515153568d45fc57508d45f833 } | |
| $a_9 = { 558bec5156578b7d0c8bf157e8080500 } | |
| $a_10 = { 558bec5151538b5d0c565333f6e8450f } | |
| $a_11 = { 558bec83ec10ff7508ff15cc61001085 } | |
| $a_12 = { 558bec53568b75085785f674518b550c } | |
| $a_13 = { 558bec83ec24535657ff157861001050 } | |
| $a_14 = { 558bec51515356578bf98b0db8890010 } | |
| $a_15 = { 558bec8b45148b5508f7d00b450c566a } | |
| $a_16 = { 558bec51508b450c8945fc588b45fc05 } | |
| $a_17 = { 558bec8b450c8b4d0c234d108b5508f7 } | |
| $a_18 = { 558bec51515356578bf96a20e8393a00 } | |
| $a_19 = { 558bec81ec800400008065cc00535657 } | |
| $a_20 = { 558bec518365fc00568bf1e8e4feffff } | |
| $a_21 = { 558bec51508b45288945fc58ff75fce8 } | |
| $a_22 = { 558bec8b4508535733ff397d108b088b } | |
| $a_23 = { 558bec5356578bd96a20e8b03900008b } | |
| $a_24 = { 558becb8f8310000e86e260000535657 } | |
| $a_25 = { 558bec81ec40010000535633f66a408d } | |
| $a_26 = { 558bec83ec3053566a198bf16a40ff15 } | |
| $a_27 = { 558bec8b45148b4d0c234d148b5508f7 } | |
| $a_28 = { 558bec81ec1004000080a5f0fbffff00 } | |
| $a_29 = { 558bec515657ff7508e8d01000004050 } | |
| $a_30 = { 558bec83ec0c538bd9e8be00000084c0 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32M2_a8f6e7b02acd762ce829b1468f9dbdbecf336fd5c7622a8d961766aad2749132 { | |
| strings: | |
| $a_2 = { 558bac244a5657668b45028d75088bc8 } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32Magania_03c587da86b6363552d9a9ffe81f5734462391a75f16f083009cddb3e2459c86 { | |
| strings: | |
| $a_2 = { 558bec535756558b450874037501e9c1 } | |
| $a_3 = { 558bec60750a74088b450c750a7408e8 } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32Magovel_13b62c6da67cd11e675b1af2bc9d0aaeeccf85204386a41d7eef3cca7ec04d05 { | |
| strings: | |
| $a_2 = { 558bec51518b550856578b422885c074 } | |
| $a_3 = { 558b93fcab5a81eba3b63e98613f9618 } | |
| $a_4 = { 558b89dc113e4f2bf63cd977eda883cc } | |
| $a_5 = { 558b82668cede0bba24b903a8e5c004e } | |
| $a_6 = { 558b505668df8b0c2f83ed3b2f252a04 } | |
| $a_7 = { 558be8ba18dd9756fc09dd5fe1a3695c } | |
| $a_8 = { 558bec515153568bf18065ff00578b46 } | |
| $a_9 = { 558b63bdd8dc6609da2ca3360feec06e } | |
| $a_10 = { 558b6ccf5653aa79850ce06bcf631e47 } | |
| $a_11 = { 558b2c5fdb4e4fe6d86050955fc65679 } | |
| $a_12 = { 558b78aa27f1d46ce2a95ac4536b89a7 } | |
| $a_13 = { 558b446ab274df289dfc997c5f6a36ff } | |
| $a_14 = { 558bf82b67e86d84a7b25c44b60adf55 } | |
| $a_15 = { 558b8a535fb2b2f7ab257f6587ea0434 } | |
| $a_16 = { 558b81bbf7695754bc70df3eedda939f } | |
| $a_17 = { 558be8a884093b0928be481b46c4c810 } | |
| $a_18 = { 558bbac38ad99baefacba1d099b612a9 } | |
| $a_19 = { 558b1c2275104f8007e24e44ccc91841 } | |
| $a_20 = { 558b8b3ef4ab5d0c65e41dea8bd713cd } | |
| $a_21 = { 558b006556db8ed31feef100f0bd3a7f } | |
| $a_22 = { 558bf17067404f33ff8358e5d15b1677 } | |
| $a_23 = { 558beae6ecc963edc8ca056026d00518 } | |
| $a_24 = { 558ba8fde5487ab0d5afa50eefa4dab0 } | |
| $a_25 = { 558bbebbb4ae65cadc1c2ceed35623c2 } | |
| $a_26 = { 558b073c56d570404a247002eedc42e9 } | |
| $a_27 = { 558b85719aff093c870e415ef52ec2ff } | |
| $a_28 = { 558b1b9d80e2197b9eb36e3db6f9b388 } | |
| $a_29 = { 558bd5b431450c2a85bb42e91cfb12eb } | |
| $a_30 = { 558bc57d6b0064296e2310f08a139d4c } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Maha_a5e91d4ce12c2c8ff1a1424bfe0ea595d287160bfbd156c3e4ab88c8a73ae4a4 { | |
| strings: | |
| $a_2 = { 558bec515356578b7d0883c7ec57a194 } | |
| $a_3 = { 558bec33c05568715e400064ff306489 } | |
| $a_4 = { 558bec6a006a0053568bd833c055689e } | |
| $a_5 = { 558bec6a005633c0556897ce400064ff } | |
| $a_6 = { 558bec515356578bd833c0a3b0c54000 } | |
| $a_7 = { 558bec6a006a005333c05568609b4000 } | |
| $a_8 = { 558bec33c05568e963400064ff306489 } | |
| $a_9 = { 558bec33c05568b163400064ff306489 } | |
| $a_10 = { 558bec83c4f85356578bd8803dacc540 } | |
| $a_11 = { 558bce2bcb418bd38bc7e8c449ffff5d } | |
| $a_12 = { 558b5424146a0050681a38400052ff15 } | |
| $a_13 = { 558b45d88b400833d2e89df0ffff5955 } | |
| $a_14 = { 558bec33c055680274400064ff306489 } | |
| $a_15 = { 558bec515356578bf28bd8803dbc3541 } | |
| $a_16 = { 558bec83c4f053568955fc8bf033c089 } | |
| $a_17 = { 558bec33c055680b09410064ff306489 } | |
| $a_18 = { 558b451c0fb717c1e20203c203c38b00 } | |
| $a_19 = { 558bec81c4bcfeffff5356578945fc8b } | |
| $a_20 = { 558bf0bf10364100bd143641008b1d08 } | |
| $a_21 = { 558bec81c4a4feffff33c08985a4feff } | |
| $a_22 = { 558bec83c4f05356578bda33c08945fc } | |
| $a_23 = { 558bec33c05568c169400064ff306489 } | |
| $a_24 = { 558bec33c0556871e9400064ff306489 } | |
| $a_25 = { 558bec83c4d45756538945fca0db3641 } | |
| $a_26 = { 558bec33c0556885e7400064ff306489 } | |
| $a_27 = { 558bec33c055683a41400064ff306489 } | |
| $a_28 = { 558bec6a00535633c05568edcd400064 } | |
| $a_29 = { 558bec515356578bd98bf28945fc8b7d } | |
| $a_30 = { 558bea8bf88bc7e89d47ffff8bf0bb01 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Makuha_a806871c0f0be346f216ab9e09b9e4a8f96bf08d2db17d063545be02b7ea41cc { | |
| strings: | |
| $a_2 = { 558bec6aff6878b10010681450001064 } | |
| $a_3 = { 558bec83ec485356576880040000e854 } | |
| $a_4 = { 558bec83ec0853565790909090909090 } | |
| $a_5 = { 558bec6aff6888b10010681450001064 } | |
| $a_6 = { 558bec5756538b750c8b7d088d05040f } | |
| $a_7 = { 558bec51833d0c0f011000535657751d } | |
| $a_8 = { 558b2df8b000107e44a1082401105657 } | |
| $a_9 = { 558bec81eca40100008b550833c9b850 } | |
| $a_10 = { 558bec6aff6890b50010681450001064 } | |
| $a_11 = { 558bac24c00300005657b9a500000033 } | |
| $a_12 = { 558bec83ec14a1042401108b15082401 } | |
| $a_13 = { 558bec83ec185356576a19e8e8c8ffff } | |
| $a_14 = { 558bec83ec0c53bb90fe001033c983eb } | |
| $a_15 = { 558bec83ec18dd0558b20010dd5df8dd } | |
| $a_16 = { 558bec56909090908b750c8b45088a16 } | |
| $a_17 = { 558bec6aff68a8b10010681450001064 } | |
| $a_18 = { 558bec8b4508ff348518f30010ff1530 } | |
| $a_19 = { 558bec6aff68b8b10010681450001064 } | |
| $a_20 = { 558b6c240c568d44241857506a405355 } | |
| $a_21 = { 558bec51515333db391de82301105657 } | |
| $a_22 = { 558b2dacb00010565733db33f633ff3b } | |
| $a_23 = { 558bec5356be7c1001105756ff15a0b0 } | |
| $a_24 = { 558bc88b2d74b0001068e8f100108b11 } | |
| $a_25 = { 558bec535657556a006a0068344f0010 } | |
| $a_26 = { 558bec6aff6898b10010681450001064 } | |
| $a_27 = { 558bec368b4d0cff25bc0a0110cccc83 } | |
| $a_28 = { 558bec6aff68c8b10010681450001064 } | |
| $a_29 = { 558bec8b450856833c8518f30010008d } | |
| $a_30 = { 558bec8b450c48751f90908b45086a00 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Mapdimp_66ecde82c84f5c90f5a6a25e069129dc0016648b2b59779fbe92271a679e1475 { | |
| strings: | |
| $a_2 = { 558bec5151535657909090908bff8bff } | |
| $a_3 = { 558becb814200000e84b030000535657 } | |
| $a_4 = { 558bec6aff681841002068f035002064 } | |
| $a_5 = { 558bec535657909090908bff8bff8b7d } | |
| $a_6 = { 558bec57909090908bff8bff8b550833 } | |
| $a_7 = { 558bec81ec140100008365fc008d85ec } | |
| $a_8 = { 558bec81ec3002000053565790909090 } | |
| $a_9 = { 558bec81ec5401000053565790909090 } | |
| $a_10 = { 558bec81ec180100008365f8008d85e8 } | |
| $a_11 = { 558bec57909090908bff8bff8b7d1033 } | |
| $a_12 = { 558bec81ec900800005657909090908b } | |
| $a_13 = { 558bec83ec20535657909090908bff8b } | |
| $a_14 = { 558bec81ec1c02000057909090908bff } | |
| $a_15 = { 558bec81ec7003000053565790909090 } | |
| $a_16 = { 558bec81ecc000000053565790909090 } | |
| $a_17 = { 558bec51535657909090908bff8bff33 } | |
| $a_18 = { 558bec81ec6402000056578365f00083 } | |
| $a_19 = { 558bec57909090908bff8bff817d08a2 } | |
| $a_20 = { 558bec83ec2c53565733ff8b450c5757 } | |
| $a_21 = { 558bec83ec1053568d45f057834df0ff } | |
| $a_22 = { 558bec6aff682841002068f035002064 } | |
| $a_23 = { 558bec81ec980000005357ff750cff75 } | |
| $a_24 = { 558bec83ec2c535657909090908bff8b } | |
| $a_25 = { 558b680393ed2f2ecc4b37eb53bd0e21 } | |
| $a_26 = { 558bec57909090908bff8bff33c05050 } | |
| $a_27 = { 558bec57909090908bff8bffff7508ff } | |
| $a_28 = { 558bec81ec0401000053565790909090 } | |
| $a_29 = { 558bec83ec14535657909090908bff8b } | |
| $a_30 = { 558bec51515657909090908bff8bff33 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Maran_c3aee7f58d2012193a1efdbe181bff2e19261d3dc1fd5850f013292944e7b117 { | |
| strings: | |
| $a_2 = { 558bece8a8fdffff84c05dc210008bc0 } | |
| $a_3 = { 558bec515356578bd833c0a3b0654000 } | |
| $a_4 = { 558bec33d255684618400064ff326489 } | |
| $a_5 = { 558bec83c4f85356578bd8803dac6540 } | |
| $a_6 = { 558bec33c05568f53b400064ff306489 } | |
| $a_7 = { 558bec83c4f40fb705145040008945f8 } | |
| $a_8 = { 558bec53803dac654000000f84cc0000 } | |
| $a_9 = { 558bec83c4f85356578945fca1285040 } | |
| $a_10 = { 558bec515356578bf28bd8803dac6540 } | |
| $a_11 = { 558bf0bf00664000bd046640008b1df8 } | |
| $a_12 = { 558bec33c05568793f400064ff306489 } | |
| $a_13 = { 558becff7508e8e9feffff5dc2040090 } | |
| $a_14 = { 558bec518945fc33d25568a438400064 } | |
| $a_15 = { 558bec6a01e88afcffff6a01e883fcff } | |
| $a_16 = { 558bec8b450848740783e8037409eb17 } | |
| $a_17 = { 558bec535657bf206640008b470885c0 } | |
| $a_18 = { 558bec33c05568b239400064ff306489 } | |
| $a_19 = { 558bec33c055689d41400064ff306489 } | |
| $a_20 = { 558bec33c05568bd3b400064ff306489 } | |
| $a_21 = { 558bec33c05568c53c400064ff306489 } | |
| $a_22 = { 558bec83c4f0b8a8414000e84cf9ffff } | |
| $a_23 = { 558bec81c470feffff53bba866400068 } | |
| $a_24 = { 558bec81c4a0fcffff53565733c08945 } | |
| $a_25 = { 558bec33c055680d3d400064ff306489 } | |
| $a_26 = { 558bec33c05568753c400064ff306489 } | |
| $a_27 = { 558bec535657a12866400085c0744b8b } | |
| $a_28 = { 558bec33c05568453d400064ff306489 } | |
| condition: | |
| 22 of them | |
| } | |
| rule PWSWin32Mesgra_af4b9d8422d3c425258d4b59f3e69901bf6ce125e1b9836313af065aab14b1ae { | |
| strings: | |
| $a_2 = { 558b9cd42a780be849429b4ee10b7f87 } | |
| $a_3 = { 558bec51833dc88a400000535657751d } | |
| $a_4 = { 558bec6aff680863400068a44c400064 } | |
| $a_5 = { 558b2d94604000565733db33f633ff3b } | |
| $a_6 = { 558bec535657556a006a0068c44b4000 } | |
| $a_7 = { 558bec83ec14a1488e40008b154c8e40 } | |
| $a_8 = { 558bec81ec280300008365fc0080a5dc } | |
| $a_9 = { 558bec6aff684866400068a44c400064 } | |
| $a_10 = { 558bec51515333db391d288e40005657 } | |
| $a_11 = { 558bc2b68c81dc909734c086bc44d6e0 } | |
| $a_12 = { 558bec6aff686066400068a44c400064 } | |
| condition: | |
| 10 of them | |
| } | |
| rule PWSWin32Mifeng_4a1a7ad0f648010254f300cecc0ff9e40d10652a497b5dfecefc6e2b0edb7327 { | |
| strings: | |
| $a_2 = { 558bdc661f07696c516d37712ddbf6c2 } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32MMTask_fc84127ca8355face3d9a2ece4d1472e6a9844df50a952bcd92e6330491ad2a4 { | |
| strings: | |
| $a_2 = { 558bec83ec248b450c8945f48b4d0c2b } | |
| $a_3 = { 558bec83ec0cc745f800000000833dd4 } | |
| $a_4 = { 558bec83ec185356578b45088945f88b } | |
| $a_5 = { 558beca1706a42000345085dc2040055 } | |
| $a_6 = { 558bec5356578b450483e81fa3706a42 } | |
| $a_7 = { 558bec833d3c6a420002740c813d3c6a } | |
| $a_8 = { 558bec83ec10535657e88f010000a170 } | |
| $a_9 = { 558bec83ec10a1706a42002b056c6a42 } | |
| $a_10 = { 558bec83ec108b45088b0d706a420003 } | |
| $a_11 = { 558bec5168106a42008b450c508b4d08 } | |
| condition: | |
| 9 of them | |
| } | |
| rule PWSWin32Mofksys_3398f1ca4e9d4c28fa25d6303c558636fe56f29d4b462b53ea4dc006296f3a3d { | |
| strings: | |
| $a_2 = { 558b9578ffffff66833a0175498b8568 } | |
| $a_3 = { 558bec83ec0c68b632400064a1000000 } | |
| $a_4 = { 558b9570ffffff66833a0175498b8568 } | |
| $a_5 = { 558bec83ec0868b632400064a1000000 } | |
| $a_6 = { 558b2df01040005657be010000000fbf } | |
| $a_7 = { 558b9574ffffff66833a0175498b8568 } | |
| $a_8 = { 558b2df0104000570fbf7c241081ff02 } | |
| $a_9 = { 558b6c240c8b5020568b35a410400057 } | |
| $a_10 = { 558bec83ec1868b632400064a1000000 } | |
| $a_11 = { 558b2df01040005657be011000000fbf } | |
| $a_12 = { 558bec83ec1468b632400064a1000000 } | |
| condition: | |
| 10 of them | |
| } | |
| rule PWSWin32Mujormel_902dbf66f50cdc72cde8003e329ade426f67b05e3a278c2f53bb280bbefd52ed { | |
| strings: | |
| $a_2 = { 558bec6a006a005333c055682a765200 } | |
| $a_3 = { 558bec5153568bd98bf28945fc536a00 } | |
| $a_4 = { 558bec6a006a0033c055687cfa5a0064 } | |
| $a_5 = { 558bec33c055687df4540064ff306489 } | |
| $a_6 = { 558bec515356578bf28bd8833d34ef5b } | |
| $a_7 = { 558bd833ed6a028bc3e82ff2fbff50e8 } | |
| $a_8 = { 558bec53565784d2740883c4f0e8d60a } | |
| $a_9 = { 558bec33c0556869af490064ff306489 } | |
| $a_10 = { 558bec33c9515151515333c055682d7d } | |
| $a_11 = { 558becff750cff7508e83607f3ff5dc2 } | |
| $a_12 = { 558bec83c4e05657832d9cf25b000173 } | |
| $a_13 = { 558bec84d2740883c4f0e8f97cfcff89 } | |
| $a_14 = { 558b15f45f51008b45d0e84eeaffff59 } | |
| $a_15 = { 558bd78b86dc010000e83e35fcffe885 } | |
| $a_16 = { 558bec535657a1ecca5b0085c074538b } | |
| $a_17 = { 558bec6a005333c05568a719500064ff } | |
| $a_18 = { 558bec51538955fc8bd88b45fce88263 } | |
| $a_19 = { 558bec0fb64d0c8b45088b5510e856a7 } | |
| $a_20 = { 558bec6a00538bd833c0556878d44c00 } | |
| $a_21 = { 558bec51538945fc8b45fce8c4dfffff } | |
| $a_22 = { 558bec83c4f8e8e984f4ff8855fb8945 } | |
| $a_23 = { 558bec33c0556860b0550064ff306489 } | |
| $a_24 = { 558bec5356578bf98bf28bd868e8d94f } | |
| $a_25 = { 558bec51535684d2740883c4f0e80a00 } | |
| $a_26 = { 558bec33c05568a87f4f0064ff306489 } | |
| $a_27 = { 558bec515356578945fc8b45fcc68059 } | |
| $a_28 = { 558bc7e8cecdffff50e854eefaff83c4 } | |
| $a_29 = { 558bec6a00538bd833c05568f6b55100 } | |
| $a_30 = { 558bec538b5d0853515250e808faffff } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Nabrek_95968d95033c093b0dd37bde5783ebb3af514d700a316176ed97a4568c55f166 { | |
| strings: | |
| $a_2 = { 558b28c1f5e04286d2b2e520c4576756 } | |
| $a_3 = { 558b98a89a24b68baa562ff0ea7f7d52 } | |
| $a_4 = { 558b1ba921adc66c93a2da420f73f5b2 } | |
| $a_5 = { 558bae922aafd9236666a2d182e008d0 } | |
| $a_6 = { 558b150afc73c6e6642f695486f70025 } | |
| $a_7 = { 558bec83ec3033c0408b7d108945ec89 } | |
| $a_8 = { 558b856d6e4e046df89aad790564b224 } | |
| $a_9 = { 558b1abc5c5451a76b5d46ebd284c8ce } | |
| $a_10 = { 558bab78f9025c3ae961ee9e697b6e83 } | |
| condition: | |
| 8 of them | |
| } | |
| rule PWSWin32Novel_b67fd5513a7e2fa9e76292310b5cbdb4e01c7f3bcea4aee8cfa416578f705293 { | |
| strings: | |
| $a_2 = { 558becc47e0ae8dcff751b1e52c55606 } | |
| $a_3 = { 558becc47e0826817d02b0d7741a2681 } | |
| $a_4 = { 558becc47e0626817d02b1d774182681 } | |
| $a_5 = { 558bec892628248c162a2481ecfe008e } | |
| $a_6 = { 558bec83ec501ec5760c8d7eb01607fc } | |
| $a_7 = { 558becc45e0cb858068b4e068b7e088b } | |
| $a_8 = { 558beca138008ec0268b1602002bd08a } | |
| $a_9 = { 558bec8a460ab435cd218cc0c47e06fc } | |
| $a_10 = { 558becc45e06b80200be50008cdae858 } | |
| $a_11 = { 5589e581ec0001b8a2018ed89cff1e52 } | |
| $a_12 = { 558becc45e0626837f1a00740a833e3c } | |
| $a_13 = { 558bec8b56060bd27405e84900eb30b4 } | |
| $a_14 = { 558becc47e06268b45023db1d774123d } | |
| $a_15 = { 558becc47e12fcab8bc3ab8bc1ab8bc2 } | |
| $a_16 = { 558bec83ec201efcc576068d7ee01607 } | |
| $a_17 = { 5589e5b800019acd02c40081ec0001c6 } | |
| $a_18 = { 558becc45e08268a0732e4c45e0c8b56 } | |
| $a_19 = { 558bec81ec0002837e06007e5c837e08 } | |
| $a_20 = { 558becc47e0ae84aff75218b460826f7 } | |
| $a_21 = { 5589e5b800039acd02c40081ec00038c } | |
| $a_22 = { 558becc47e10e8a6ff753f8b460a0bc0 } | |
| $a_23 = { 558becc45e06b8bb0533d2e8eefe750a } | |
| $a_24 = { 558bec1ec556068a460ab425cd211f5d } | |
| $a_25 = { 558becc45e06b8c20633d2e8ddfd8ac1 } | |
| $a_26 = { 5589e5b8ff009a1601c4005dc35589e5 } | |
| $a_27 = { 558bec1ec5760afcac0ac0742c8ad032 } | |
| $a_28 = { 558becc47e06268b55044a4a268b7508 } | |
| $a_29 = { 558bf18bfb33db8bca8bd033c0bd1000 } | |
| $a_30 = { 558bec1ec55606b41acd211fb44fcd21 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32OnLineGames_6785190c8c5fbd9c153a68bbe37d746f5aca3b0b8677fcbc3b7c9f7742e5061c { | |
| strings: | |
| $a_2 = { 558bec81ec1c020b80a5e4fdffdd7ff7 } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32Pesut_c21dad2af378b2fb203ed193bad0f338d792bdae59971cda37c93092e7cddc8f { | |
| strings: | |
| $a_2 = { 558b125a8bf3441582554c4c308bff55 } | |
| $a_3 = { 558bf33793c06ef3303745840095b3bc } | |
| $a_4 = { 558bf3183749645f9ed28f529e3a11b3 } | |
| $a_5 = { 558bf8c8648fc745892044118985c041 } | |
| $a_6 = { 558bc855528b199064775a6ebc36c779 } | |
| $a_7 = { 558b020f18205fc7954119d2c7bf6493 } | |
| $a_8 = { 558b843736492489363c8412b3934441 } | |
| $a_9 = { 558b938de855855f4ac09055d28d4484 } | |
| $a_10 = { 558bf311113c777b3a44d21920007b8d } | |
| $a_11 = { 558b3abd18559341777b57c785418955 } | |
| $a_12 = { 558b1a82029e558df8559333bf155793 } | |
| $a_13 = { 558b4a520f24f38d0f20558f1282f319 } | |
| $a_14 = { 558b5f0f1919448f37364545558bbd41 } | |
| $a_15 = { 558b57412d74beffcf1236418b7bbd95 } | |
| $a_16 = { 558bb320958484d28d11bcb32001b384 } | |
| $a_17 = { 558b6e89001a773af8797402a49e128b } | |
| $a_18 = { 558b3a640f5a8dbd4a5233c818f3c044 } | |
| $a_19 = { 558b02835abd821236930f5f3033835a } | |
| $a_20 = { 558b3a89301845150149124a2d025a90 } | |
| $a_21 = { 558b1af8f3645f2d1ac06e57f89e30cf } | |
| $a_22 = { 558bec51830504004300748d4dfc51b8 } | |
| $a_23 = { 558bbf2dcf01524ab377200f33f86485 } | |
| $a_24 = { 558bb337128b48150fe8838b8b77ffe8 } | |
| $a_25 = { 558b45360f7b307b4cb3a45530029511 } | |
| $a_26 = { 558b52c895012d8479a4845fb301bc93 } | |
| $a_27 = { 558b748530c7bf18c701498f20441a84 } | |
| $a_28 = { 558b831512c0e8368485e8bfcf931255 } | |
| $a_29 = { 558b158bc03a1289242d30d20f9e0018 } | |
| $a_30 = { 558ba412f385b35ff3d255026420f364 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Phorex_3f3abb82912d37bdaf0a7d82f1399392839c2157ebabd661e984612eeee4d538 { | |
| strings: | |
| $a_2 = { 558b2d0cb04000ffd556566a03566a03 } | |
| $a_3 = { 558bec83ec54576a418d45ac506848d0 } | |
| $a_4 = { 558bec538b5d1c568b7518578b7d0c83 } | |
| $a_5 = { 558bec81ec04020000566850d240008d } | |
| $a_6 = { 558bec81ec180400005333db8d45ec50 } | |
| $a_7 = { 558b2d0cb04000ffd56a00576a046a00 } | |
| $a_8 = { 558bec81ecdc0500008365f4008365e4 } | |
| $a_9 = { 558bec515153568b75088a065733ff33 } | |
| $a_10 = { 558bec83ec4456576a418d45bc506848 } | |
| $a_11 = { 558bec83ec1ca100d2440053568b7508 } | |
| $a_12 = { 558bec81ec400200008d85c0feffff50 } | |
| $a_13 = { 558bec81ec380700005356578d85c8f8 } | |
| $a_14 = { 558bec81ec0c010000b8000100003945 } | |
| $a_15 = { 558becb814680000e86d3d00008d85ec } | |
| $a_16 = { 558bec81ec18050000a100d244008945 } | |
| $a_17 = { 558bec81ec000200005356578b7d1033 } | |
| $a_18 = { 558bec515153565733ff393dace44400 } | |
| $a_19 = { 558bec81ec000100005356576a0d8d85 } | |
| $a_20 = { 558bec81ec08020000536850d240008d } | |
| $a_21 = { 558b6c2410568bf58a108aca3a16751a } | |
| $a_22 = { 558bec8b4d088b551053568b750c576a } | |
| $a_23 = { 558bec81ec800200005333db381d0cdf } | |
| $a_24 = { 558bec83ec14568b3500b040006860b3 } | |
| $a_25 = { 558bec83ec208d45e050ff1598b04000 } | |
| $a_26 = { 558bec83ec148b4d08a164e344008b15 } | |
| $a_27 = { 558bec83ec10a100d2440085c074073d } | |
| $a_28 = { 558bec81ec040800008b450c83380056 } | |
| $a_29 = { 558bec83ec305356578d45f8508d45e4 } | |
| $a_30 = { 558bec83ec105333db391dc4e0440056 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Pobreme_84bd63503c94617da220162fa35140ab5b8c699f429e4d83d06ead2294b60d58 { | |
| strings: | |
| $a_2 = { 558b969c2b6c50c7054bc402e99093f2 } | |
| $a_3 = { 558b6da5718cab5f8600697e921cd045 } | |
| $a_4 = { 558b192c711a352aa31127c828d3fcba } | |
| $a_5 = { 558b127569884e814174642db4a863ea } | |
| $a_6 = { 558b8287728d5bef1808ad4ff31fd908 } | |
| $a_7 = { 558b48a8bb15b9f34b829893694009e6 } | |
| $a_8 = { 558b98c8c3b3dc5fe5f94714bdf472ee } | |
| $a_9 = { 558b17e30cef74c1c46345ee740762a0 } | |
| $a_10 = { 558b716ac893cab705eca08d5c38bb3a } | |
| $a_11 = { 558b65c5bd13a14b82c6b53be932ce36 } | |
| $a_12 = { 558bff53c8b3cdced2a10d2d2a9a839a } | |
| $a_13 = { 558b426c9ab8398bdff1d857e89b79e0 } | |
| $a_14 = { 558b5319431ebf9882cc19e238b85be8 } | |
| $a_15 = { 558b3b91a1db27fc1afc97e731bac3e6 } | |
| $a_16 = { 558b72217d55be56cc4ba956118ffe58 } | |
| $a_17 = { 558b34bdd3cc15953b50419b30a8461d } | |
| $a_18 = { 558b6d5e56a7cf4c48f7fb9d26c2cb31 } | |
| condition: | |
| 14 of them | |
| } | |
| rule PWSWin32Populf_c58bde742f937eba3ba8fbb014237ef34329553de35f49e3265189a43ae89b66 { | |
| strings: | |
| $a_2 = { 558bec33c98a4d0c8b45088b5510e8b9 } | |
| $a_3 = { 558bec83ea01720a74224a74394a7450 } | |
| $a_4 = { 558bec33c0556815a6440064ff306489 } | |
| $a_5 = { 558bec33c05568a03f400064ff306489 } | |
| $a_6 = { 558bec81c48cfeffff5333d2899590fe } | |
| $a_7 = { 558bec53565784d2740883c4f0e8360c } | |
| $a_8 = { 558bec83c4dc53568945fc33d2556830 } | |
| $a_9 = { 558bec51538945fce8574dfdff8bd88b } | |
| $a_10 = { 558bec33c05568d57d400064ff306489 } | |
| $a_11 = { 558bec83c4ec5356578bd8e838ddfeff } | |
| $a_12 = { 558bec33c05568b5e3420064ff306489 } | |
| $a_13 = { 558bec515356578945fc33c05568a6cc } | |
| $a_14 = { 558bec6a005333d255682d46420064ff } | |
| $a_15 = { 558bec8b80900000008b550889908800 } | |
| $a_16 = { 558bec83c4f8e8a1fcfeff8855fb8945 } | |
| $a_17 = { 558bec33c05568df7c440064ff306489 } | |
| $a_18 = { 558bec53568b45088b40fc8b4038e8b1 } | |
| $a_19 = { 558bf88b4730e87e8cffff8be88b472c } | |
| $a_20 = { 558bec33c055680972400064ff306489 } | |
| $a_21 = { 558bec515356578bd833c0a3c0054500 } | |
| $a_22 = { 558bec33c055687332440064ff306489 } | |
| $a_23 = { 558bec5153568bda8945fc8b45fce80d } | |
| $a_24 = { 558bec33c055685969400064ff306489 } | |
| $a_25 = { 558bec33c05568d347400064ff306489 } | |
| $a_26 = { 558bec83c4f40fb7050c6040008945f8 } | |
| $a_27 = { 558bec518945fc33d25568bc60400064 } | |
| $a_28 = { 558bec53565784d2740883c4f0e8aedb } | |
| $a_29 = { 558bec51535684d2740883c4f0e8825a } | |
| $a_30 = { 558bec83c4e4535633c9894de48bf233 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Prast_da6df968e975e99ec5b4e85c0b75537fe3dd98cb9fbcce560a9feb4492c4545d { | |
| strings: | |
| $a_2 = { 558bec51ff15005040008945fc8b02c1 } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32Primarypass_cc893bd03856327d52d1a7232458f0119e9f1f5ac4ff449e625ea655a48bdbc7 { | |
| strings: | |
| $a_2 = { 558b1c9d38db005e42fd93b122da577e } | |
| $a_3 = { 558bec515168c610400064a100000000 } | |
| $a_4 = { 558bec83ec0c68c610400064a1000000 } | |
| condition: | |
| 3 of them | |
| } | |
| rule PWSWin32Progent_3c4eff55fbae3bd49c364553db4c92e76de6ac9349449e0e464cf91ec551f08c { | |
| strings: | |
| $a_2 = { 558bec8d4510f6451580740583380075 } | |
| $a_3 = { 558b8c616e86121e80be156f04d4ceed } | |
| $a_4 = { 558bce93e35c3ff8c41f18a837871c52 } | |
| $a_5 = { 558bec6aff68481d141368c876141364 } | |
| $a_6 = { 558b58f6ff3713b3787cd9ac89f8812d } | |
| $a_7 = { 558bec8d4d0c8b0185c074093d000001 } | |
| $a_8 = { 558ba1b887980a06159137cc955ced2a } | |
| $a_9 = { 558bec515153568b3538a21413578b7d } | |
| $a_10 = { 558bc831292a87369b754e7c703a7488 } | |
| $a_11 = { 558b48e41565919543914696386c1201 } | |
| $a_12 = { 558bec6aff686821141368c876141364 } | |
| $a_13 = { 558bbc79c1588c59f03fee09e18470e8 } | |
| $a_14 = { 558bec5151833dbca014130056577421 } | |
| $a_15 = { 558becff7508e88f00000085c074218b } | |
| $a_16 = { 558bec6aff68901d141368c876141364 } | |
| $a_17 = { 558bce503836dd8c199e8f801f1295bd } | |
| $a_18 = { 558bec83ec14a114b514138b1518b514 } | |
| $a_19 = { 558becb800100000e8b3050000538b5d } | |
| $a_20 = { 558bb9a0d9b21f52ce89c4c7fcee602f } | |
| $a_21 = { 558b375d785ae1e31b2955b604c5d950 } | |
| $a_22 = { 558b68f72782d51b0ecf5f7ea7909522 } | |
| $a_23 = { 558bec51515333db391d28b614135657 } | |
| $a_24 = { 558b2d2c111413565733db33f633ff3b } | |
| $a_25 = { 558bac2434010000568b357011141357 } | |
| $a_26 = { 558bec83c4e45752ff75106a008d7de4 } | |
| $a_27 = { 558bec83ec0cc745fc00000000683f00 } | |
| $a_28 = { 558bec6aff688021141368c876141364 } | |
| $a_29 = { 558bec6aff68701d141368c876141364 } | |
| $a_30 = { 558b097d3829f8a3c89a9a0886adb187 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Prostor_deb4e341ba50574d36ffaf722b68b55d1a384bc34452e866bcec50b2a7acfb04 { | |
| strings: | |
| $a_2 = { 558b2d3cffffffbfb957bfc824c10cf3 } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32PWSteal_ce55c1165bc7944e5ab64c8483aa088f2e31b4a2373a04210f9bf03668683625 { | |
| strings: | |
| $a_2 = { 558bec83c4d45356578b750833ff8b1e } | |
| $a_3 = { 558bec53568b5d0853e8d668feff598b } | |
| $a_4 = { 558bec83c4e85356578b5d0c8b750833 } | |
| $a_5 = { 558bec83c4f453568b5d088b450c8b55 } | |
| $a_6 = { 558bec5356578b5d0c8b45088b388b77 } | |
| $a_7 = { 558bec515356578b7d108b750c8b4508 } | |
| $a_8 = { 558bec33c0833d2833e507007406ff15 } | |
| $a_9 = { 558bec5356578b5d0833ffeb3c33f6eb } | |
| $a_10 = { 558bec53568b5d108b450c8b7508f640 } | |
| $a_11 = { 558bec53568b5d08ff730ce8fe83faff } | |
| $a_12 = { 558bec83c4e05356578b45088b500489 } | |
| $a_13 = { 558bec53568b750885f6741f837e0800 } | |
| $a_14 = { 558bec5356578b750c8b7d0885ff7409 } | |
| $a_15 = { 558bec83c4c85356578b750833c08945 } | |
| $a_16 = { 558bec53568b5d0833f6807b42037215 } | |
| $a_17 = { 558bec83c4f05356578b750833ff33c0 } | |
| $a_18 = { 558bec83c4a85356578b5d088b052c42 } | |
| $a_19 = { 558bec5356578b750c8b7d0885ff7404 } | |
| $a_20 = { 558bec515356578b7d108b5d0853e880 } | |
| $a_21 = { 558bec53568b5d0c8b7508837b180074 } | |
| $a_22 = { 558bec83c4ec5356578b5d0c8b45088b } | |
| $a_23 = { 558bec33c055689fb2e40764ff306489 } | |
| $a_24 = { 558bec8b4508ff7514ff7510ff750c50 } | |
| $a_25 = { 558bec81c460ffffff5356578b7d108b } | |
| $a_26 = { 558bec51538b5d088d45fc50ff7310e8 } | |
| $a_27 = { 558bec515356578b750833db807e1300 } | |
| $a_28 = { 558bec5356578b7d108b750c8b45148b } | |
| $a_29 = { 558bec5356578b7d0833db57e8d7ffff } | |
| $a_30 = { 558bec538b4d0833c0eb168bd8c1e303 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Qqhook_70c3d6cf6f6e4411e0c6605c9897447d78cc7a549a120ceb532db7e234a44ab0 { | |
| strings: | |
| $a_2 = { 558b843ed89bf40fd682a6c3b7057a46 } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32QQpass_321361b74371f4a753b87841742f39aed3614d6d395bb3da1395efc3d6ec3874 { | |
| strings: | |
| $a_2 = { 558bec535657556a006a0068286a4000 } | |
| $a_3 = { 558b6c240c83f80156750e55ff1574b0 } | |
| $a_4 = { 558bec5756538b750c8b7d088d05f83f } | |
| $a_5 = { 558bec6aff68a0b2400068086b400064 } | |
| $a_6 = { 558bc18bf78bfa8d542414c1e902f3a5 } | |
| $a_7 = { 558b2d54b04000578b3d58b040008b4c } | |
| $a_8 = { 558b2d68b04000f68424ec000000100f } | |
| $a_9 = { 558b2dd0b1400083f80157753e68c800 } | |
| $a_10 = { 558b2dbcb040005633f633db578b3db8 } | |
| $a_11 = { 558bac243804000051535552ff152cb1 } | |
| $a_12 = { 558b2d14b24000817c24140001000075 } | |
| $a_13 = { 558bec6aff6890b2400068086b400064 } | |
| $a_14 = { 558bac2430030000f68424e801000010 } | |
| condition: | |
| 11 of them | |
| } | |
| rule PWSWin32QQRob_7ca07541a90c85b441c7cc334bde92b83911da2f87ffa8fa0248d323fb8f7180 { | |
| strings: | |
| $a_2 = { 558bec6aff682a2c0a006838900d0064 } | |
| $a_3 = { 558bd9b3e8c74304606a044f911db06f } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32QQThief_d57d77fff3d53550ec94bd3306db56cc3cd3af6be7e5897e9995e5824076bc39 { | |
| strings: | |
| $a_2 = { 558bec518d45fc506a026a0068bc4040 } | |
| $a_3 = { 558bec53568bf16880400000e8670200 } | |
| $a_4 = { 558bec81ec540500005357ff15543040 } | |
| $a_5 = { 558bec515153568d45f857508d45fc33 } | |
| $a_6 = { 558bec81ecc006000056be0401000057 } | |
| $a_7 = { 558bec81ec0c03000080a5f8fdffff00 } | |
| $a_8 = { 558bec51518b45085633f63930767353 } | |
| $a_9 = { 558b2d54304000ffd585c074088bc3c1 } | |
| $a_10 = { 558bec6aff686831400068c021400064 } | |
| $a_11 = { 558bec81ec48020000ff75088d85f8fe } | |
| $a_12 = { 558bec5151538b5d0856578b3de03040 } | |
| $a_13 = { 558bec81ec5406000056be040100008d } | |
| $a_14 = { 558bec81ec20020000837d08000f8481 } | |
| $a_15 = { 558be8c3d522c2ac23c0a5fd4100a365 } | |
| $a_16 = { 558bec81ec04010000833d1040400000 } | |
| $a_17 = { 558bec5333db395d0c568b75080f8ecd } | |
| condition: | |
| 14 of them | |
| } | |
| rule PWSWin32Redzone_594759e1dcc822ef769209948f35accaa9c73e185f7fdfca51580d24698ebb6c { | |
| strings: | |
| $a_2 = { 558bec538bd8a1f4894500e870fbffff } | |
| $a_3 = { 558bec33c055685d86420064ff306489 } | |
| $a_4 = { 558bec51538955fc8bd88b45fce87af6 } | |
| $a_5 = { 558bec51535684d2740883c4f0e8baa7 } | |
| $a_6 = { 558bf18bfa8bd8837e6400740aa18c70 } | |
| $a_7 = { 558bec33c055688a6d420064ff306489 } | |
| $a_8 = { 558bec6a00538bd833c0556842b44100 } | |
| $a_9 = { 558bec535657a13886450085c0744b8b } | |
| $a_10 = { 558bf28bd88bc6e881beffff8bf88bc3 } | |
| $a_11 = { 558bec33c05568f3bf430064ff306489 } | |
| $a_12 = { 558bec33c05568c34e450064ff306489 } | |
| $a_13 = { 558bec33c055680fb7420064ff306489 } | |
| $a_14 = { 558bec5633f6f6c21074195150e8da2e } | |
| $a_15 = { 558bd98bf28bf88bcb8bd68bc7e8f368 } | |
| $a_16 = { 558bec53568bf18bd866a1ac3f440066 } | |
| $a_17 = { 558bec6a005633c0556873ab400064ff } | |
| $a_18 = { 558bec33c9515151515333c055686fbf } | |
| $a_19 = { 558bec6a0033d25568f19f440064ff32 } | |
| $a_20 = { 558bec8b45088b40f4e8b20d0000a1e0 } | |
| $a_21 = { 558bec53568bf28bd88b53708bc6e8ed } | |
| $a_22 = { 558bec6a00538bd833c05568ded34400 } | |
| $a_23 = { 558bec5356bed0894500a1d4894500e8 } | |
| $a_24 = { 558bec6a005356578bd833c05568275a } | |
| $a_25 = { 558bec83c4f88945fca1987045008078 } | |
| $a_26 = { 558bec51538d5dfca1406945008b5508 } | |
| $a_27 = { 558bec538bd8a1f4894500e82cfcffff } | |
| $a_28 = { 558bec33c05568c922410064ff306489 } | |
| $a_29 = { 558bec83c4f0a1b48b4500e87c5efeff } | |
| $a_30 = { 558bec53565784d2740883c4f0e83265 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Reteged_11d1487daed588683c23fa55679a7df126be79028fbda26964ea4ee2821967f9 { | |
| strings: | |
| $a_2 = { 558bec83e40c0785c9770e33476b6f21 } | |
| $a_3 = { 558b0d55144f48de70c4084e602c1e9d } | |
| $a_4 = { 558bad275c2bc151833d45708172751d } | |
| $a_5 = { 558b37b458e8755e4e964db85e2f840e } | |
| condition: | |
| 4 of them | |
| } | |
| rule PWSWin32Rugond_bb471167247f26dd587125bf36bfc8eac319efe094bb9cbe768c8627bd44ecfc { | |
| strings: | |
| $a_2 = { 558be95657837d64030f85d3000000b9 } | |
| $a_3 = { 558bec833d1cc16b00005356750fff75 } | |
| $a_4 = { 558bec81eccc0000008d45f050ff1550 } | |
| $a_5 = { 558b6c241856578b7c241885ff7d0403 } | |
| $a_6 = { 558b6c240c56576aff8b45008bb59c01 } | |
| $a_7 = { 558bec81ec0c000000817d0c12030000 } | |
| $a_8 = { 558bec51833df4826b000053751d8b45 } | |
| $a_9 = { 558b6c247456578b45008b5d088b7504 } | |
| $a_10 = { 558bec81ec14000000813d9cfa650007 } | |
| $a_11 = { 558bec83ec6053568bf1578975f8e852 } | |
| $a_12 = { 558bec81ec700100008b1db8f7650083 } | |
| $a_13 = { 558bec8b450850b9c8bc6600e88f86ff } | |
| $a_14 = { 558bcee8da1308008bbc24ac00000039 } | |
| $a_15 = { 558bec81ec0c0000006aff6a1268794c } | |
| $a_16 = { 558bec81ec100000006844fa6500e819 } | |
| $a_17 = { 558bec81ec48000000c745fc00000000 } | |
| $a_18 = { 558bec81ec040000006a0068ff000000 } | |
| $a_19 = { 558bec81ec280000006808000000e8fa } | |
| $a_20 = { 558bec81ec100000006808000000e838 } | |
| $a_21 = { 558bec81ec040000006aff6a1068e842 } | |
| $a_22 = { 558bec81ec10000000e8a2fbf9ff8b1d } | |
| $a_23 = { 558bec81ec080000006aff6a13681a19 } | |
| $a_24 = { 558bcee817fdffff8b5e1c8bcee88ab9 } | |
| $a_25 = { 558bec81ecd8000000c745fc00000000 } | |
| $a_26 = { 558bec518b450c5785c0c745fcffffff } | |
| $a_27 = { 558b2d9c365d008d542414578d442414 } | |
| $a_28 = { 558bec83ec4053568b35d4305d00576a } | |
| $a_29 = { 558bec81ec1c0000006aff6a10689b4c } | |
| $a_30 = { 558bcfe86f86ffff8bcf89442414e8a4 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Sacanph_f6a444af98cb3f9f1c37104a8b6cd92f0aa1689829a7d98f363863199eea924e { | |
| strings: | |
| $a_2 = { 558bec33c05568a9ed4b0064ff306489 } | |
| $a_3 = { 558bec33c0556893a14e0064ff306489 } | |
| $a_4 = { 558bec33c05568b3ce400064ff306489 } | |
| $a_5 = { 558bec33c05568cfa5400064ff306489 } | |
| $a_6 = { 558bec33c055686f0c520064ff306489 } | |
| $a_7 = { 558bfdffb86cff5500e84b8bfdffb870 } | |
| $a_8 = { 558becba7c4f4300a1548e5200e836e0 } | |
| $a_9 = { 558bec33c0556819a8510064ff306489 } | |
| $a_10 = { 558bec33c0556847e24c0064ff306489 } | |
| $a_11 = { 558bec33c0556843704d0064ff306489 } | |
| $a_12 = { 558bec33c05568eb9b510064ff306489 } | |
| $a_13 = { 558bec515356894dfc8bf28bd88bce8b } | |
| $a_14 = { 558bec8b45088b40f4e8820e0000a14c } | |
| $a_15 = { 558bec5356beb4f0550068b8f05500e8 } | |
| $a_16 = { 558bec83c4f0538bd933c95568552452 } | |
| $a_17 = { 558bd98bfa8bf0833d8c38560000740d } | |
| $a_18 = { 558bec33c0556861bd440064ff306489 } | |
| $a_19 = { 558bec33c055688ddc400064ff306489 } | |
| $a_20 = { 558becba48394300a1548e5200e862f6 } | |
| $a_21 = { 558bec33c055683190400064ff306489 } | |
| $a_22 = { 558bec33c055683d0e4e0064ff306489 } | |
| $a_23 = { 558bec33c0556889be4f0064ff306489 } | |
| $a_24 = { 558bec518945fc8b45fce8f115000033 } | |
| $a_25 = { 558becba1c3b4300a1548e5200e8a2f4 } | |
| $a_26 = { 558bec33c055686337470064ff306489 } | |
| $a_27 = { 558bec33c0556833e44c0064ff306489 } | |
| $a_28 = { 558bec33c0556817e84b0064ff306489 } | |
| $a_29 = { 558bec51535684d2740883c4f0e86275 } | |
| $a_30 = { 558bec33c0556891f54b0064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Sadam_d2b5ab5023a76cab39e9495a8b51cb6b23893bf43ec34751b3584a7b9ad215d6 { | |
| strings: | |
| $a_2 = { 558bec81ec94010000c645ec0dc645ed } | |
| $a_3 = { 558bec6aff680040400068b038400050 } | |
| $a_4 = { 558bec81eccc010000c685b0feffff48 } | |
| $a_5 = { 558bec83ec0cc645f45cc645f56dc645 } | |
| $a_6 = { 558bec83ec34535633db891d04584000 } | |
| $a_7 = { 558bec83ec20c645e853c645e96fc645 } | |
| $a_8 = { 558bec81ec88050000c745dc00000000 } | |
| $a_9 = { 558bec81ec440100005333db53680000 } | |
| $a_10 = { 558bec81ec98000000c645e853c645e9 } | |
| $a_11 = { 558bec83ec78c645f05cc645f153c645 } | |
| $a_12 = { 558bec83ec40c645c853c645c94fc645 } | |
| $a_13 = { 558bec81ec880000005356576a008d45 } | |
| $a_14 = { 558bec83ec34568d45cc5768905f4000 } | |
| $a_15 = { 558bec535657556a006a0068182c4000 } | |
| $a_16 = { 558bec83ec4053565733f633db33ff68 } | |
| $a_17 = { 558bec83ec20c645f031c645f139c645 } | |
| $a_18 = { 558bec81ecac010000c645f85cc645f9 } | |
| condition: | |
| 14 of them | |
| } | |
| rule PWSWin32Sapbexts_1967b3b523f9f1463f9a62ddbf5c6be4a895b4c8991fc088780fe54b79c93239 { | |
| strings: | |
| $a_2 = { 558b69c853d382051f62688938053237 } | |
| $a_3 = { 558bcba282c19df0394c1a5aa15c3ceb } | |
| $a_4 = { 558bf5606cf16928ef0903e50e346bb3 } | |
| $a_5 = { 558bf32fe7afe1dd0489d4933382957c } | |
| condition: | |
| 4 of them | |
| } | |
| rule PWSWin32Scofted_b09bf7d1fa8246850035d71bf019ef1e07e5242b3823d84fbfcc011fd58fe66c { | |
| strings: | |
| $a_2 = { 558ba75c1a3bab0c350029fdbb248bf0 } | |
| $a_3 = { 558b55c0209fa91858c30026bed7e551 } | |
| $a_4 = { 558b409d5adbf6d12f5ccc20784ea9e2 } | |
| $a_5 = { 558bbef6f4c50ce88c385c2c7cc97a1e } | |
| $a_6 = { 558b0ffa600cde147fbdc0c2ca4b6afc } | |
| $a_7 = { 558b9d5db104a7328a5aee471231d32f } | |
| $a_8 = { 558b342d05c72bca17a0d5420c2fc81d } | |
| $a_9 = { 558bac303ca97207476e582231703664 } | |
| $a_10 = { 558bf72fb513267040390ae120d9bbc5 } | |
| $a_11 = { 558b1430ae805d67759559e8bd59267e } | |
| $a_12 = { 558b5f745d0d94804f7ab98d10aa574c } | |
| $a_13 = { 558b2123c656c482fdd3d8f94e096626 } | |
| $a_14 = { 558b48dbddffd8c56b506c58285f12be } | |
| $a_15 = { 558bb2698f35253416798bad935c06d0 } | |
| $a_16 = { 558bddc9b367c9f756821221ef5dd140 } | |
| $a_17 = { 558beea1fc275fc2131b4ea0138169ae } | |
| $a_18 = { 558bba03071d5b5af3712e6030f46c90 } | |
| condition: | |
| 14 of them | |
| } | |
| rule PWSWin32Sekur_1cf53dc7944c37237f5bce92f58552ad8783a3183e152af9928c166e201fbbfa { | |
| strings: | |
| $a_2 = { 558b49898b8b5b0e101c8b8b7572c9a3 } | |
| $a_3 = { 558b5555005574392ee8e83ee800e8e8 } | |
| $a_4 = { 5589e55dc3ffffffff00000000ffffff } | |
| $a_5 = { 558be155551cff5559ec325555555575 } | |
| $a_6 = { 558b8b00559155558d55458955005555 } | |
| $a_7 = { 558b536a086a40ec8b45e800017dec00 } | |
| $a_8 = { 558b5104ff04ff03855179ff04757e8b } | |
| $a_9 = { 558bfffe03c840ff3333c833851c33b5 } | |
| $a_10 = { 558bffc7ff8b8bff148b8b34c38b74ae } | |
| $a_11 = { 558bc33bff083b3b533b3b683b008d00 } | |
| $a_12 = { 558b100a010475030300032b00030500 } | |
| $a_13 = { 558be8000ae810c48b75e8e80be88dff } | |
| $a_14 = { 558bf0928bec62550184555600130655 } | |
| $a_15 = { 558b8b66268b8b10518bc4758b018b8b } | |
| $a_16 = { 558bc051b10bc43f756a0450ecfc5142 } | |
| $a_17 = { 558b0055f84e08f8eb00f8f8f8f8f8f8 } | |
| $a_18 = { 5589e58b4d088b15006043008d040a3d } | |
| $a_19 = { 558bfca2fce889fcfc740402fc00fc02 } | |
| $a_20 = { 558b8b8b8b8b66f0008b8b8b8bff598b } | |
| $a_21 = { 558b59837f591f02ff3ec38556c30001 } | |
| $a_22 = { 558b07038b030c03ff03b70303800308 } | |
| $a_23 = { 558bb51404008b8b501456e87575c276 } | |
| $a_24 = { 558b6a45710c0c8b0c0cc174e50c0c89 } | |
| $a_25 = { 558bc30084c3c3c3eb3323c3c38aff32 } | |
| $a_26 = { 558b065d67575fff550055557a555732 } | |
| $a_27 = { 558b04758b458b45c204758bec8b5d0c } | |
| $a_28 = { 558b5f3bff7e45ec047e801b07c3c67e } | |
| $a_29 = { 558b5d0f8b1600c88b0c75d21b838510 } | |
| $a_30 = { 558b90ece8ecec9dec08c0ececff00ec } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Seratin_092cd7856a1cd577896ac0a601614df922f110fd088cc8af84ad785d884e9bb6 { | |
| strings: | |
| $a_2 = { 558bec515156e8e1c0ffff8bf085f60f } | |
| $a_3 = { 558bec515133c039450c530f95c0568b } | |
| $a_4 = { 558bd86a0053c744243000000000ff15 } | |
| $a_5 = { 558becb800100000e86ccc0000568d85 } | |
| $a_6 = { 558bec5356576a006a00687354011051 } | |
| $a_7 = { 558bec51e830e600008945fcdb45fcdc } | |
| $a_8 = { 558bec83ec385357ff75088d4dc8e821 } | |
| $a_9 = { 558b6c240c85ed8bc189442404747253 } | |
| $a_10 = { 558bec83ec0c5333db381d84c0021056 } | |
| $a_11 = { 558bec535657e880e9ffff83b80c0200 } | |
| $a_12 = { 558bec83ec20538b5d0885db5657894d } | |
| $a_13 = { 558bec83ec10a104a002108365f80083 } | |
| $a_14 = { 558bec51ff750c8d45fcff750850e836 } | |
| $a_15 = { 558bec56578b7d086a7b578bf1e84abd } | |
| $a_16 = { 558bec8b4508568d34c560a00210833e } | |
| $a_17 = { 558bec5657e8832400008b30e87c2400 } | |
| $a_18 = { 558bec83ec1056576a1f8bf1e8c1e0ff } | |
| $a_19 = { 558bec81ec28030000a3f0bb0210890d } | |
| $a_20 = { 558beca12480021085c056578bf9b924 } | |
| $a_21 = { 558bec83ec2056ff75088bf18975ece8 } | |
| $a_22 = { 558bec83ec10ff75088d4df0e81a23ff } | |
| $a_23 = { 558bec83ec54536a44598bd18d45ac33 } | |
| $a_24 = { 558bec83ec14a100c202108b4d086bc0 } | |
| $a_25 = { 558bec53568b75088b068bd98a0880f9 } | |
| $a_26 = { 558bec83ec1056ff750c8d4df0e80180 } | |
| $a_27 = { 558bec83ec1456ff75108d4dece873e8 } | |
| $a_28 = { 558bec535657556a006a0068749b0110 } | |
| $a_29 = { 558bec83ec18a104a002108365e8008d } | |
| $a_30 = { 558bec6afe68d05e02106850fb001064 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Sifre_18ed78fca1ced4413d1873dfad00ca7966538ae0a99786683bdfd0af0b5c3022 { | |
| strings: | |
| $a_2 = { 558bec83ec1468861a400064a1000000 } | |
| $a_3 = { 558bec83ec0868861a400064a1000000 } | |
| $a_4 = { 558bec83ec0c68861a400064a1000000 } | |
| $a_5 = { 558bec83ec1868861a400064a1000000 } | |
| condition: | |
| 4 of them | |
| } | |
| rule PWSWin32Sinowal_067836d47164f28056bcd9eb218939682e91f0694bc2f8c5e0f79514d7841ce4 { | |
| strings: | |
| $a_2 = { 558bec51ff1584c00010837d10ff750c } | |
| $a_3 = { 558bec8b4508c600cc8b4d0883c10189 } | |
| $a_4 = { 558bec515356578b7d0c85ff0f847a01 } | |
| $a_5 = { 558bec56578b7d088bcf33f6e8d33d00 } | |
| $a_6 = { 558bec515156ff75108d45fc33f65089 } | |
| $a_7 = { 558b45ee8b4df0568b750c5750668946 } | |
| $a_8 = { 558bec81ec40020000833d5cfa001000 } | |
| $a_9 = { 558bec5156be60010110578bce33ffe8 } | |
| $a_10 = { 558bec83ec188b45088b08894df88b48 } | |
| $a_11 = { 558bec51515356578b3d84c00010ffd7 } | |
| $a_12 = { 558bec83ec14538b1d80c00010568b75 } | |
| $a_13 = { 558bec83ec08c745f8000000006a018b } | |
| $a_14 = { 558bec83ec1c894df08b45088b08c1e9 } | |
| $a_15 = { 558bec53568b3584c0001057ffd6ff75 } | |
| $a_16 = { 558becb8d4120000e8d62a000053568b } | |
| $a_17 = { 558bec515633f6397510742b8d45fc50 } | |
| $a_18 = { 558bec83ec488d45fc508d45ec50ff75 } | |
| $a_19 = { 558bec83ec18535657be24f100108d7d } | |
| $a_20 = { 558bec8b450c83e800742d4874164875 } | |
| $a_21 = { 558bec568b3584c00010ffd6a11c0101 } | |
| $a_22 = { 558bec53568b3584c0001057ffd68b3d } | |
| $a_23 = { 558bec53568b3584c00010ffd68b5d1c } | |
| $a_24 = { 558bec565733ff33c0397d0c7e248b75 } | |
| $a_25 = { 558bec5153568b3584c0001057ffd6ff } | |
| $a_26 = { 558bec83ec2453568b750c57ff75188b } | |
| $a_27 = { 558bec83ec1053568b75105733ff397d } | |
| $a_28 = { 558bec53568b3584c0001057ffd6bf00 } | |
| $a_29 = { 558bec83ec44568b359cc00010576880 } | |
| $a_30 = { 558bec83ec285768000000f033ff6a01 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Sounli_d5477062ecfb4569f0c36dea394cff6e1bfdfc7cba20903655a98e9ce229f51f { | |
| strings: | |
| $a_2 = { 558bec81c468feffff535657c7053887 } | |
| $a_3 = { 558bec538bd88bc3e8cf6bffff506a00 } | |
| $a_4 = { 558bad29d39d7f42dcda46a52d69a860 } | |
| $a_5 = { 558bec6a0033c055680ed4400064ff30 } | |
| $a_6 = { 558bec83c4e45333d28955ec8955e889 } | |
| $a_7 = { 558bec518945fc33d255680033001064 } | |
| $a_8 = { 558bec33c055684136400064ff306489 } | |
| $a_9 = { 558bec515356578bd833c0a3b0550010 } | |
| $a_10 = { 558b297eab0cb9f003eb3bd51a465914 } | |
| $a_11 = { 558b1895c42ab397028b59faf755b08a } | |
| $a_12 = { 558bec515356578bd833c0a3b0554000 } | |
| $a_13 = { 558bec33d255686e1a400064ff326489 } | |
| $a_14 = { 558bec515356578bf28bd8803dac5500 } | |
| $a_15 = { 558bec518945fc33d25568e032400064 } | |
| $a_16 = { 558bec33c05568ed31410064ff306489 } | |
| $a_17 = { 558bf28bd88bc6e809cdffff8bf88bc3 } | |
| $a_18 = { 558bec83c4f053568955fc8bf08b45fc } | |
| $a_19 = { 558bec33c05568c65a400064ff306489 } | |
| $a_20 = { 558bec515356578bf28bd8833d1c8841 } | |
| $a_21 = { 558bec538bd8833d3c87410012753a83 } | |
| $a_22 = { 558bec83c4f8e81936ffff8855fb8945 } | |
| $a_23 = { 558bac0f0d25011190af8d211a081a08 } | |
| $a_24 = { 558bec538bd88b4508508bc3e82bbaff } | |
| $a_25 = { 558bec83c4f056578b45088bf08d7df0 } | |
| $a_26 = { 558bec33c0556865c0400064ff306489 } | |
| $a_27 = { 558bec33c05568183e410064ff306489 } | |
| $a_28 = { 558beb1801d9ef8beb0a00d123bbe6e3 } | |
| $a_29 = { 558bec33c0556885f2400064ff306489 } | |
| $a_30 = { 558bec535657a12856400085c0744b8b } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Stealer_15ca30780a9695ed2835564662d835620bd4f9ad3de743fe0ae19d24662bc8f0 { | |
| strings: | |
| $a_2 = { 558b645533bb647d3e495975e6dd80fb } | |
| $a_3 = { 558bec60558b75088b7d0cfcb280a4e8 } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32Steam_a6eeaf815ba724780b6278ecd44e05318550f6284cecbca31823374a841030cc { | |
| strings: | |
| $a_2 = { 558b95d01a18b159a8c24bd030b62988 } | |
| $a_3 = { 558b894ec92b79b82eb10c267390d977 } | |
| $a_4 = { 558b4751a540ee91cde9bfaf0c10737f } | |
| $a_5 = { 558b6ceb1006f4630457b86d201e81c3 } | |
| $a_6 = { 558bb0f0810839187892c201faaae440 } | |
| $a_7 = { 558b1e5d120c44647ae0dbaffe73a8f1 } | |
| $a_8 = { 558bff1ce83cedffa490484e6b03c921 } | |
| $a_9 = { 558b877acc551db89c6c03dd466146c7 } | |
| $a_10 = { 558b3a1edee14e9d8b177f852426d9fb } | |
| $a_11 = { 558b60265ebb0ab0db91208215081142 } | |
| $a_12 = { 558b445ce7603bf0b2754862822ade67 } | |
| $a_13 = { 558b869cf222d4974a6564f75474f8e5 } | |
| $a_14 = { 558bcfd20715e6e88d772e112532734c } | |
| $a_15 = { 558b31c324e4792b234ba3e30533dd8b } | |
| $a_16 = { 558b662d9afc7952897fd28040a9c5db } | |
| $a_17 = { 558b9073104aa5e900bf706bec82b0d9 } | |
| $a_18 = { 558b297eab0cb9f003eb3bd51a465914 } | |
| $a_19 = { 558b000e06badef8d374354a1e7c17ee } | |
| $a_20 = { 558bec51894dfc8b45fcc7006c5c2c20 } | |
| $a_21 = { 558b1cc47a2abef15ba4c4879ad0677e } | |
| $a_22 = { 558b7d4f02cc107e5dedd6e906218bd7 } | |
| $a_23 = { 558b6dd1cf7010ddd4b78b43877ce922 } | |
| $a_24 = { 558be712cf201c82944d5d27ca6caeea } | |
| $a_25 = { 558b05e0aaf2c3b60372b534980be719 } | |
| $a_26 = { 558b974dd602d70082fd2b59391d4d84 } | |
| $a_27 = { 558b2daf01782ca27e4538281e574c73 } | |
| $a_28 = { 558b636204874eb53dbe907624678e6f } | |
| $a_29 = { 558bac0f0d25011190af8d211a081a08 } | |
| $a_30 = { 558b1c4f2b1fba762933fb781821af59 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Stimilina_e8c83dd1a045ca94c3aef98b4d7abe15f614f07da565fbb66b09fdbb619260d6 { | |
| strings: | |
| $a_2 = { 558bec515356578bf28bd8833d1cb84c } | |
| $a_3 = { 558bec53568b45088b40fce808e3feff } | |
| $a_4 = { 558bec51538d5dfca1d0d944008b5508 } | |
| $a_5 = { 558bec6a0033c0556822de400064ff30 } | |
| $a_6 = { 558bec51535684d2740883c4f0e802a9 } | |
| $a_7 = { 558bec6a0033c0556832dd400064ff30 } | |
| $a_8 = { 558bec51538955fc8bd88b45fce85e24 } | |
| $a_9 = { 558bec6a00538bd833c0556821844100 } | |
| $a_10 = { 558bec33c05568c91a420064ff306489 } | |
| $a_11 = { 558bec5666bed2ffe87b6bfdff5e5dc2 } | |
| $a_12 = { 558beca1d49c4c00e8bbbeffff5dc204 } | |
| $a_13 = { 558be8a1b0bb4c00e8506a00008bf04e } | |
| $a_14 = { 558bec51535684d2740883c4f0e8caf8 } | |
| $a_15 = { 558bec51535684d2740883c4f0e8c2b9 } | |
| $a_16 = { 558bec53568b5d088d430450e8afbdff } | |
| $a_17 = { 558bec6a00538bd833c05568420e4300 } | |
| $a_18 = { 558bec6a0033d255682548440064ff32 } | |
| $a_19 = { 558bec83c4f4535657a144b84c008b10 } | |
| $a_20 = { 558bec33c055683954420064ff306489 } | |
| $a_21 = { 558bec53565784d2740883c4f0e83ada } | |
| $a_22 = { 558bec33c05568265a400064ff306489 } | |
| $a_23 = { 558bec53568bd885db75068b1d14dc44 } | |
| $a_24 = { 558bd38b869c010000e85336feffe802 } | |
| $a_25 = { 558bf28bd833ff8bc3e84786ffff508b } | |
| $a_26 = { 558b45f88b40048bd6e8b4cafeffe81b } | |
| $a_27 = { 558bec8b450883c00450e8bdbdffff5d } | |
| $a_28 = { 558bec8b45088b40f08b15b0834200e8 } | |
| $a_29 = { 558bec538bd8a158b84c00e80cfcffff } | |
| $a_30 = { 558bec33c055688922420064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Stimilini_c83cc4a2532dc73f2c7acfe21c30bc7fb48f2a89b930e18100d4da7fd1f290e2 { | |
| strings: | |
| $a_2 = { 558b4de7d4328511e28b13e773d15f51 } | |
| $a_3 = { 558bb8bf4292fa547593f40deb99f803 } | |
| $a_4 = { 558bd4be22d5ac70af48a16b164a14bf } | |
| $a_5 = { 558b0e36e140fd1e189397ca748862db } | |
| $a_6 = { 558bb61a1881547614fda6339670880e } | |
| $a_7 = { 558b792a23c6ba0ce745aed7aa755ef6 } | |
| $a_8 = { 558bd9a2ce04954ee7cde360c426ed1f } | |
| $a_9 = { 558b1ea7021dde73a20c5d00ce9d8501 } | |
| $a_10 = { 558bdf8b22bbfdbc685293c9fe8d9f01 } | |
| $a_11 = { 558b581621f5406c28d1489bd7ef2343 } | |
| $a_12 = { 558b6bbbf5b4c50881a408fe11bd8b12 } | |
| $a_13 = { 558b9f825731af4251d4ba2c8d540899 } | |
| $a_14 = { 558bfe19e367cf766a38700e6ffc8c57 } | |
| $a_15 = { 558bb45702390f11e861a3e14cb1a54b } | |
| $a_16 = { 558bc1013918bf6d9c06e4f19bfe4cda } | |
| $a_17 = { 558bc8cced6be2633ecc786b6234267a } | |
| $a_18 = { 558b55a64df62da64dda4b55aeb408bc } | |
| $a_19 = { 558bd2a202a3569a088c2b68ed07d1c9 } | |
| $a_20 = { 558b723d0429c472dfb696c985ef69d2 } | |
| $a_21 = { 558be13f9292e08e282992eef3e466c4 } | |
| $a_22 = { 558b52619d9b489697bdea8b27e5a4e3 } | |
| $a_23 = { 558bf4fbfd8cdc718e132f42b6f1784a } | |
| $a_24 = { 558b86ec9a626179407d93ca0117917b } | |
| $a_25 = { 558b37d31c5c32bdbb913818ac270b56 } | |
| $a_26 = { 558b6b3a0d7f19e2ba5fb4bfb35a75ec } | |
| $a_27 = { 558b97182efa37b9c04bb0659165a88c } | |
| $a_28 = { 558ba625d1047c6965ece68c1caf98bb } | |
| $a_29 = { 558b26088715a5f3975d8ca1fbde2da2 } | |
| $a_30 = { 558b0ec19264323381e9551eb02ee548 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Strpasseal_3dfc328a0448eb3d1318dcbd01105cf8f60b36e19ed5d25700faa2cc1f2072cc { | |
| strings: | |
| $a_2 = { 558bec81ec10010000c745fc01000000 } | |
| $a_3 = { 558bec83ec0868a46040008b450850e8 } | |
| $a_4 = { 558bec5153565764a13000000083c068 } | |
| $a_5 = { 558bec83ec088b451050e8ff2e000083 } | |
| $a_6 = { 558bec6aff6808514000686046400064 } | |
| $a_7 = { 558bec83ec185657b905000000be2460 } | |
| $a_8 = { 558bec81ecec00000056576a06be3065 } | |
| $a_9 = { 558bec83ec0868a06040008b450850e8 } | |
| $a_10 = { 558bec81ecd4020000535657be246940 } | |
| $a_11 = { 558bec83ec0c8b451450e8a62e000083 } | |
| $a_12 = { 558b4a3f2835233d5e5a666150911f30 } | |
| $a_13 = { 558bec81ec580600005356576a0b59be } | |
| $a_14 = { 558becb8bc130000e8550c0000535657 } | |
| $a_15 = { 558bec81eccc0000005657be846a4000 } | |
| $a_16 = { 558bec81ec1c060000535657be746440 } | |
| $a_17 = { 558bec81eca804000053565733c08d7d } | |
| $a_18 = { 558bec83ec14a1106040008945ec8b0d } | |
| $a_19 = { 558bec81ec9c020000535657beac6540 } | |
| $a_20 = { 558bec81ecf4000000535657be906140 } | |
| $a_21 = { 558bec83ec2053578b7d1033dbc745f4 } | |
| $a_22 = { 558bec81ec60020000535657bea06340 } | |
| $a_23 = { 558bec515356570f318bd80f312bc350 } | |
| $a_24 = { 558bec81ec200200005657b905000000 } | |
| $a_25 = { 558bec81eca40400005356576a0959be } | |
| $a_26 = { 558bec81ecdc02000056576a07bebc69 } | |
| $a_27 = { 558bec81ece00400005356576a0a59be } | |
| $a_28 = { 558bec81ecd8020000535657be286440 } | |
| $a_29 = { 558bec5156c745fc00000000eb098b45 } | |
| $a_30 = { 558bec81ec580100005657b910000000 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Sukwidon_684f4b9ea61e14a15e82cac25076c5afe2d30e3dad7ce0b1b375b24d81135c37 { | |
| strings: | |
| $a_2 = { 558bec83ec7c535657c645a4b8c645a5 } | |
| $a_3 = { 558bec8b450c5633d2578b7d088d70ff } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32Tendcef_50ab88fe376bc7b599336458372287d1c66c522250433d5088125ce7c4b5e420 { | |
| strings: | |
| $a_2 = { 558bec83e4184a68e4236450a17550ee } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32Tendrit_795fb5b7529321234aec6c6d30a5418bd8dbaa664926762e8da163989faacc78 { | |
| strings: | |
| $a_2 = { 558becb800100000e8bd15000056578b } | |
| $a_3 = { 558bec51518365f800568d4dfce806fd } | |
| $a_4 = { 558bec5153e85d9effff8b58643b1d54 } | |
| $a_5 = { 558bec8b450889450868941d01108d45 } | |
| $a_6 = { 558bec83ec105333db391dcc56011056 } | |
| $a_7 = { 558bec51518d45f850ff15580101108b } | |
| $a_8 = { 558bec5153e84e9fffff8b58643b1d54 } | |
| $a_9 = { 558bec81ec100200008365fc0053568d } | |
| $a_10 = { 558bec51535657e8ccc3ffff8b7d088b } | |
| $a_11 = { 558bec51515633f6ff15700001106a07 } | |
| $a_12 = { 558bec515153568b35c8560110578b7d } | |
| $a_13 = { 558bec81ec480d00005356576a4033c0 } | |
| $a_14 = { 558bec5356578b7d0c33db85ff7e28be } | |
| $a_15 = { 558bec81ec18050000a1743901108945 } | |
| $a_16 = { 558bec81ec200100008b45105333db3b } | |
| $a_17 = { 558bec83ec10a17439011085c074073d } | |
| $a_18 = { 558becb80c100000e83e8bffffa17439 } | |
| $a_19 = { 558bec81ec000500005657be00010000 } | |
| $a_20 = { 558bec8b4508568d34c598390110833e } | |
| $a_21 = { 558bec83ec0ca1743901106a068945fc } | |
| $a_22 = { 558bc1c1f8058d3c85a05a01108bc183 } | |
| $a_23 = { 558bec83ec1ca17439011053568b7508 } | |
| $a_24 = { 558bec51565733c0c645fc008d7dfd66 } | |
| $a_25 = { 558bec8b4508ff34c598390110ff1550 } | |
| $a_26 = { 558bec51518365fc0053565768002003 } | |
| $a_27 = { 558b2d340101107e45568b35cc6b0110 } | |
| $a_28 = { 558becb804100000e8232000008365fc } | |
| $a_29 = { 558becb81c140000e8cd520000535657 } | |
| $a_30 = { 558bec83ec205657bee00401108d7de0 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Trah_29c61ea3beabbd9694ef4b0f0d40440f278f8f6481340bc02bc36b70ec890c28 { | |
| strings: | |
| $a_2 = { 558bec53565733c05568d5ab400064ff } | |
| $a_3 = { 558bec538bd88b45088b40fc8bd3e8d9 } | |
| $a_4 = { 558bec515356578945fc33c05568bb37 } | |
| $a_5 = { 558b45f88b40048bd6e8748affffe81b } | |
| $a_6 = { 558bec51535684d2740883c4f0e8dad5 } | |
| $a_7 = { 558bec83c4f853bb2856420068e80300 } | |
| $a_8 = { 558bec5356578bf98bf28bd88bc6e8ad } | |
| $a_9 = { 558bec6a005356578bf833c05568b6d2 } | |
| $a_10 = { 558b83ac00000050e82b0dffff89460c } | |
| $a_11 = { 558bec51538bda8945fc8bc3ba0c7a40 } | |
| $a_12 = { 558bda8be88bc5e8f52fffff84c0743a } | |
| $a_13 = { 558bec51535684d2740883c4f0e8e679 } | |
| $a_14 = { 558bec6a0053565733c055688fcb4000 } | |
| $a_15 = { 558bea8bf8be2a000000bbf44242008b } | |
| $a_16 = { 558bfa8bf0804e36088b6f288bc5baa8 } | |
| $a_17 = { 558bec53803d19544200000f84ce0000 } | |
| $a_18 = { 558bec6a0053565733c055681bcb4000 } | |
| $a_19 = { 558b065053576a006a00e896daffff81 } | |
| $a_20 = { 558be868007f00006a00e87a6cfeff89 } | |
| $a_21 = { 558bec83c4f853568945fc8b45fce8fd } | |
| $a_22 = { 558bec5153568bda8bf06a0a8bc6e885 } | |
| $a_23 = { 558bec515356578bd833c0a31c544200 } | |
| $a_24 = { 558b45fce834a3ffffe83bffffff5988 } | |
| $a_25 = { 558bec84d2740883c4f0e8dda7ffff89 } | |
| $a_26 = { 558bec6a0053565733c05568f3c64000 } | |
| $a_27 = { 558bec51535684d2740883c4f0e8d602 } | |
| $a_28 = { 558bec535657bf50564200833f00756c } | |
| $a_29 = { 558bec53565784d2740883c4f0e8a68a } | |
| $a_30 = { 558bec51535684d2740883c4f0e8ca4e } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Uosproy_49f956780566e39381dd8459edba5b029555120712ea889c19d1dc0e80fb6282 { | |
| strings: | |
| $a_2 = { 558b2dd4400010578b7c2418478b4c24 } | |
| $a_3 = { 558b6c240c8d442404506a405356ff15 } | |
| $a_4 = { 558bec83e4f881ec8c0600005356578b } | |
| $a_5 = { 558bec83ec1464a1180000008b880007 } | |
| $a_6 = { 558bec83e4f8515356b90400000033c0 } | |
| $a_7 = { 558b2d14400010568b3524400010578b } | |
| $a_8 = { 558bec81ec3001000057c7856cffffff } | |
| $a_9 = { 558bec83e4f883ec1053555657687443 } | |
| $a_10 = { 558b6c240c8d0c2f563b4c241477528b } | |
| $a_11 = { 558b3bb96787c7d80e428e90c8eb0c18 } | |
| condition: | |
| 9 of them | |
| } | |
| rule PWSWin32Verweli_238e617b03bdfe2c3084a4bcf3474db1d755210982bab9e2ac10d855846ae20d { | |
| strings: | |
| $a_2 = { 558b84dfa96c909b0115b9ae3bd6de16 } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32Vkont_00740fc858b4b5e0bcb9bb4e67b031605f7128de5dbd4bdef3220bda7e55924a { | |
| strings: | |
| $a_2 = { 558bec538bd8833dc468410012753a83 } | |
| $a_3 = { 558bec518945fc8b45fce8d134ffff33 } | |
| $a_4 = { 558bec6a0033c055689acf400064ff30 } | |
| $a_5 = { 558bec33c055681e21410064ff306489 } | |
| $a_6 = { 558bec6a0033c05568aace400064ff30 } | |
| $a_7 = { 558bec538bd8a1b8894100e888ffffff } | |
| $a_8 = { 558bec6a0033c05568bacd400064ff30 } | |
| $a_9 = { 558bec33c055684b5c400064ff306489 } | |
| $a_10 = { 558bec5356578bf98bda8bf08bc6e8e1 } | |
| $a_11 = { 558bec5356be88894100688c894100e8 } | |
| $a_12 = { 558bec51535657a1c867410085c07451 } | |
| $a_13 = { 558bec33c055688dc7400064ff306489 } | |
| $a_14 = { 558bec51538bd868ffff00008bcaa13c } | |
| $a_15 = { 558bec6a005333c0556826c2400064ff } | |
| $a_16 = { 558bec538bd88bc3e8f370ffff506a00 } | |
| $a_17 = { 558bec5331db89c1dd4508d88b603841 } | |
| $a_18 = { 558bec33c05568e521410064ff306489 } | |
| $a_19 = { 558bec515356578945fc33d25568d339 } | |
| $a_20 = { 558bec83c4d45356578955fc8bf08b45 } | |
| $a_21 = { 558bec535657a1b4894100e890f2ffff } | |
| $a_22 = { 558bec6a005333c05568e2c0400064ff } | |
| $a_23 = { 558bec6a0033c0556882d2400064ff30 } | |
| $a_24 = { 558bec33c055686514410064ff306489 } | |
| $a_25 = { 558bec33c055685715410064ff306489 } | |
| $a_26 = { 558bec6a005333c05568bac1400064ff } | |
| $a_27 = { 558bf28bd833ff8bc3e88b98ffff508b } | |
| $a_28 = { 558bec33c05568ebee400064ff306489 } | |
| $a_29 = { 558bec515356578945fc833dc0894100 } | |
| $a_30 = { 558bec538bd88bc3e8bb70ffff506a00 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Vorbeld_b6a25f1cc57c16be4ee0e184b3b53449f162d0838691cee8d610108239106078 { | |
| strings: | |
| $a_2 = { 558bec83ec0c682611400064a1000000 } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32Watcher_50388202b03382e0dd50b3acedbec1fc70c732a65c0289291ebacf005ff25121 { | |
| strings: | |
| $a_2 = { 558bec83ec4053568b3584364400576a } | |
| $a_3 = { 558bec5151568bf1578b3d983644008b } | |
| $a_4 = { 558bec81ec0c0300005356578bf1e85c } | |
| $a_5 = { 558bec81ec0801000056894dfce89d1a } | |
| $a_6 = { 558bec518d45fc689096420050c745fc } | |
| $a_7 = { 558bec83ec10568bf15768eeeb4100b9 } | |
| $a_8 = { 558bec83ec3853568bf1578975f8e871 } | |
| $a_9 = { 558bec5657ff750cff7508ff151c3a44 } | |
| $a_10 = { 558bec81ec90000000535657ff15d839 } | |
| $a_11 = { 558bec5151568bf1578b3da03644008b } | |
| $a_12 = { 558bec515156e89e8800008b400485c0 } | |
| $a_13 = { 558bec5657ff75088b3d083b4400ffd7 } | |
| $a_14 = { 558bec51568bf1578b3d743644008b46 } | |
| $a_15 = { 558b2d303744005633f633db578b3d34 } | |
| $a_16 = { 558bec8b45088b0c85d0a9430051ff15 } | |
| $a_17 = { 558bec535657556a006a006888554000 } | |
| $a_18 = { 558bec51535657e8a96600008bd8895d } | |
| $a_19 = { 558b2d4036440050ffd56a006a016a01 } | |
| $a_20 = { 558bec5356578bf9e861a8ffffa84074 } | |
| $a_21 = { 558bec8b45083df0d04300721d3d50d3 } | |
| $a_22 = { 558b401c85c0750433c9eb038b481c85 } | |
| $a_23 = { 558bec515356578bf1e833adffff8d45 } | |
| $a_24 = { 558b0c85e41544008b7c24245157ff15 } | |
| $a_25 = { 558bec568bf18b4d0c8d450c50e8e3fa } | |
| $a_26 = { 558bec81ec0402000056578bf1e8908a } | |
| $a_27 = { 558bec6aff68386b42006878ab400064 } | |
| $a_28 = { 558bec5153568b35283a4400578bf96a } | |
| $a_29 = { 558bec6aff68086a42006878ab400064 } | |
| $a_30 = { 558bcee827edffffff761cff15dc3944 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Wedsnot_e989804fa332f29711f2316bdcf188f6de3a9c38faa49bfea42b942850f02a2e { | |
| strings: | |
| $a_2 = { 558b2dd5de25880c5d6a08743133f640 } | |
| $a_3 = { 5589e581ecd80100008b4508890424e8 } | |
| $a_4 = { 558b2e83c608837b14017509ff7608ff } | |
| $a_5 = { 558bcfc1e910575147fb16db5d3912ea } | |
| $a_6 = { 558bec83ec108d45f050ff156c510010 } | |
| $a_7 = { 558becb804100000e8d3510000a0d8ad } | |
| $a_8 = { 5589e581ecf80000008d8518ffffff89 } | |
| $a_9 = { 558bec81ec30010000568b7508578d85 } | |
| $a_10 = { 558bec81ec200100008365f800837d18 } | |
| $a_11 = { 558bec83ec145633f63975080f84e800 } | |
| $a_12 = { 558bec83ec288b450c8365e0008945d8 } | |
| $a_13 = { 558bec5333db395d100f849200000039 } | |
| $a_14 = { 558bec6aff6880824000683677400064 } | |
| $a_15 = { 5589e583ec588b45088b80e800000089 } | |
| $a_16 = { 558b6e83eedfb1122a018d542a0e8b2d } | |
| $a_17 = { 5589e583ec145356578b45088945fc66 } | |
| $a_18 = { 558bec8d45105033c0ff751050681f00 } | |
| $a_19 = { 558b0dbc01410089e55dffe18d742600 } | |
| $a_20 = { 558bec83ec20566a65e8ded6ffffbebc } | |
| $a_21 = { 558bec83ec208b45108945e08b451889 } | |
| $a_22 = { 558bec51837d0c00743d8b450c50e899 } | |
| $a_23 = { 558bec51518365fc0056ff7508ff35f4 } | |
| $a_24 = { 558bec81ec2c04000053568b750833db } | |
| $a_25 = { 558bec83ec10538b5d0856578d73208d } | |
| $a_26 = { 5589e583ec1853568b45088b40048945 } | |
| $a_27 = { 558bec83ec28568b75088d45085056e8 } | |
| $a_28 = { 558bec51518b45148945148d45f85033 } | |
| $a_29 = { 558bec81ec180800005333db5633f643 } | |
| $a_30 = { 558bec81ec340800005657ff750833ff } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Whoran_c8f2abc8658a17266d024c0b72190cc0ee1596f2d84ca25ad1f1f8075ea0b79d { | |
| strings: | |
| $a_2 = { 558bec8b75088b7d0cfcb280a4e86d00 } | |
| $a_3 = { 558bca2f9bd70a618de6e1283e60355a } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32Yahmali_c531c79a38caae67d79091f88ad839c72cd45f54ffd6f96aec3ed77039018f1a { | |
| strings: | |
| $a_2 = { 558bec81c4e4feffff5333c08985e4fe } | |
| $a_3 = { 558bec535657a12876400085c0744b8b } | |
| $a_4 = { 558bec81c404f0ffff50538bd8e8c2f2 } | |
| $a_5 = { 558bec6a006a005333c05568693d4000 } | |
| $a_6 = { 558bec33c05568b237400064ff306489 } | |
| $a_7 = { 558bec83c4f40fb7050c6040008945f8 } | |
| $a_8 = { 558bec6a00535633c05568c926400064 } | |
| $a_9 = { 558bec83c4f85356578bd8803dac7540 } | |
| $a_10 = { 558bec518945fc33d25568e836400064 } | |
| $a_11 = { 558bec535657bf207640008b470885c0 } | |
| $a_12 = { 558bec33c05568a94f400064ff306489 } | |
| $a_13 = { 558bec33c05568c53a400064ff306489 } | |
| $a_14 = { 558bec53803dac754000000f84cc0000 } | |
| $a_15 = { 558bec83c4f85356578945fca1206040 } | |
| $a_16 = { 558bec81c4ecfeffff5333c08985f0fe } | |
| $a_17 = { 558bec33c05568f539400064ff306489 } | |
| $a_18 = { 558bec33c05568bd39400064ff306489 } | |
| $a_19 = { 558bf28bd8eb0853e88ceaffff8bd88a } | |
| $a_20 = { 558bec51538945fc8b45fce840f4ffff } | |
| $a_21 = { 558bec33c05568fd3a400064ff306489 } | |
| $a_22 = { 558bec83c4f0b8b44f4000e858e9ffff } | |
| $a_23 = { 558bec515356578bd833c0a3b0754000 } | |
| $a_24 = { 558bec33d255683e18400064ff326489 } | |
| $a_25 = { 558bec6a005356578bf833c055685c44 } | |
| $a_26 = { 558bf0bf00764000bd047640008b1df8 } | |
| $a_27 = { 558bec515356578bf28bd8803dac7540 } | |
| $a_28 = { 558bec33c951515151515333c0556882 } | |
| condition: | |
| 22 of them | |
| } | |
| rule PWSWin32Yahoopass_0729058ddcf7213add933cfb036d069e7618d356c3304f4f78815ed224e4baf1 { | |
| strings: | |
| $a_2 = { 558bd9568b2d00934000578b43048db3 } | |
| $a_3 = { 558b6c2418568b74242057c644241400 } | |
| $a_4 = { 558bec6aff68389a400068e47c400064 } | |
| $a_5 = { 558bac24c001000056578bf9c6442440 } | |
| $a_6 = { 558b2dbc90400068090400006a016a0e } | |
| $a_7 = { 558b6c2420578b7c242083c6022bdf2b } | |
| $a_8 = { 558b49a2dc4579e618ee17948c6093f5 } | |
| $a_9 = { 558b6c24088b451085c0755b538b1d90 } | |
| $a_10 = { 558b6c241885ed0f841f01000056578d } | |
| $a_11 = { 558b6c2418578d7e028d7002894c2414 } | |
| $a_12 = { 558bc18bf78bfbc1e902f3a58bc883e1 } | |
| $a_13 = { 558bec6aff683185400064a100000000 } | |
| $a_14 = { 558b2d5090400089442418ffd58bf88b } | |
| $a_15 = { 558bcb8944242ce8f001000055ff15dc } | |
| $a_16 = { 558bcbe8790300008b4b0c8b53086a08 } | |
| $a_17 = { 558bac24280100005685ed57751c8b8c } | |
| condition: | |
| 14 of them | |
| } | |
| rule PWSWin32Yaludle_871df3d4f4483331b350c2d7de81a6dfc207af747928703b020d3aff8d0b9b60 { | |
| strings: | |
| $a_2 = { 558b6c240c568b742418578b463c5055 } | |
| $a_3 = { 558bec565757518b750c8b7d088b4d10 } | |
| $a_4 = { 558bac2430030000568bc557480f85d1 } | |
| $a_5 = { 558b6c24142bee8a1e885c24188b4424 } | |
| $a_6 = { 558bec575751508b7d088b4d0c32c0aa } | |
| $a_7 = { 558b6c24108b586803dd3bdd895c2414 } | |
| condition: | |
| 6 of them | |
| } | |
| rule PWSWin32Yunsip_338f4f8384c9b43527e0032811023a6834fecf16c01a6b78a8299236914853b1 { | |
| strings: | |
| $a_2 = { 558bec518bc1538b4d088b5808894dfc } | |
| $a_3 = { 558bec81ec0c0200005356576810ae01 } | |
| $a_4 = { 558bec83ec1453568bf157bb20060000 } | |
| $a_5 = { 558bec83ec1453568bf157bb18020000 } | |
| $a_6 = { 558bec81ec0802000056bed0af011056 } | |
| $a_7 = { 558bec81ec1c04000053565733db6810 } | |
| $a_8 = { 558bec83ec1453568bf157bba0040000 } | |
| $a_9 = { 558bec81ec1002000053565768a4af01 } | |
| $a_10 = { 558bec538b5d0833c056668b0b8bd366 } | |
| $a_11 = { 558becb840580000e8fb120000535657 } | |
| $a_12 = { 558bec83ec1453568bf157bb24020000 } | |
| $a_13 = { 558bec837d0c018b4508750c80382275 } | |
| $a_14 = { 558bec81ec08020000568b7508803e22 } | |
| $a_15 = { 558bec51515356578bf16894a10110ff } | |
| $a_16 = { 558bec515356578bf168a8ae0110ff15 } | |
| $a_17 = { 558bec83ec188b450c576a1c33d259f7 } | |
| $a_18 = { 558bec83ec0c565733ff8d7120680802 } | |
| $a_19 = { 558bec837d0c0056578b3d504001108b } | |
| $a_20 = { 558bec83ec545657ff7508ff15544001 } | |
| $a_21 = { 558bec81ec140400005356576898b501 } | |
| $a_22 = { 558bec518365fc005356576064a13000 } | |
| $a_23 = { 558bec83ec1453568b7508576a008bf9 } | |
| $a_24 = { 558bec81ec5002000053568bf1576808 } | |
| $a_25 = { 558bec81ec14020000578d85ecfdffff } | |
| $a_26 = { 558bec83ec44538bd95657c703b84201 } | |
| $a_27 = { 558bec83ec1c5356578b7d088365f000 } | |
| $a_28 = { 558becb818480000e8740d000053568b } | |
| $a_29 = { 558becb8184a0000e887290000535657 } | |
| $a_30 = { 558bec8d45085650ff7508ff15e04101 } | |
| condition: | |
| 24 of them | |
| } | |
| rule PWSWin32Zakahic_a509887531e12380d2050ff50a9317abd774dc850d00f55986b519ac10362532 { | |
| strings: | |
| $a_2 = { 558b7470533613a7d8d752b773354513 } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin32Zbal_21002a365dde3cfd638c3c65dfbc1ae252380ba508a542a47993a60e4816fb8b { | |
| strings: | |
| $a_2 = { 558b000622b9df4b878f9c3d712105bd } | |
| $a_3 = { 558bec83ec28890d40a04000e8c30000 } | |
| $a_4 = { 558bec83ec28e899010000a32ca04000 } | |
| $a_5 = { 558b13e5750795bcd5f5a9df00849467 } | |
| $a_6 = { 558be86d3a15008469e37432510fc6b8 } | |
| $a_7 = { 558bec83ec2089e2e8bc0000008945fc } | |
| $a_8 = { 558be3d81c64c247a84100b4e172b7bd } | |
| $a_9 = { 558bec83ec2ce8250100008945e8e82b } | |
| $a_10 = { 558bec83ec18535657bb0040400033c9 } | |
| condition: | |
| 8 of them | |
| } | |
| rule PWSWin32Zbot_17f27b58a99db634b6ac85ca12efb84d4484aba3c2827a79eb46f6195611969c { | |
| strings: | |
| $a_2 = { 558b309281751493f575f429751483b5 } | |
| $a_3 = { 558bec83ec10c745fc1e010000c745f8 } | |
| $a_4 = { 558bc8091c5643b798cb0f2387d84f6a } | |
| $a_5 = { 558be0f54a56a779bf125c264fff6922 } | |
| $a_6 = { 558b88a9eb101f933e7cf53f042f2ea8 } | |
| $a_7 = { 558b80a5eb409e250056cba174c83496 } | |
| $a_8 = { 558be10255566b17bc141c2b89f8e5cf } | |
| $a_9 = { 558be0a8e60cdf76f2ffaf7281357038 } | |
| $a_10 = { 558bb4383d636438255b54380d538438 } | |
| $a_11 = { 558bec83ec0cc745fc41200000c70564 } | |
| $a_12 = { 558bec8b45088b40fc5dc3cccccccccc } | |
| $a_13 = { 558bf562ef11357e291480b8075078bf } | |
| $a_14 = { 558b9289c7e89638feff8f556d08f584 } | |
| $a_15 = { 558b8034565711e1fb50f4f8feff9c8b } | |
| $a_16 = { 558b38d805088e630004e29b75100006 } | |
| $a_17 = { 558b14055c42001c9d068bba497fc3f1 } | |
| $a_18 = { 558bec83ec148b4508837804000f849d } | |
| $a_19 = { 558bf52983e43da802e8f6a3cefb714e } | |
| $a_20 = { 558b7058a6fcc2209cfd8fbda883b53c } | |
| $a_21 = { 558bec6a4068003000008b4508506a00 } | |
| $a_22 = { 558bbab393b83f62459c9a0ce9037e76 } | |
| $a_23 = { 558b38adec6862c8750c395f98503b4f } | |
| $a_24 = { 558bec81ec6c010000535657c785dcfe } | |
| condition: | |
| 19 of them | |
| } | |
| rule PWSWin32Zhengtu_d83b5966a3a35f5904cce3fec6aa58a5694a0523ce7d391569b313ae10d781ef { | |
| strings: | |
| $a_2 = { 558b6c240856578bfd83c9ff33c033f6 } | |
| $a_3 = { 558bec81ecec06000053568d8514f9ff } | |
| $a_4 = { 558b6c241456578bfd8bf0f2aef7d149 } | |
| $a_5 = { 558b6c2410568d44241457508bda6a04 } | |
| $a_6 = { 558bec6aff6840620010683057001064 } | |
| $a_7 = { 558bec6aff6870620010683057001064 } | |
| $a_8 = { 558bec81ec70010000535657837d0800 } | |
| $a_9 = { 558bec81ec2402000053565768c82bbc } | |
| $a_10 = { 558bec56579090909090908b750833c9 } | |
| $a_11 = { 558bec81ec70010000535657682c0100 } | |
| $a_12 = { 558bec6aff68a0620010683057001064 } | |
| $a_13 = { 558bec6aff6880620010683057001064 } | |
| $a_14 = { 558b6c240c8bcde86f44000068647000 } | |
| $a_15 = { 558bec6aff6860620010683057001064 } | |
| $a_16 = { 558becff25f0780010cccccccccccccc } | |
| $a_17 = { 558b2d70610010568b35c46000105733 } | |
| $a_18 = { 558bec6aff6890620010683057001064 } | |
| $a_19 = { 558bec81ec980200005356578d4de0e8 } | |
| $a_20 = { 558bec6aff6850620010683057001064 } | |
| condition: | |
| 16 of them | |
| } | |
| rule PWSWin32Zuten_febcc16696adbea1b8bb5f14d8f3a178e220f25ab6af2b5f0407cd42d7872208 { | |
| strings: | |
| $a_2 = { 558bec83ec285356576083c4ff020172 } | |
| condition: | |
| 2 of them | |
| } | |
| rule PWSWin64Zbot_38688e3d89a80ddb233eb8ffbadee9d921cbbe7c9b2924b89fafafbccc225b21 { | |
| strings: | |
| $a_2 = { 558b3fc1b8cb9fa40d8ee22d65cc8ab3 } | |
| $a_3 = { 558b03e7d3363e33d9c04f0fdf82573e } | |
| $a_4 = { 558b08bdb16e5504f9c818e335485c6d } | |
| condition: | |
| 3 of them | |
| } | |
| rule PWSWinNTOnLineGames_030505ee8cbb5a93e17aef0fa19ef73788acfc9a95edfba50e6cd44a3e626072 { | |
| strings: | |
| $a_2 = { 558b30dd5a1ddd084a558bdd52dd5593 } | |
| $a_3 = { 558bec51518b450856578bf08d7df8a5 } | |
| $a_4 = { 558bec51518b450c5633f68945f88b45 } | |
| $a_5 = { 558bec6aff6898120100689811010064 } | |
| $a_6 = { 558bec6aff681a0008056064a1285064 } | |
| $a_7 = { 558bec83ec645356576a0759be380f01 } | |
| $a_8 = { 558bec83ec188d450850ff7508e8100c } | |
| $a_9 = { 558bec6aff68a8120100689811010064 } | |
| $a_10 = { 558bec8b450c8b0885c9760f4989088b } | |
| $a_11 = { 558bec83ec3056576a09bef410010059 } | |
| $a_12 = { 558bec83ec1c8d45fc508d45e46a1850 } | |
| $a_13 = { 558bec51518a450888450ba1c0110100 } | |
| $a_14 = { 558bec81ec200100005356576a4033db } | |
| $a_15 = { 558bec5633f63935f837010074463975 } | |
| condition: | |
| 12 of them | |
| } | |
| rule RansomAndroidOSDrokole_42459fff0452c14f31cfed7214c2b4f36ed6879a0e692c69bdd277d89da7ace3 { | |
| strings: | |
| $a_2 = { 558b513d8ecb66226af0315235850427 } | |
| $a_3 = { 558b718801f4820b499f30f784cc51e7 } | |
| $a_4 = { 558b77f5a568a0ba6a0edc0ef2beaebb } | |
| $a_5 = { 558b11332cc4836396d112ecba6507e5 } | |
| $a_6 = { 558bc7f69f440b7bc11e68a08474cff2 } | |
| condition: | |
| 5 of them | |
| } | |
| rule RansomAndroidOSFakElt_723fc6af06cbc1b29860e06408de90bc97b2420af3d22d597f9b8642cfa323bc { | |
| strings: | |
| $a_2 = { 558b90daff22d684a768cc68a2fa1dd3 } | |
| $a_3 = { 558bc6c1a6ae7b6cc981bd6b6be9b65e } | |
| $a_4 = { 558bd93d3f5028e7f10cc0f7498e2f5f } | |
| $a_5 = { 558bfe46f95b6b945def0df476cdfdbf } | |
| $a_6 = { 558b5e2b1c6cf0289b8c083ef13d6c86 } | |
| $a_7 = { 558bea7336f6f19fae88c669d724afb5 } | |
| $a_8 = { 558b74a7eb7997eb05dd8c5714fea2b6 } | |
| $a_9 = { 558bfab2c8b12f75ea5de5f8ac73f426 } | |
| $a_10 = { 558b717a01717ed0dfcdef4ee29d18dc } | |
| $a_11 = { 558bac52e4eaaa855bb56279d522ef2b } | |
| condition: | |
| 9 of them | |
| } | |
| rule RansomAndroidOSKoler_668df1bf7ca61e1701e564818f8a87f2535b9cdbc26cf46834000bcd35f06800 { | |
| strings: | |
| $a_2 = { 558b210e2b9c9c0df127aaf40c08c758 } | |
| $a_3 = { 5589e5b93f4adb69f24a385d29916551 } | |
| $a_4 = { 558b304e390e4bec6bf3411c5b6b01c4 } | |
| $a_5 = { 558b855ff321815f818fdde5e9ab53c8 } | |
| condition: | |
| 4 of them | |
| } | |
| rule RansomAndroidOSLockScreen_f2e3656673cce0c6d305904d31c4958d287a19f2d69626022ec51bcf2eb61298 { | |
| strings: | |
| $a_2 = { 5589e5fa3401f4cda6a7cbb61901470f } | |
| $a_3 = { 558b3740cc9eebaf3bb1fd70c3c30ca3 } | |
| $a_4 = { 558b11ac6a6695a6d8eced34e9f0c8ae } | |
| $a_5 = { 558bae8774e670baa4a1f1ff0009872d } | |
| $a_6 = { 558be76f81d7c5b208cc2616ad16bda3 } | |
| $a_7 = { 558bb99c33e5c64277b57e89fea1222a } | |
| $a_8 = { 558bc52f52b42dff2820156970937b66 } | |
| $a_9 = { 558b8a713b2d71f2654ba50d1fd430fc } | |
| $a_10 = { 558b5cee7b872ed14e2bbe895b7c9643 } | |
| $a_11 = { 558bd52c968fee6ebfe353185de110b6 } | |
| $a_12 = { 558b0efc27a2655cd1fc8d824b772472 } | |
| $a_13 = { 558b7db4a1f4d9a4acd60de087e38490 } | |
| $a_14 = { 558b5a9ca355b142be5e0d6cb65d0a7d } | |
| $a_15 = { 558b3cbf3258577ab66d5225b57cbcdc } | |
| $a_16 = { 558ba25e899c7ec7a795accfc3c3744f } | |
| $a_17 = { 558b20a9030bc9bcb41795c7e4d5959a } | |
| $a_18 = { 558b4f554e70bac81395b35bb34ba39b } | |
| $a_19 = { 558b10af45a5f63d9708598cb27c41e6 } | |
| $a_20 = { 558b2bf5098d3fdc3c21df2f77af02e2 } | |
| $a_21 = { 558b0b85e0f79dd75a39d282c228a7ec } | |
| $a_22 = { 558bb4879b0539ec147550e2f2082395 } | |
| condition: | |
| 18 of them | |
| } | |
| rule RansomAutoItLokmwiz_7eba2ec1452a78cc0ced6cb240ddd6b78300f9b828f3d73ad374e040b647d4d5 { | |
| strings: | |
| $a_2 = { 558b413cc70e60cf57cd545232fc0492 } | |
| $a_3 = { 558bbff62bafeac02b971b1163885e8d } | |
| $a_4 = { 558bba11153aa69d3a5d991d2d9dd9f3 } | |
| $a_5 = { 558b89703acc9b69f9f62267caff9f42 } | |
| $a_6 = { 558b3765df2502843d065663056d562b } | |
| $a_7 = { 558b7cdfc8166c9e6c0446441ec0b099 } | |
| $a_8 = { 558b83370bc805604963353db435ff37 } | |
| $a_9 = { 558b8fd8178e0b484201b727ea5f4adc } | |
| $a_10 = { 558b3f6218cf4307ab125ed4c3c8c8cc } | |
| condition: | |
| 8 of them | |
| } | |
| rule RansomJSEnrume_adaccd2e9f450270e4c7bf8650c369fdd714ae18d453577a2b4a8faa5b337883 { | |
| strings: | |
| $a_2 = { 558beed6b1c82fcfe672088b824bb7f1 } | |
| $a_3 = { 558becb808100000e86dd000005333db } | |
| $a_4 = { 558bec8b4508a3e00145005dc38bff55 } | |
| $a_5 = { 558bf161ecf485ad088b6fb633128ae5 } | |
| $a_6 = { 558b9d13f280c07d6510579db6d0928e } | |
| $a_7 = { 558becb800200000e8260d0100538b5d } | |
| $a_8 = { 558becb848100000e85d27010053568b } | |
| $a_9 = { 558becb804100000e8be170100568b75 } | |
| $a_10 = { 558b7fb70e3e08f6317a6e7fbb31e9f3 } | |
| $a_11 = { 558bec515156578b3d98a042008bf183 } | |
| $a_12 = { 558bec83ec0ca19802430033c58945fc } | |
| $a_13 = { 558bec8b4508a3acf944005dc38bff55 } | |
| $a_14 = { 558b41add7d0ffd2c52f2e5415787667 } | |
| $a_15 = { 558b6d8deb14e5ee8fb5dbf96a922a11 } | |
| $a_16 = { 558becb800120000e8599000005356ff } | |
| $a_17 = { 558bdfe9b2bb02fc11f0e41b1bf3fbe4 } | |
| $a_18 = { 558bec8b4508ff34c518044300ff1500 } | |
| $a_19 = { 558b04180a1c099ca4c27ec6cb398381 } | |
| $a_20 = { 558bec8b4508a3a4f944005dc38bff55 } | |
| $a_21 = { 558bb61b7b1791f9ebf7aeefc03f39a4 } | |
| $a_22 = { 558b3aceb5c00ebe098c9c16c06e48fe } | |
| $a_23 = { 558bec83ec14a1081445008b4d086bc0 } | |
| $a_24 = { 558becb800100000e894050100e86bf6 } | |
| $a_25 = { 558b26bcf8d320121d386a71fc918d1f } | |
| $a_26 = { 558becb814200000e8a21f000053568b } | |
| $a_27 = { 558becb8e41a0000e8a665ffffa19802 } | |
| $a_28 = { 558bd62eff4bb9e2bc85de72faa2bec2 } | |
| $a_29 = { 558b3994afeeab595b7ffaaf25e6a787 } | |
| $a_30 = { 558bec83ec1c568b35b0a04200576a0a } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomMSILCryptJoke_31e0be7e4ec0d7ba42f37a5cc4947d87a215eb567c5741d7230d4d2cff2879a7 { | |
| strings: | |
| $a_2 = { 558baf1c35758daa0e6a3e673e58d671 } | |
| $a_3 = { 558badff4e97b6ff44a1befe3e809fff } | |
| $a_4 = { 5589e5578b7d106a0158530fa2890789 } | |
| $a_5 = { 558b293dd20b26f775a80f9708e0c289 } | |
| $a_6 = { 558badff655f8bff782762ff636791ff } | |
| $a_7 = { 558b76bb62696995d5f521470eede677 } | |
| $a_8 = { 558baffe5e6c97ff655383fe616a96ff } | |
| condition: | |
| 6 of them | |
| } | |
| rule RansomMSILDukescamLock_0653602771e6014fa39f8ed605b9347e61a02eb7b5d63293bb808278b207c8b1 { | |
| strings: | |
| $a_2 = { 558b9aacde9947ed23234c924e2753f4 } | |
| $a_3 = { 558bc31379d889d8b447d83e9ec48bdd } | |
| $a_4 = { 558b5f5df58b7feda4fedf1796bace25 } | |
| $a_5 = { 558bbaa3172d59289d741b27d364fc22 } | |
| $a_6 = { 558b9d8414b4fc6cb1d40fa3d2ee2231 } | |
| condition: | |
| 5 of them | |
| } | |
| rule RansomMSILHasadcrypt_c414040938cd0f99ae9279604dd45595249f3da956a3ab66acaec0bbfc062fcd { | |
| strings: | |
| $a_2 = { 558bfe0ad7d6e51f0a205b74d3a31cfb } | |
| $a_3 = { 558b660270fc6367c705c0d502a7411c } | |
| $a_4 = { 558b7ef710bf927b46e9da2618d3dbc1 } | |
| $a_5 = { 558b1c5b938204b5916fd7c0e53223a7 } | |
| $a_6 = { 558b14ebcc8ff767dca7322f75a86363 } | |
| $a_7 = { 558beca12c634c005dc31251894dfcb8 } | |
| $a_8 = { 558bd119e06f309089ca9393f63b8bca } | |
| $a_9 = { 558b85fd6f7be63d2f894820415acc89 } | |
| $a_10 = { 558b62c44d374ec75162282bb035fd6d } | |
| $a_11 = { 558b0bf0ffe50d974b85aa8620a7ff6e } | |
| $a_12 = { 558ba7af1acd90b6270e2716b6c0c0a3 } | |
| $a_13 = { 558bfbd3c00196fa9555065c8b5318e9 } | |
| $a_14 = { 558b2fccf8f951d8a2e3e8f922ef564f } | |
| $a_15 = { 558ba0521631ae9664915f88b2579d70 } | |
| $a_16 = { 558b9bc7a9d0bcca04441f460d9ef0a3 } | |
| $a_17 = { 558bf961fa11506abe2bdb343a3832a5 } | |
| $a_18 = { 558bd7d331d423f5ce8b39276bba1cdd } | |
| $a_19 = { 558b7195587f9aff03c786792b7f9a05 } | |
| $a_20 = { 558bcc036dadcca82ab2f8d57066aa3d } | |
| $a_21 = { 558bd86d064081bd0b7011a90a536650 } | |
| condition: | |
| 17 of them | |
| } | |
| rule RansomMSILPentagonRat_17d98528b332450e512b01bb219b24c70db2fc6c6e2e6198c38fc35365e77d9d { | |
| strings: | |
| $a_2 = { 558bec538bd833c08943248b45088943 } | |
| $a_3 = { 558bec51538bda8945fc8b45fc8b8040 } | |
| $a_4 = { 558bec83c4c053565733c9894df0894d } | |
| $a_5 = { 558bec53565733c05568f110410064ff } | |
| $a_6 = { 558bec6a0033c0556824cd490064ff30 } | |
| $a_7 = { 558bec515384d2740883c4f0e8f736fc } | |
| $a_8 = { 558bda8be8c64524018b45048b40043b } | |
| $a_9 = { 558bec51538955fc8bd88b45fce816c5 } | |
| $a_10 = { 558bec33c05568717e480064ff306489 } | |
| $a_11 = { 558bec83c4e0538945fc8b45fc8b4028 } | |
| $a_12 = { 558bec5153884dff6683786e0074188a } | |
| $a_13 = { 558bec53568bd885db75068b1d94c74a } | |
| $a_14 = { 558bec83c4a853565733c9894da88bda } | |
| $a_15 = { 558bec53568b750883c6fc33db8b06ba } | |
| $a_16 = { 558bec33c055685dfe410064ff306489 } | |
| $a_17 = { 558bec833dfce64a0000740aa1fce64a } | |
| $a_18 = { 558bc7e887d9ffff50e8e9a6feff83c4 } | |
| $a_19 = { 558bec33c0556821b8400064ff306489 } | |
| $a_20 = { 558bec83c4ec535633c08945fc8b5d08 } | |
| $a_21 = { 558bfa8bd88b77088b8318010000f7d8 } | |
| $a_22 = { 558bec51535684d2740883c4f0e87afa } | |
| $a_23 = { 558bec83c4f853568855fb8945fc8b45 } | |
| $a_24 = { 558bec6a0033c05568a209410064ff30 } | |
| $a_25 = { 558bf28bd88bc68b15742c4600e8b7b6 } | |
| $a_26 = { 558bec83c4a0535657884dfa8855fb89 } | |
| $a_27 = { 558bec515384d2740883c4f0e84f15f9 } | |
| $a_28 = { 558bf08996ac0100008b86a00100008b } | |
| $a_29 = { 558bec518945fc8b45fc80b828010000 } | |
| $a_30 = { 558bec83c4f8538bd8c645ff00833d0c } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomMSILRasoon_2c94412bbe9811601c769472d41b6badf167798112419722bee208a836f36d45 { | |
| strings: | |
| $a_2 = { 558bec538b5d0856578bf9c707a4ab33 } | |
| $a_3 = { 558becff055cf633676800100000e807 } | |
| $a_4 = { 558bec83ec74a168e5336733c58945fc } | |
| $a_5 = { 558bec83ec10a168e5336733c58945fc } | |
| $a_6 = { 558bec81ec28030000a168e5336733c5 } | |
| $a_7 = { 558bec56508b4508890424e8c40a0100 } | |
| $a_8 = { 558bec83ec28894dec8b45088bc8e83d } | |
| $a_9 = { 558bec56894dfc8b45fc8bc8e8c3ffff } | |
| $a_10 = { 558bec83ec28894de88b45e88bc8e86d } | |
| $a_11 = { 558bec56894dfc83c4f08b4508890424 } | |
| $a_12 = { 558becb86c440100e82fdb0000897dfc } | |
| $a_13 = { 558bec56894dfc8b45fc8b4004c9c390 } | |
| $a_14 = { 558b23afafb2a884a9a3bbf8daaccb2a } | |
| $a_15 = { 558bec81ec28030000a388fd3367890d } | |
| $a_16 = { 558bec568bf1c706c86c3367e8affeff } | |
| $a_17 = { 558bec83ec10ff750c8d4df0e86252ff } | |
| $a_18 = { 558bec56ff3524ef33678b35e4603367 } | |
| $a_19 = { 558bec83ec34a168e5336733c58945fc } | |
| $a_20 = { 558bec5683c4f08b45088904248b450c } | |
| $a_21 = { 558bec83ec08894df88b45f88bc8e865 } | |
| $a_22 = { 558bec56894dfc83c4f88b45fcc60424 } | |
| $a_23 = { 558bec6aff68987e316764a100000000 } | |
| $a_24 = { 558b3783c70489bddcfdffffe8fcdcff } | |
| $a_25 = { 558bec83ec10894df08b45f08bc8e85d } | |
| $a_26 = { 558bec8b45085633f63bc6751de89055 } | |
| $a_27 = { 558bec83ec10894df08b45f08bc8e8f5 } | |
| $a_28 = { 558bec8b4508b9e8e233673bc1721f3d } | |
| $a_29 = { 558bec83ec508d45dcc70424186b3367 } | |
| $a_30 = { 558bec833d30fb33670075076818ef33 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomMSILSerpenCrypt_c9a3fdd3901a22c5b8f0864a6fe0ccb62522e6e428bccc96ca33045f2f826ad1 { | |
| strings: | |
| $a_2 = { 558becff7508e8aa2e0100598b4d102b } | |
| $a_3 = { 558becb810140000e87e02ffffa1b891 } | |
| $a_4 = { 558bcfe8b79b00008b442418c6042e00 } | |
| $a_5 = { 558bec51568b750883fefe7515e8a78c } | |
| $a_6 = { 558b6c24105755e8c89e00006bc80c81 } | |
| $a_7 = { 558bec83ec0ce8badeffff8945fce80a } | |
| $a_8 = { 558bec83ec10ff75088d4df0e85eaeff } | |
| $a_9 = { 558becb818140000e8b100ffffa1b891 } | |
| $a_10 = { 558becb800100000e82c290100568b75 } | |
| $a_11 = { 558bcee810fdffff55ff368bcfe8159c } | |
| $a_12 = { 558becb820100000e8f03a0000680008 } | |
| $a_13 = { 558bece87207000085c0740f807d0800 } | |
| $a_14 = { 558bec6afe68107343006820fd410064 } | |
| $a_15 = { 558bec56ff75088bf1e89100ffffc706 } | |
| $a_16 = { 558bec5de9f53b00008bff558bec8b55 } | |
| $a_17 = { 558becff7508e80bfbffff59a3f48345 } | |
| $a_18 = { 558becb818100000e870150000e846d4 } | |
| $a_19 = { 558bec56fc8b750c8b4e0833cee817f5 } | |
| $a_20 = { 558bcfe8f879ffffc1e80c8bcf0fb6c0 } | |
| $a_21 = { 558bec515153576a306a40e8fbcbffff } | |
| $a_22 = { 558bec568b750885f67515e8fa8fffff } | |
| $a_23 = { 558bec64a1000000008bd16aff68b9ee } | |
| $a_24 = { 558bcc14f709452c3cd55dd66852ec28 } | |
| $a_25 = { 558bc8e87ce1ffff8bf08d8b384b0000 } | |
| $a_26 = { 558bec56ff75108b750c5656e8ff4100 } | |
| $a_27 = { 558bec81ec2403000053566a17e80419 } | |
| $a_28 = { 558bec83ec10837d08007514e82f9eff } | |
| $a_29 = { 558bec8b4d0883f9fe7515e87bcdffff } | |
| $a_30 = { 558bec81ec240300006a17e894150100 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomMSILVortex_21c5c5d2aa797c78bb2e7fc28e06b5853d3f967801e3db960582bf6ff8bfa629 { | |
| strings: | |
| $a_2 = { 558b43d5f34cd897ce3b59822950b0ba } | |
| condition: | |
| 2 of them | |
| } | |
| rule RansomWin32Anunau_7482e919bb05fb4bd941c57fe519758d89e47fb8634b2ca4bbc7f527b6592d0e { | |
| strings: | |
| $a_2 = { 558bec51535684d2740883c4f0e8d6e2 } | |
| $a_3 = { 558bec6a0053568bd833c05568c4a944 } | |
| $a_4 = { 558bec33c05568d295410064ff306489 } | |
| $a_5 = { 558bea8bf08bc5e85dbefaffbb010000 } | |
| $a_6 = { 558bec83c4f8e85173feff8855fb8945 } | |
| $a_7 = { 558bec538bd88b4508508bc3e8a399ff } | |
| $a_8 = { 558bec33c05568ef4d460064ff306489 } | |
| $a_9 = { 558bec6a006a00538bd833c055683c69 } | |
| $a_10 = { 558bec6a005356578bf833c0556847f3 } | |
| $a_11 = { 558bec83c4f8538945fc8b45fce84267 } | |
| $a_12 = { 558bf98bf28bd83bfe742e8bd68b4310 } | |
| $a_13 = { 558bea8bf88b87100200008b70084e85 } | |
| $a_14 = { 558b4334e831bcffff50e833effaff59 } | |
| $a_15 = { 558bec5356578b7d10803d2f194a0000 } | |
| $a_16 = { 558bec6a005356578bd833c055682f8f } | |
| $a_17 = { 558bec6a0033c055681601410064ff30 } | |
| $a_18 = { 558bec33c05568395e480064ff306489 } | |
| $a_19 = { 558bec83c4ec538bd88d45ef50e822cb } | |
| $a_20 = { 558bec33c0556899d1420064ff306489 } | |
| $a_21 = { 558bec33c055689cee400064ff306489 } | |
| $a_22 = { 558bec33c05568f5d4420064ff306489 } | |
| $a_23 = { 558bd6a1541b4a00e8d4320000e8d32f } | |
| $a_24 = { 558bec33c055686b8a460064ff306489 } | |
| $a_25 = { 558bec33c0556805b8420064ff306489 } | |
| $a_26 = { 558bec6a0033d25568fdcd450064ff32 } | |
| $a_27 = { 558bec6a00538bd833c05568a0194200 } | |
| $a_28 = { 558bec568bf0df6d08d8351cbd470083 } | |
| $a_29 = { 558bec6a00538bd833c05568486a4800 } | |
| $a_30 = { 558bec33c05568310a450064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Apocalypse_fabfc209336d1c4952a2c5430edd97e55d20911d73cefd0337195117b4c1b531 { | |
| strings: | |
| $a_2 = { 558bec83e4f881ec5c0a000053568b75 } | |
| $a_3 = { 558b6c243c565733ff57576a03576a07 } | |
| $a_4 = { 558bec83e4f881ec5404000053565768 } | |
| $a_5 = { 558b2d1c304000565768d83240006a00 } | |
| $a_6 = { 558bf8684434400057ff156831400083 } | |
| condition: | |
| 5 of them | |
| } | |
| rule RansomWin32Apollo_c002b74675c698f74f1dd395910f534759348f8ce63a5b3da2ca641d7a2164b5 { | |
| strings: | |
| $a_2 = { 558bec81ecc4000000a1ec7f8d000fbe } | |
| $a_3 = { 558becb8f4408d005dc3cccccccc8bff } | |
| $a_4 = { 558bec81ec0c0200005356578dbdf4fd } | |
| $a_5 = { 558bec6aff683663800064a100000000 } | |
| $a_6 = { 558bec6aff68c89b810064a100000000 } | |
| $a_7 = { 558bec6a008b4d08e83b4ae9ff3bece8 } | |
| $a_8 = { 558bec6aff684640800064a100000000 } | |
| $a_9 = { 558bec51894dfc8b4dfce8a9fed9ff8b } | |
| $a_10 = { 558bec83ec2456a1587e8d0050ff1534 } | |
| $a_11 = { 558bec6aff6833bc800064a100000000 } | |
| $a_12 = { 558bec6aff6809d7800064a100000000 } | |
| $a_13 = { 558bec6aff687fa2810064a100000000 } | |
| $a_14 = { 558bec51894dfc8b4dfce8d541d7ff8b } | |
| $a_15 = { 558bec6aff682994800064a100000000 } | |
| $a_16 = { 558bec6aff6823e8800064a100000000 } | |
| $a_17 = { 558bec6aff68516c820064a100000000 } | |
| $a_18 = { 558bec6aff6858bf7f0064a100000000 } | |
| $a_19 = { 558bec6aff684165810064a100000000 } | |
| $a_20 = { 558bec6aff68c868820064a100000000 } | |
| $a_21 = { 558bec6aff68db5d800064a100000000 } | |
| $a_22 = { 558becb9f4808d00e8cab1d2ff5dc3cc } | |
| $a_23 = { 558bec6aff68755e820064a100000000 } | |
| $a_24 = { 558bec6a4868c8e483008b450c508b4d } | |
| $a_25 = { 558bec6aff6800f67f0064a100000000 } | |
| $a_26 = { 558bec51894dfc6a506818808d008b4d } | |
| $a_27 = { 558bec6aff681ee0810064a100000000 } | |
| $a_28 = { 558bec6aff680169820064a100000000 } | |
| $a_29 = { 558bec6aff68117a800064a100000000 } | |
| $a_30 = { 558bec6a00b984468d00e884d7d2ff3b } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Bartcrypt_8fd30c8634fa2e8294af6222443d4c25d92473bbdd7ca80c2ec21003a646583e { | |
| strings: | |
| $a_2 = { 558b451c3bc77505a140eb42008b4d10 } | |
| $a_3 = { 558bec81ecb8000000c745ec7bba0000 } | |
| $a_4 = { 558bec6aff68507b420068f884400064 } | |
| $a_5 = { 558bec6aff68087b420068f884400064 } | |
| $a_6 = { 558bec81ec20010000c745a8da000000 } | |
| $a_7 = { 558bec83ec185356576a19e8108dffff } | |
| $a_8 = { 558bece9c4f40000e9bbf40000e9b2f4 } | |
| $a_9 = { 558bec6aff68f87a420068f884400064 } | |
| $a_10 = { 558bec6aff68707f420068f884400064 } | |
| $a_11 = { 558bec6aff68687b420068f884400064 } | |
| $a_12 = { 558bec81ecc4000000c745b068590000 } | |
| $a_13 = { 558bec8b4508ff348590674200ff1558 } | |
| $a_14 = { 558bec81ecd8000000c745a000000000 } | |
| $a_15 = { 558bec81ec80000000c745fcce000000 } | |
| $a_16 = { 558bec51833d40eb420000535657751d } | |
| $a_17 = { 558bec51510fb705ceeb42000fb70dd0 } | |
| $a_18 = { 558bec81ecc4000000c74598318f62f0 } | |
| $a_19 = { 558bec51518365fc005356578b3de874 } | |
| $a_20 = { 558bec51ff158810410033c08be55dc3 } | |
| $a_21 = { 558bec8b450856833c8590674200008d } | |
| $a_22 = { 558bf0e89d1e000068a0eb42006a1057 } | |
| $a_23 = { 558bec51c745fcca600000c7450853f8 } | |
| $a_24 = { 558bec81ec14010000c7450cbd840000 } | |
| $a_25 = { 558bec833decec4200005356750fff75 } | |
| $a_26 = { 558bec81ecdc000000c745a4cf000000 } | |
| $a_27 = { 558b4524890d447942006bc03c034528 } | |
| $a_28 = { 558bec83ec18c745f000000000eb098b } | |
| $a_29 = { 558bec51ff157810410033c08be55dc3 } | |
| $a_30 = { 558bec83ec0c53bbe075420033c983eb } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Betisrypt_8e8e5a2b7538cefb6b753371db91153b84b081013d07f7bc7910a48b201dc3dc { | |
| strings: | |
| $a_2 = { 558bec8a45083c0174083c02740433c9 } | |
| $a_3 = { 558becf6450801568bf1c7062c834200 } | |
| $a_4 = { 558bec81ece4020000a17090430033c5 } | |
| $a_5 = { 558bec535657ff7510e8cb27000059e8 } | |
| $a_6 = { 558bec6afe681077430068a0ee400064 } | |
| $a_7 = { 558bec83ec1c837d0c00741d837d1000 } | |
| $a_8 = { 558bec57833d18a64300010f82fd0000 } | |
| $a_9 = { 558bec568b750c8b063b05a8a9430074 } | |
| $a_10 = { 558becff7508b94ca84300e8539b0000 } | |
| $a_11 = { 558bec568b750c8b063b057cad430074 } | |
| $a_12 = { 558bec56e8aa3900008b75083b702475 } | |
| $a_13 = { 558bec8b4508a3e0a643005dc38bff55 } | |
| $a_14 = { 558bec51a17090430033c58945fc56e8 } | |
| $a_15 = { 558bec81ecf4000000a17090430033c5 } | |
| $a_16 = { 558bec8b450885c07515e8fff2ffffc7 } | |
| $a_17 = { 558bec8b4d0885c97515e87f250000c7 } | |
| $a_18 = { 558bec83ec388b451c8b4d108b551489 } | |
| $a_19 = { 558bec83e4f883ec24a17090430033c4 } | |
| $a_20 = { 558bec5151a17090430033c58945fc53 } | |
| $a_21 = { 558bece84798000083f801742064a130 } | |
| $a_22 = { 558bec8b45088b003b0574a943007407 } | |
| $a_23 = { 558bec807d0800752756be3ca6430083 } | |
| $a_24 = { 558bec6aff682073420064a100000000 } | |
| $a_25 = { 558bec5151a17090430033c58945fc56 } | |
| $a_26 = { 558bec51e8a94400008b484c894dfc8d } | |
| $a_27 = { 558bec833d0ca64300005675318b3570 } | |
| $a_28 = { 558bec6aff68a070420064a100000000 } | |
| $a_29 = { 558bec8b4d0c568b7508890ee8c63900 } | |
| $a_30 = { 558bec8d4108500fb6450850e8237a00 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Blobash_59c02bd1b7ad5aa13b5b0f30f91669892a82fea28c2ca0d82fa746fcb975086e { | |
| strings: | |
| $a_2 = { 558bec837d0c07568b7508750768b036 } | |
| $a_3 = { 558bec51ff35b0b440008365fc00e832 } | |
| $a_4 = { 558bec535657ff3508b54000e84d2200 } | |
| $a_5 = { 558bec8b45088b0d88a340008d4401ff } | |
| $a_6 = { 558bec515168ecb44000ff1524a74000 } | |
| $a_7 = { 558bec51535657ff35b0b44000e8f42f } | |
| $a_8 = { 558bec83ec18535657ff3510b5400033 } | |
| $a_9 = { 558bec8b45083b0588a3400072218b0d } | |
| $a_10 = { 558bec8b4508c70005000000c7400420 } | |
| $a_11 = { 558bec51568b3530a740006a026a006a } | |
| $a_12 = { 558bec5157ff3510b54000e80a1a0000 } | |
| $a_13 = { 558bec83ec385356ff3508b54000e82b } | |
| $a_14 = { 558bec535657508b750c8b0683f8ff74 } | |
| $a_15 = { 558bec83c4f4fc5357568b75088b7d0c } | |
| $a_16 = { 558bec6a0068001000006a01ff15e4a6 } | |
| $a_17 = { 558bec5151568b356ca840006a09ffd6 } | |
| $a_18 = { 558bec51837d0c00743d8b450c50e8e3 } | |
| $a_19 = { 558bec83ec385357ff35ccb140008d45 } | |
| $a_20 = { 558bec83c4f4fc5357568b7424208b7c } | |
| $a_21 = { 558bec6af0ff7508ff15d4a74000a900 } | |
| $a_22 = { 558beca188a340000345085dc20400cc } | |
| $a_23 = { 558b4dfc8be833c0d3e5e8ad0000000b } | |
| $a_24 = { 558bec51535657ff3508b54000e8601c } | |
| $a_25 = { 558bec83ec08a190b440000345088945 } | |
| $a_26 = { 558beca190b440002b4508a390b44000 } | |
| $a_27 = { 558bec5657ff75108bf8ff750cff1554 } | |
| $a_28 = { 558bec568b7508837e1000741c56e87b } | |
| $a_29 = { 558bec81ec0001000056ff7508ff350c } | |
| $a_30 = { 558bec53578b7d086af457ff15d4a740 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Blulock_ad6f2ba15abd6002eee02816401c094ed2765daf94cf1afd5ec554594fae8c46 { | |
| strings: | |
| $a_2 = { 558bec81ec0c000000c745fc00000000 } | |
| $a_3 = { 558bec6a006a006a006801000100682b } | |
| $a_4 = { 558bec8bc140c1e0022be08d3c2451c7 } | |
| $a_5 = { 558bec8be55dc3558bece80e000000b8 } | |
| $a_6 = { 558bec6880000000ff75086a00e82800 } | |
| $a_7 = { 558bec81ec040000008965fcff7508b8 } | |
| $a_8 = { 558bec81c4f0feffffe9830000006b72 } | |
| $a_9 = { 558bec81ec0c0000006800000000bbd8 } | |
| $a_10 = { 558bec81ec080000006aff6a08682d00 } | |
| $a_11 = { 558bec8be55dc3558bece87df9ffff33 } | |
| $a_12 = { 558becb800000000bb01000000e90200 } | |
| $a_13 = { 558bec408e68784d71ae1084281c64a1 } | |
| $a_14 = { 558bec68020000806a0068010000006a } | |
| $a_15 = { 558bec8be55dc385db750333c0c38bcb } | |
| condition: | |
| 12 of them | |
| } | |
| rule RansomWin32Cerber_225d7fb5cbe5dcb19f190c46d70a9b4c380b04b34cb735e31277256889553a72 { | |
| strings: | |
| $a_2 = { 558ba2425ad4ce2484d592749d6b13fc } | |
| $a_3 = { 558b7df813b763c6699cf054b6b7512f } | |
| $a_4 = { 558b0cbad3dfd9785133a737cf8774f6 } | |
| $a_5 = { 558b4f41d3df1c005133eabece87b77d } | |
| $a_6 = { 558bde7e970daf47568b037d09b05050 } | |
| condition: | |
| 5 of them | |
| } | |
| rule RansomWin32Chicrypt_0b87d36ab2bc4b5680cd14a69fce1fcdd1ea46825453ac53463ec9875800ea3a { | |
| strings: | |
| $a_2 = { 558bec538bd98b55088bc3e8c8300000 } | |
| $a_3 = { 558bec51535684d2740883c4f0e89a05 } | |
| $a_4 = { 558bec6a0053565733c055686d0f4100 } | |
| $a_5 = { 558b45fce89c79ffffe83bffffff5988 } | |
| $a_6 = { 558bec6a0053565733c05568a9084900 } | |
| $a_7 = { 558bec83c4f853565733c9b201b88403 } | |
| $a_8 = { 558bec515356578945fc33c055682368 } | |
| $a_9 = { 558bec8b450ce8bd6bfaff5dc2080090 } | |
| $a_10 = { 558bec6a005356578bd833c0556838a3 } | |
| $a_11 = { 558bec83c4f484d2740883c4f0e8626a } | |
| $a_12 = { 558bec518945fc8b45fc8b5064b89018 } | |
| $a_13 = { 558bec535684d2740883c4f0e8f70ffb } | |
| $a_14 = { 558b4304e8e6feffff5946a16c654900 } | |
| $a_15 = { 558bec83c4f85356578b0d28664900b2 } | |
| $a_16 = { 558bec83c4f88955f88945fce82393fd } | |
| $a_17 = { 558bec51538bd8b201b8a8a64000e8c5 } | |
| $a_18 = { 558bea8bf08bceb201b808a64400e886 } | |
| $a_19 = { 558bec53568bf033dbe88aaeffffba68 } | |
| $a_20 = { 558bfa8be88bdd8bc5e893c9ffff8bf0 } | |
| $a_21 = { 558bec6a0053565733c0556850ac4500 } | |
| $a_22 = { 558bec8b42208bd1e8b3e9feff5dc208 } | |
| $a_23 = { 558bf0bf6c644900bd706449008b1d64 } | |
| $a_24 = { 558bec51535684d2740883c4f0e8420a } | |
| $a_25 = { 558bec83c4f05356578945fcb201b8d4 } | |
| $a_26 = { 558b83ac00000050e857f2feff89460c } | |
| $a_27 = { 558bec515356578bda33d2556852dc48 } | |
| $a_28 = { 558bec51535684d2740883c4f0e85e39 } | |
| $a_29 = { 558bf0bd307049008bceb201b808a644 } | |
| $a_30 = { 558bec83c4e053568bd88bc3e8173ffe } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Contentocrypt_8435b572480bd50042f9c8977fbc069d64d8a3ba6b3fe0ea4d0dbea7e294d534 { | |
| strings: | |
| $a_2 = { 558bd5f9e75002362bf374885b5a8925 } | |
| $a_3 = { 558b04d285b722504d98712c07d4d707 } | |
| $a_4 = { 558b32fb892478c3ab32b3f2a32a8455 } | |
| $a_5 = { 558b915e5a28cf57345a09447fd60467 } | |
| $a_6 = { 558bf36c3fa3973d3f4731ed9d8af5cb } | |
| condition: | |
| 5 of them | |
| } | |
| rule RansomWin32Criakl_889f8a59a4ff4888c5cf9aa368706ad87305ec0c077800151096fb1cbca2a350 { | |
| strings: | |
| $a_2 = { 558bec33c08b4d083b0cc54865420074 } | |
| $a_3 = { 558bec8b4d085633f63bce751de85dba } | |
| $a_4 = { 558bec83ec10ff750c8d4df0e803b0fe } | |
| $a_5 = { 558becff750c6a0a6a00ff7508e87e47 } | |
| $a_6 = { 558bec83ec1053ff75108d4df0e80a85 } | |
| $a_7 = { 558bec5633f63935147d4200750733c0 } | |
| $a_8 = { 558bec83ec10ff750c8d4df0e8feaefe } | |
| $a_9 = { 558bec6857010000ff7508e899ad0000 } | |
| $a_10 = { 558bec83ec10ff750c8d4df0e87cacfe } | |
| $a_11 = { 558bec833d0480420000741968048042 } | |
| $a_12 = { 558bec6afe68985042006820a1400064 } | |
| $a_13 = { 558becff7510ff750cff75086866b040 } | |
| $a_14 = { 558bec83ec10ff15003042008945f88b } | |
| $a_15 = { 558bec8b0dd47f4200a1d87f42006bc9 } | |
| $a_16 = { 558bec83ec1853ff75108d4de8e8b135 } | |
| $a_17 = { 558bec833d887e42000075148b45088b } | |
| $a_18 = { 558bec83ec10ff75088d4df0e8ada9fe } | |
| $a_19 = { 558becff7510ff750cff750868e54341 } | |
| $a_20 = { 558bec81ec50060000a1f060420033c5 } | |
| $a_21 = { 558bec683c334200ff156430420085c0 } | |
| $a_22 = { 558bec833d887e42000075108b45088d } | |
| $a_23 = { 558bec83ec3ca1f060420033c58945f8 } | |
| $a_24 = { 558bec8b4d085633f63bce751de899ba } | |
| $a_25 = { 558bb27a3fdd43ad35a3a7935f9da8ef } | |
| $a_26 = { 558bec8b45085633f63bc6751de8a7a9 } | |
| $a_27 = { 558bec83ec1053ff75108d4df0e84c9a } | |
| $a_28 = { 558bec83ec30a1f060420033c58945fc } | |
| $a_29 = { 558bec83ec28a1f060420033c58945fc } | |
| $a_30 = { 558becff750c6817010000ff7508e8f6 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Crilock_f0283e153295d25ebf91395193dcbdd10bad7492733b9e2cdf9735caf90abf66 { | |
| strings: | |
| $a_2 = { 558bec81ecfc020000535657c645d6a4 } | |
| $a_3 = { 558bc80cec231444640bbe0089ffffff } | |
| $a_4 = { 558b07cb500436411223e4cb4bfc84e5 } | |
| $a_5 = { 558bec81eca8000000568b45088945fc } | |
| $a_6 = { 558ba1378b75dd81f40f498bfeffd52b } | |
| $a_7 = { 558bec83ec6056c645b58d6843c64500 } | |
| $a_8 = { 558b5f80db0f492600009580ed0f097e } | |
| $a_9 = { 558bec81ec880200005356c745f80000 } | |
| $a_10 = { 558b219fe2a3c90433051d644400026b } | |
| $a_11 = { 558bec81eca00100005356c745fc4000 } | |
| $a_12 = { 558b580c56e8a3fffeff65ec6a460504 } | |
| $a_13 = { 558b444530c0eb4680c6ff623b5b8ba8 } | |
| $a_14 = { 558b4b84e80f99f682e89b3822487952 } | |
| $a_15 = { 558bec81eca0010000538b450c8945fc } | |
| $a_16 = { 558bec83ec18c745f002000000c705d8 } | |
| $a_17 = { 558b780933db3e1383c006c2e7023c46 } | |
| $a_18 = { 558be90ed8578580f555854ef5518b81 } | |
| $a_19 = { 558b4ce450f2ffff1570e581fee9fc00 } | |
| $a_20 = { 558bf92bfd894d04c6bd02725b10e853 } | |
| $a_21 = { 558b7df586d975e786fd74c328440848 } | |
| $a_22 = { 558b79ad33330b274424219d00d47500 } | |
| $a_23 = { 558bec81ec500500008b45088945f48b } | |
| $a_24 = { 558bf1a04724047a538bfabeed07e851 } | |
| $a_25 = { 558b8ec3fdff92e0e750d1fdff8aca7c } | |
| $a_26 = { 558bf8879b59c4fdaa032e4c09f5a379 } | |
| $a_27 = { 558bc18b8118583301e5eb09150483c4 } | |
| $a_28 = { 558b446cb2766ce897f1fdff8cc543fc } | |
| $a_29 = { 558b211c1483000d7413d6f11874437b } | |
| $a_30 = { 558becb8e87a0000e853fcffff57c645 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Critroni_7e457d8600d668b07422a1e4d555ecaa290480b307303680f8fdd37e96aa5772 { | |
| strings: | |
| $a_2 = { 558b5d2c944f21ed8782f539a08521bf } | |
| $a_3 = { 558be1357cc9569615f98a4b9f908a2d } | |
| $a_4 = { 5589e55d29367ca4d7e7ee763e6ef662 } | |
| $a_5 = { 558b7cf8caec323d6b2499fd7d0aeb8f } | |
| condition: | |
| 4 of them | |
| } | |
| rule RansomWin32Crituck_9aa3990b5dfcd14ce9f8d6965464054bec71c07e6b093a372482aaae16e74cfe { | |
| strings: | |
| $a_2 = { 558bec518365fc00425390677508ff35 } | |
| $a_3 = { 558bec83ec0c8b0d1c7200108365fc00 } | |
| $a_4 = { 558bec5156578b3d145000108bf05633 } | |
| $a_5 = { 558bec83ec30568d45d450ff15085100 } | |
| $a_6 = { 558bec837d0c00750433c05dc333c96a } | |
| $a_7 = { 558bec81ec6802000053565768500200 } | |
| $a_8 = { 558bec83e480f88b4d0c81ec7c005c04 } | |
| $a_9 = { 558b2dc889f002ffd5e300ff15044025 } | |
| $a_10 = { 558bec81ec001c0200005356573300f6 } | |
| $a_11 = { 558bec515733ff897dfc397d0c763b8b } | |
| $a_12 = { 558bec81ec20060000565733f6565656 } | |
| $a_13 = { 558bec83ec1483087d0800a10bc9c383 } | |
| $a_14 = { 558bec51518365fc0053568b35ec5100 } | |
| $a_15 = { 558b1d18510010565733ff575757576a } | |
| $a_16 = { 558bec81ec3c040000a13c7200105657 } | |
| $a_17 = { 558bec83ec10538b1d30500010568b75 } | |
| $a_18 = { 558bec00b863736de039450800750dff } | |
| $a_19 = { 558b6818ff00700cff7010ff701484e8 } | |
| $a_20 = { 558bec51515356578d45fc50ff351072 } | |
| $a_21 = { 558bec81ec280500005356578d45cc33 } | |
| $a_22 = { 558bec81ec14020000538b1d18720010 } | |
| $a_23 = { 558bec51568bf05785f675058b450c8b } | |
| $a_24 = { 558bec83ec645356578b3db85100106a } | |
| $a_25 = { 558bec81ec6c040000568b35b8510010 } | |
| $a_26 = { 558bec83e4f8b87c1e0000e80b100000 } | |
| $a_27 = { 558bec83ec78833e00750433c0c9c3ff } | |
| $a_28 = { 558bec83ec0c834dfcff5356578d45f4 } | |
| $a_29 = { 558bec5133c05050ff75148945fc8d45 } | |
| $a_30 = { 558bec518365fc0053568b35ec510010 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Crowti_f00cdcbfcc68a1db34268c7a155ace5abeb63cc15942fbebc81c936f1f0ad006 { | |
| strings: | |
| $a_2 = { 558b0000c4007027f08d00507ddc8903 } | |
| $a_3 = { 558bff00007100088b458aceaf8b27cc } | |
| $a_4 = { 558ba100e789fc04070083bb009a00a4 } | |
| $a_5 = { 558b0000433901feee8a00164cc3002a } | |
| $a_6 = { 558bf84ca100001100e800d40b81fc00 } | |
| $a_7 = { 558bca007e007d00593a00710000b800 } | |
| $a_8 = { 558b27aa094fe5c7126c05beb9c60cec } | |
| $a_9 = { 558b630cc76f001f0127ed008b0383e5 } | |
| $a_10 = { 558b516a0054ea9300bf000055002766 } | |
| $a_11 = { 558bff7900a315edfd0f00e80000af52 } | |
| $a_12 = { 558b00342e1400ff00970002d0810041 } | |
| $a_13 = { 558beb00008900fcd46800f2feae296f } | |
| $a_14 = { 558bbcfc0000b6005f00ff45e800a0a8 } | |
| $a_15 = { 558b0083a800e4f41c16bb8b0c00b200 } | |
| $a_16 = { 558b8800a031ad383100084f00ff0600 } | |
| $a_17 = { 558bcfc40073c4d80084650c14da0000 } | |
| $a_18 = { 558bb30000cc7a1b000021ff27005055 } | |
| $a_19 = { 558b8355aa0e00e06e4d0005968b10f8 } | |
| $a_20 = { 558bab30e1c34f8b6a003000159c8a10 } | |
| $a_21 = { 558bec83ec5ca1d414440083c00a8945 } | |
| $a_22 = { 558b00ba66e4136aae229a0c905290fc } | |
| $a_23 = { 558bf0ad55f000ff0798ecfa40000017 } | |
| $a_24 = { 558bf08b73008400ab552e0c8b44c6bb } | |
| $a_25 = { 558b4d004c002c00be0300002dc7ffba } | |
| $a_26 = { 558b22d9600073dbff62006894bf0000 } | |
| $a_27 = { 558bfe0b0001a60000ccff3e00004145 } | |
| $a_28 = { 558b2c00d20072000069006a0096b8cc } | |
| $a_29 = { 558b94c305270000550036d4ff007700 } | |
| $a_30 = { 558b6209cb00f8000017b700001643cf } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Cryproto_51f2a765916a8afc9ff4b5dc2d78992634641e391c65e66051073af78401d03d { | |
| strings: | |
| $a_2 = { 558bc165af579bc59af9a96c0c549b2d } | |
| $a_3 = { 5589e58d65a4b96c0000008d0d77e940 } | |
| condition: | |
| 2 of them | |
| } | |
| rule RansomWin32CryptoLemPiz_c62ccc23ec2e4b440903014292944cadd8787798f6811889eccf4f32cde6bae8 { | |
| strings: | |
| $a_2 = { 558bece808f9ffff5dc38bc0558bec51 } | |
| $a_3 = { 558bec6a00b914bc4000ba74bc4000b8 } | |
| $a_4 = { 558bec83c4e8568945fc8b45fc8b0005 } | |
| $a_5 = { 558bec33c055684da5400064ff306489 } | |
| $a_6 = { 558bece8fcf6ffff5dc38bc0558bece8 } | |
| $a_7 = { 558bec5333dbbaeca64000a1e8524100 } | |
| $a_8 = { 558bec538b5d0c538b5d0853e8bffeff } | |
| $a_9 = { 558bec33c05568059a400064ff306489 } | |
| $a_10 = { 558bec83c4e853565733db8b15389a40 } | |
| $a_11 = { 558bec33c05568bd70400064ff306489 } | |
| $a_12 = { 558bec81c4f0fbffff535657894df889 } | |
| $a_13 = { 558bec53568bf28bd8803d884b410000 } | |
| $a_14 = { 558bec81c4f4feffff5333db6a006a00 } | |
| $a_15 = { 558bec33c055684da9400064ff306489 } | |
| $a_16 = { 558bec33c055682152400064ff306489 } | |
| $a_17 = { 558bec51538bda8945fc8d45fce82e60 } | |
| $a_18 = { 558bec33c05568e156400064ff306489 } | |
| $a_19 = { 558bec83c4885356578955fc8bd88b45 } | |
| $a_20 = { 558bec33c0556835b3400064ff306489 } | |
| $a_21 = { 558bec33c055687da7400064ff306489 } | |
| $a_22 = { 558bec83c4f853568bf18855ff8bd885 } | |
| $a_23 = { 558bec5153568bf28945fc8d45fce8f9 } | |
| $a_24 = { 558bec81c4e8feffff5356894df48955 } | |
| $a_25 = { 558bec5153568bf28bd8ba000100008b } | |
| $a_26 = { 558bec53568bf28bd88bc333c9ba0401 } | |
| $a_27 = { 558bec515356578bfa33db6a00688000 } | |
| $a_28 = { 558bec81c474feffff53518b4d28518b } | |
| $a_29 = { 558bec33c05568e951400064ff306489 } | |
| $a_30 = { 558bec83c4f45356578945fcc645f701 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Cryptomix_3f91770f646acf63c8a5975efc1398989927d7663d30394051b4cc2e36a08b70 { | |
| strings: | |
| $a_2 = { 558bec81ec1c040000a1c09e400033c5 } | |
| $a_3 = { 558bec81ec0c020000a1c09e400033c5 } | |
| $a_4 = { 558bec8325fcb840000083ec105333db } | |
| $a_5 = { 558bec81ec2c080000a1c09e400033c5 } | |
| $a_6 = { 558bec81eca4000000a1c09e400033c5 } | |
| $a_7 = { 558bec81ec5c040000a1c09e400033c5 } | |
| $a_8 = { 558bec6a00ff151c614000ff7508ff15 } | |
| $a_9 = { 558becff7508ff158c60400050ff1518 } | |
| $a_10 = { 558becb868100000e88b1f0000a1c09e } | |
| $a_11 = { 558bec81ec2c040000a1c09e400033c5 } | |
| $a_12 = { 558bec81ec20040000a1c09e400033c5 } | |
| $a_13 = { 558bec81ec08010000a1c09e400033c5 } | |
| $a_14 = { 558bec56e8d8ffffff8b4d0c2b4d088b } | |
| $a_15 = { 558bec8b450833d2a338af400042b938 } | |
| $a_16 = { 558becb87c100000e8c92f0000a1c09e } | |
| $a_17 = { 558becb8701b0000e873280000a1c09e } | |
| $a_18 = { 558bec568b751085f67f0433c0eb3853 } | |
| $a_19 = { 558bec81ec20010000a1c09e400033c5 } | |
| $a_20 = { 558becb87c100000e8bd360000a1c09e } | |
| $a_21 = { 558bec81ec240300006a17e81d010000 } | |
| $a_22 = { 558bec8b4d08565733ff8bf166393974 } | |
| $a_23 = { 558bec83ec10538d45fc50ff750c33db } | |
| $a_24 = { 558becff15246140006a01a324bc4000 } | |
| $a_25 = { 558bec81ec98040000a1c09e400033c5 } | |
| $a_26 = { 558bec81eca80a0000a1c09e400033c5 } | |
| $a_27 = { 558becb820100000e86c380000a1c09e } | |
| $a_28 = { 558becb81c240000e8110f0000a1c09e } | |
| $a_29 = { 558bec53578b7d1083651000837d0c00 } | |
| $a_30 = { 558bec83ec28a1c09e400033c58945fc } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Delcryset_5b2b273a13af0f9f91d5ea7ea49afeb51ae40b13884264e205c249ecd85c33ea { | |
| strings: | |
| $a_2 = { 558bf900198ced8a10c5c100dd08468b } | |
| $a_3 = { 558be88db510984e83c60481e660413b } | |
| $a_4 = { 558bf183ee04c706febee01eb6dd7df7 } | |
| $a_5 = { 558b80471102e161c145492075665e69 } | |
| $a_6 = { 558b8f8a467fe63a788a3fe600159213 } | |
| $a_7 = { 558bec53107e804d8418ee7665487560 } | |
| $a_8 = { 558bd24efb4bdbb73376020c91ec1033 } | |
| condition: | |
| 6 of them | |
| } | |
| rule RansomWin32Denisca_5cc9dd79e992a4eb9c2247c797270d9e2d9912b688abf41bfe6d20b1a0f9c0ca { | |
| strings: | |
| $a_2 = { 558bec83ec38e8110600008945cce813 } | |
| $a_3 = { 558bec83ec34e8c60200008945d0e8cb } | |
| $a_4 = { 558bec83ec1ce8030600008945f8e805 } | |
| $a_5 = { 558bec83ec34535657296dd403f00155 } | |
| $a_6 = { 558bec83ec1489e0e813040000a3c7a0 } | |
| $a_7 = { 558bec83ec24e8d0050000a33fa14000 } | |
| $a_8 = { 558bec83ec14e8270200008945f0e82d } | |
| $a_9 = { 558bec83ec24e84a0500008945f8e84c } | |
| $a_10 = { 558bec83ec2489fbe8830400008945fc } | |
| $a_11 = { 558bec83ec308975fce8060200008945 } | |
| $a_12 = { 558b7063ef0c31027aaa560ec600d522 } | |
| $a_13 = { 558bec83ec20010507a14000e8100200 } | |
| $a_14 = { 558bec83ec34e8ca020000a3d7a04000 } | |
| $a_15 = { 558b84ee932d17350d60534800706d8a } | |
| $a_16 = { 558b28369c524a2b579c8a62d7006fb1 } | |
| $a_17 = { 558bd0f6007390600f7066a4298ccb5e } | |
| $a_18 = { 558bec83ec14e80f040000a3f7a04000 } | |
| condition: | |
| 14 of them | |
| } | |
| rule RansomWin32Dircrypt_bb207d840d4e5d2d8e38f17cec9c12e5d7c2bb1af9940e4ab27eefa646e7ef70 { | |
| strings: | |
| $a_2 = { 558bec5153565733c0556838e2400064 } | |
| $a_3 = { 558bec83c4f85356578945fca114f040 } | |
| $a_4 = { 558bec83c4f0538bda8945f08b45f0e8 } | |
| $a_5 = { 558bec33c0556802ed400064ff306489 } | |
| $a_6 = { 558bec83c4f4a1f8f44000e874d4ffff } | |
| $a_7 = { 558bec535657bf9c0441008b470885c0 } | |
| $a_8 = { 558bec33c05568e194400064ff306489 } | |
| $a_9 = { 558bec33c05568d5ed400064ff306489 } | |
| $a_10 = { 558bec33c055685a93400064ff306489 } | |
| $a_11 = { 558bec6a00535633c05568a171400064 } | |
| $a_12 = { 558bec51568bf06a208bcaa1289d4000 } | |
| $a_13 = { 558bec33c055680994400064ff306489 } | |
| $a_14 = { 558bec6a00538bd833c05568bdbe4000 } | |
| $a_15 = { 558bec6a006a0033c055680d7e400064 } | |
| $a_16 = { 558bec33c055686695400064ff306489 } | |
| $a_17 = { 558bec33c05568f9eb400064ff306489 } | |
| $a_18 = { 558bec6a005633c055684b72400064ff } | |
| $a_19 = { 558bec33c05568d3ec400064ff306489 } | |
| $a_20 = { 558bec515356578945fc833d24064100 } | |
| $a_21 = { 558bf0bf7c044100bd800441008b1d74 } | |
| $a_22 = { 558bec51538bda8945fc8bc38b15349a } | |
| $a_23 = { 558bec83c4f053568b450c8b55088955 } | |
| $a_24 = { 558bec83c4f453568bf28bd890909090 } | |
| $a_25 = { 558bec83c4f40fb70500f040008945f8 } | |
| $a_26 = { 558bec515356578bf28bd8803d280441 } | |
| $a_27 = { 558bf28bd88bc6e8b1cdffff8bf88bc3 } | |
| $a_28 = { 558bec51568bf068ffff00008bcaa128 } | |
| $a_29 = { 558bec6a0053568bf18bda33c055680c } | |
| $a_30 = { 558bec33c05568b9e6400064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32DMALocker_3c63749ac9f33a6451cd44f1cca5ec3d130c28ad3ceeafd5f084afeaf71cb721 { | |
| strings: | |
| $a_2 = { 558bec83ec085356578d7002bf040000 } | |
| $a_3 = { 558bec568bf1c7063c514100e88fffff } | |
| $a_4 = { 558becff0550f541006800100000e8af } | |
| $a_5 = { 558bec8b450883f8fe750fe81578ffff } | |
| $a_6 = { 558bec83ec2ca14480410033c58945fc } | |
| $a_7 = { 558bec81ec74040000a14480410033c5 } | |
| $a_8 = { 558bec5153568bf08bd9e8afe2fffff6 } | |
| $a_9 = { 558bec51568b750c56e83e79ffff8945 } | |
| $a_10 = { 558b3383c304899dd8fdffffe8c798ff } | |
| $a_11 = { 558bec8bc18b4d08c7003c5141008b09 } | |
| $a_12 = { 558bec83ec10ff75088d4df0e8fa64ff } | |
| $a_13 = { 558bec568b750856e8f1e9ffff5983f8 } | |
| $a_14 = { 558bec83e4f8b88c210000e830e10000 } | |
| $a_15 = { 558bec565733f6ff750cff7508e8e881 } | |
| $a_16 = { 558bec8b4508a38cf641005dc38bff55 } | |
| $a_17 = { 558bec83ec0c538b1d58f84100807b0c } | |
| $a_18 = { 558bec515356578bf0b3018d4120bf20 } | |
| $a_19 = { 558bec837d08007515e8f759ffffc700 } | |
| $a_20 = { 558bec83ec1053ff75108d4df0e8c270 } | |
| $a_21 = { 558bec83ec10a1a8f641005333db568b } | |
| $a_22 = { 558bec833d94ed4100007507683c8941 } | |
| $a_23 = { 558bec83ec1053ff75148d4df0e8fc69 } | |
| $a_24 = { 558bec83ec10ff750c8d4df0e8d4ccff } | |
| $a_25 = { 558bec83ec24a14480410033c58945fc } | |
| $a_26 = { 558bec83ec088b550853578d7a408d4a } | |
| $a_27 = { 558bec680c474100ff157841410085c0 } | |
| $a_28 = { 558bec83ec10565733ff897dfc64a130 } | |
| $a_29 = { 558bec833d6413420000568b35aced41 } | |
| $a_30 = { 558bec51568b750c56e8faf5ffff8945 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Enestaller_191e03af4bcf1000d9b977d564fa7584f20e3601d14c7e110cbd0295b5d744bc { | |
| strings: | |
| $a_2 = { 558b75f05aef05358232419313d1ad1a } | |
| condition: | |
| 2 of them | |
| } | |
| rule RansomWin32Eniqma_66340eb542f1efa90120aea4aa0563d98e1ae2e2ef67d2047346933918cf0b2a { | |
| strings: | |
| $a_2 = { 558bec83c10851ff750ce88dd9000066 } | |
| $a_3 = { 558bec833d88ea42000074196888ea42 } | |
| $a_4 = { 558becff7508ff15b0c042005dc38bff } | |
| $a_5 = { 558bec518b4510568b750c8945fc3bf0 } | |
| $a_6 = { 558bec518365fc00837d0c01750768c0 } | |
| $a_7 = { 558bec83ec1056ff750c8d4df0e847c7 } | |
| $a_8 = { 558bec833d508f43000075148b45088b } | |
| $a_9 = { 558bec83ec0ca14876430033c58945fc } | |
| $a_10 = { 558bec837d0800742d8b501483fa0872 } | |
| $a_11 = { 558bec833d508f43000056757933c039 } | |
| $a_12 = { 558bec83ec1853ff75148d4de8e8c3db } | |
| $a_13 = { 558bec8b4508b9387243003bc1721f3d } | |
| $a_14 = { 558bec83e4f86aff68a8ae420064a100 } | |
| $a_15 = { 558bec81ecfc010000a14876430033c5 } | |
| $a_16 = { 558bec83ec1053ff75108d4df0e8ed5c } | |
| $a_17 = { 558bec83ec38a14876430033c58945fc } | |
| $a_18 = { 558bec8b450885c07515e846a8ffffc7 } | |
| $a_19 = { 558bec51568b750c56e81ffbffff8945 } | |
| $a_20 = { 558bec568bf0e8674dffff8b45088366 } | |
| $a_21 = { 558bec568b750885f67515e856bdffff } | |
| $a_22 = { 558bec56e8716fffff8bf085f60f8432 } | |
| $a_23 = { 558bec83ec74a14876430033c58945fc } | |
| $a_24 = { 558bec837d0801750d8378141072028b } | |
| $a_25 = { 558bec83e4f86aff684099420064a100 } | |
| $a_26 = { 558b3783c70489bde4fbffffe8de9100 } | |
| $a_27 = { 558bec518b4d086a0ae8038000008b4d } | |
| $a_28 = { 558bec0fb6450883c1085150e874d500 } | |
| $a_29 = { 558bec83ec105333db538d4df0e8bc6a } | |
| $a_30 = { 558bec5de945feffff8bff558bec5de9 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Ergop_3c8b8838c39206b58e871ea5fac9288341110d11231fe60d62f7a88bc5e1170e { | |
| strings: | |
| $a_2 = { 558b6c240c578b7c240c3bfd750733c0 } | |
| $a_3 = { 558becb804100000e86c11000056578d } | |
| $a_4 = { 558b2d3810400056ffd58bf085f67575 } | |
| $a_5 = { 558bec83ec0c8d45f4565750e8fcbeff } | |
| $a_6 = { 558b6c24585733ff5755e8b2fbffff85 } | |
| $a_7 = { 558bec538b5d1056578b7d0c8b035357 } | |
| $a_8 = { 558bec83ec2033c0568b750c576a0859 } | |
| $a_9 = { 558bec83ec6c8d459450e89cfbffffff } | |
| $a_10 = { 558bec83ec248d45dc5650e808e5ffff } | |
| $a_11 = { 558bec83ec108b450c9933c2c745f401 } | |
| $a_12 = { 558bec83ec20538b5d14568b751083fb } | |
| $a_13 = { 558bec81ecbc09000053565733db8d85 } | |
| $a_14 = { 558bec81ec00040000817d0c00040000 } | |
| $a_15 = { 558b6c2410568b74240c3bf575088b6c } | |
| $a_16 = { 558bec83ec20578b7d0885ff74508b07 } | |
| $a_17 = { 558bec578b7d088b4708f6000175056a } | |
| $a_18 = { 558bec8b55088b450c8b0a2bc183f801 } | |
| $a_19 = { 558bec83ec108b45109933c2c745f401 } | |
| $a_20 = { 558b6c2414568b74241c2bee8b0e3bcf } | |
| $a_21 = { 558bec6a20ff7518ff7514ff7510ff75 } | |
| $a_22 = { 558bec51568b75088d45fc6a0150ff75 } | |
| $a_23 = { 558bec5151ff75148365f8008d45f883 } | |
| $a_24 = { 558be90fb642036a040fb68870a84000 } | |
| $a_25 = { 558bac24580600005633f65655e818f6 } | |
| $a_26 = { 558b6c241456578b7c241c33f6538974 } | |
| $a_27 = { 558bec568b75085733ff8b466c83f814 } | |
| $a_28 = { 558bec83ec108b45149933c2c745f401 } | |
| $a_29 = { 558b6c241033c089442408565783fd08 } | |
| $a_30 = { 558b6c242056578d45fe83f80e0f8752 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Exmas_ae0061af6833b2a83e6e8ea33d0de5c479aa8fb128ba9322cc9f18d4b06b9379 { | |
| strings: | |
| $a_2 = { 558b1f336f056f6a40a3d5079403ef45 } | |
| condition: | |
| 2 of them | |
| } | |
| rule RansomWin32Exxroute_5b378af8211810e62a0f6320facb2cafb2b15570befec577fa043ec919e46282 { | |
| strings: | |
| $a_2 = { 558bec81ec8c050000535657a1004000 } | |
| $a_3 = { 558bec81ece800000053568b45088945 } | |
| $a_4 = { 558bec81ec980100005357c6858bfeff } | |
| $a_5 = { 558bec8b45088b08034d0c8b5508890a } | |
| $a_6 = { 558bec83ec50c745f8000000008b4508 } | |
| $a_7 = { 558bec83ec68c745fc41000000c745f4 } | |
| $a_8 = { 558be089f48bdbf909b843100000cb73 } | |
| $a_9 = { 558b1ab50100b20dba10b20d002b7284 } | |
| $a_10 = { 558b6fddfcff85c5e0f775e057ebb648 } | |
| $a_11 = { 558bec5dc3ccff253040001000000000 } | |
| $a_12 = { 558bec83ec54578b45b88b4dbcd3e889 } | |
| $a_13 = { 558bec83ec1c535657c645f6b9c1e800 } | |
| $a_14 = { 558becefc8ad811e81c7d45310aba10f } | |
| $a_15 = { 558bec81eca801000053c745f0020000 } | |
| $a_16 = { 558bec81ecd005000056a1b49e001089 } | |
| $a_17 = { 558bc16050e85ea8fdff0b2464892141 } | |
| $a_18 = { 558bc083953d4472d3ffff2e416681e7 } | |
| $a_19 = { 558bec81ec80000000535657c6458b10 } | |
| condition: | |
| 15 of them | |
| } | |
| rule RansomWin32FileCryptor_87060524ee2d89b0ea14dfbd140be39855e246241db7e984dbdb959379de49f4 { | |
| strings: | |
| $a_2 = { 558bec833db86742000075148b45088b } | |
| $a_3 = { 558bec5633f63935b867420075303975 } | |
| $a_4 = { 558bec6a04ff7508e83f96000059595d } | |
| $a_5 = { 558bec8b4508b9c05042003bc1721f3d } | |
| $a_6 = { 558bec833de071420000741968e07142 } | |
| $a_7 = { 558bec83ec1053ff75108d4df0e8f6f3 } | |
| $a_8 = { 558bec83ec10ff750c8d4df0e83ed6ff } | |
| $a_9 = { 558bec8b4508a3006342005dc38bff55 } | |
| $a_10 = { 558becff7510ff750cff750868bb6b41 } | |
| $a_11 = { 558bec68400100006a00ff3520634200 } | |
| $a_12 = { 558b6c2414568b74241457bf01000000 } | |
| $a_13 = { 558bac2420010000578bbc2430010000 } | |
| $a_14 = { 558bac2448020000568bb42440020000 } | |
| $a_15 = { 558bec83ec10a1b850420033c58945fc } | |
| $a_16 = { 558bec83ec10ff750c8d4df0e83bd4ff } | |
| $a_17 = { 558bec833db86742000075128b45088b } | |
| $a_18 = { 558bec83ec106a008d4df0e88ab1ffff } | |
| $a_19 = { 558bec6803010000ff7508e85d940000 } | |
| $a_20 = { 558bec83ec1053ff75108d4df0e84dd0 } | |
| $a_21 = { 558becff750c6a02ff7508e8f3950000 } | |
| $a_22 = { 558becff750c6a10ff7508e845950000 } | |
| $a_23 = { 558bec83ec205633f639750c751de858 } | |
| $a_24 = { 558bec8b4d085633f63bce751de82a0f } | |
| $a_25 = { 558bec8b450833c93b04cd5053420074 } | |
| $a_26 = { 558becff750cff7508ff35e4674200e8 } | |
| $a_27 = { 558bec568b750856ff15f8e0410081c6 } | |
| $a_28 = { 558bec8d451050ff750cff7508e81c88 } | |
| $a_29 = { 558bec81ec28030000a3f8684200890d } | |
| $a_30 = { 558bec6a0a6a00ff7508e86793000083 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Firecerb_fe67f4737ece66e5a5fe586cb4f283b8422968575de4fe35d4eacd7e44b69304 { | |
| strings: | |
| $a_2 = { 558bcd69f3f035283398ae47ec996fd4 } | |
| $a_3 = { 558bb1df710e71bc9527b3c2b62e82cc } | |
| $a_4 = { 558b20971f3980471ca8145ba8c997e6 } | |
| $a_5 = { 558b152b1a605bcc026e0b66d87b9a0f } | |
| $a_6 = { 558b40ba31cf858723dfb729a0d01f48 } | |
| $a_7 = { 558b45461a018f8c4028401d4ddc7ffd } | |
| condition: | |
| 6 of them | |
| } | |
| rule RansomWin32Genasom_6d48a03dd6ca7dbf7cea99fd58c29c3b402ba624bb24f9231dc74bf43824f598 { | |
| strings: | |
| $a_2 = { 558bec51833d60574000007505e88fff } | |
| $a_3 = { 558beca1745740002b4508a374574000 } | |
| $a_4 = { 558bec51a1745740002b450c8945fc8b } | |
| $a_5 = { 558bec51568b356c5240006a026a006a } | |
| $a_6 = { 558bec83ec08a1745740000345088945 } | |
| $a_7 = { 558bd546056f11240b194120928c94b6 } | |
| $a_8 = { 558bec51837d0c00743d8b450c50e8f7 } | |
| $a_9 = { 558bec568b7508837e1000741c56e843 } | |
| $a_10 = { 558b6c24182bcb034e04535155e81711 } | |
| $a_11 = { 558bec6a0068001000006a00ff153052 } | |
| $a_12 = { 558bec5156ff15d05240008bf085f674 } | |
| $a_13 = { 558bec5151833d60574000007505e8ca } | |
| $a_14 = { 558b7dc47245bef98edd21cb3eabcb80 } | |
| condition: | |
| 11 of them | |
| } | |
| rule RansomWin32Gojdue_fcfd87b60965e15325ea76a17cc51b2eb6f03952e4cc49af32f46921050bc939 { | |
| strings: | |
| $a_2 = { 558b5424388b1affd3c70424c0716900 } | |
| $a_3 = { 558b7424088b5c24048bab4001000083 } | |
| $a_4 = { 558b9c249400000083fb0075498b5424 } | |
| $a_5 = { 5589e553565764ff351400000089e281 } | |
| $a_6 = { 558b5c24348b6c2418d1e5c1e50283c5 } | |
| $a_7 = { 558b74242001ee881e8b54242c8b4c24 } | |
| $a_8 = { 558b118b69048b5c2444895c24048b5c } | |
| $a_9 = { 558b386bed1401ef897c240489742408 } | |
| $a_10 = { 558b5c240439f3754d0fb66a0889ee0f } | |
| $a_11 = { 558b5c243439c3754d8b9c2404010000 } | |
| $a_12 = { 558b84248000000083f8000f84c70100 } | |
| $a_13 = { 558b442424894148f20f108c24800000 } | |
| $a_14 = { 558bf2ffebc3cccccc648b0d14000000 } | |
| $a_15 = { 558b69188b9d9800000083fb007e478b } | |
| $a_16 = { 558b44242031ed896c241c896c24208b } | |
| $a_17 = { 558b4f04c1c8068b5704c1c90b31c88b } | |
| $a_18 = { 558b5c2474891c248b5c244c895c2404 } | |
| $a_19 = { 558b4c240431db31ed39e9742a8ba984 } | |
| $a_20 = { 558b53348b700c8b6a0c39ee7541fc8b } | |
| $a_21 = { 558b9c24e4000000891c2489bc24e800 } | |
| $a_22 = { 558b0700588b07005c8b070000000000 } | |
| $a_23 = { 558b69108b59148b4424148b54241801 } | |
| $a_24 = { 558b5c24188b6b188b5d54891c24e840 } | |
| $a_25 = { 558b4f0cc1e10d89c529cd897c24548b } | |
| $a_26 = { 558b685c892c2483c0488d7c2404fc8b } | |
| $a_27 = { 558b9c24a8000000891c248b9c24ac00 } | |
| condition: | |
| 22 of them | |
| } | |
| rule RansomWin32Grymegat_d682f2dd12fd52b017001ae91e8e2c6aa970d366be168a996909366a77d7b9a5 { | |
| strings: | |
| $a_2 = { 558bec83ec50535768d821400068fc21 } | |
| $a_3 = { 558bec83ec4053565713351430400089 } | |
| $a_4 = { 558bec6aff687830400068a318400064 } | |
| condition: | |
| 3 of them | |
| } | |
| rule RansomWin32Haknata_b55d334b7603c54540e9bd74bc7a3fad8b50b2d867c2194c88938c7cf2aa5f2e { | |
| strings: | |
| $a_2 = { 5589e55383ec148d450c89c1e8c7b6f5 } | |
| $a_3 = { 5589e583ec04894dfcb8aaaaaa0ac9c3 } | |
| $a_4 = { 5589e583ec28894df4837d0800740b8b } | |
| $a_5 = { 5589e583ec18894df48b45f489c1e895 } | |
| $a_6 = { 5589e583ec04894dfcbaf09e4f008b45 } | |
| $a_7 = { 5589e55383ec148b450c890424e85ead } | |
| $a_8 = { 5589e55383ec248b450c890424e8e602 } | |
| $a_9 = { 5589e55383ec248b450c890424e8a6fc } | |
| $a_10 = { 5589e55383ec54894dc48b4d08e8c2ef } | |
| $a_11 = { 5589e583ec38894de48b45e48b008945 } | |
| $a_12 = { 5589e583ec28894df48b45f48b808000 } | |
| $a_13 = { 5589e55383ec34894de48b45e48b5508 } | |
| $a_14 = { 5589e583ec18c7042400000000e88e16 } | |
| $a_15 = { 5589e55383ec34894de4c745f4000000 } | |
| $a_16 = { 5589e55756538d75d883ec5c8b45088b } | |
| $a_17 = { 5589e55383ec048b4d08e8011800008b } | |
| $a_18 = { 5589e583ec28894df48b45f489c1e839 } | |
| $a_19 = { 5589e583ec088b4d08e8a290030090c9 } | |
| $a_20 = { 5589e583ec28894df48b45f489c1e831 } | |
| $a_21 = { 5589e583ec28894df48b45f489c1e879 } | |
| $a_22 = { 5589e583ec188b4508890424e877fbf9 } | |
| $a_23 = { 5589e583ec28894df48b45f489c1e835 } | |
| $a_24 = { 5589e583ec18c74424044a000000c704 } | |
| $a_25 = { 5589e583ec188b4510890424e8a38c03 } | |
| $a_26 = { 5589e583ec188b450c8b551089142489 } | |
| $a_27 = { 5589e583ec288b4508890424e8df0000 } | |
| $a_28 = { 5589e583ec18894df48b45f489c1e8d1 } | |
| $a_29 = { 5589e583ec088b4d08e88a5ff9ffc9c3 } | |
| $a_30 = { 5589e583ec38894de48b45e48b008b55 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Haperlock_6d70394574a8be2752a5b38c433aebe05a4875c35045e5890e078381facdfc98 { | |
| strings: | |
| $a_2 = { 558b6b63f1fb642b406214ca5b3b49da } | |
| $a_3 = { 558bec83ec14568b45088b4d0c33f646 } | |
| $a_4 = { 558bec83ec30535756e8defeffff8b3d } | |
| $a_5 = { 558b4000e6c57800201d002a00009b60 } | |
| $a_6 = { 558bec83ec20575333db8b7d08e91f00 } | |
| $a_7 = { 558bec6aff688c134000683440540064 } | |
| $a_8 = { 558bec83ec345356578b7d088b1dc413 } | |
| $a_9 = { 558bec83ec305657538b75088b0dd013 } | |
| $a_10 = { 558bec83ec046a006a006a006a006a00 } | |
| $a_11 = { 558ba000323400000d94006d48000000 } | |
| $a_12 = { 558bec83ec345653578b4d088b750c8b } | |
| condition: | |
| 10 of them | |
| } | |
| rule RansomWin32HydraCrypt_c60a11f148580a96068e0d97371c2e81fdb9fc8dd7b704e05606dbfba3e0c323 { | |
| strings: | |
| $a_2 = { 558bec515657648b35300000008b760c } | |
| $a_3 = { 558bec81ec1802000056be2f1cd4b956 } | |
| $a_4 = { 558bec686be17f486a01e823fdffff59 } | |
| $a_5 = { 558bec81ec14020000535657682680ac } | |
| $a_6 = { 558bec5168ee7fd6aa6a05e8bef6ffff } | |
| $a_7 = { 558bec5168ee7fd6aa6a05e8bef5ffff } | |
| $a_8 = { 558bec81ec34080000535657be2680ac } | |
| $a_9 = { 558bec83ec0c68ee7fd6aa6a05c745f8 } | |
| $a_10 = { 558bec81ec1c0100005357683adc703d } | |
| $a_11 = { 558bec83ec24535668d73d590833f66a } | |
| $a_12 = { 558bec81ec1c0400005668ee7fd6aa6a } | |
| $a_13 = { 558bec688e0556376a05e8d5fdffff59 } | |
| $a_14 = { 558bec81ec100200005368ee7fd6aa6a } | |
| $a_15 = { 558bec83ec10535733c033ff6805ad89 } | |
| $a_16 = { 558bec686a85139f6a06e859ddffff59 } | |
| $a_17 = { 558bec51535657bf97deec6733db5743 } | |
| $a_18 = { 558bec6859c7ecd46a05e8e5eaffff59 } | |
| $a_19 = { 558bec83ec4c5657be984109008d7df4 } | |
| $a_20 = { 558bec81ec1806000057682680acc86a } | |
| $a_21 = { 558bec83ec105733ff6822ded78a6a05 } | |
| $a_22 = { 558bec81ec1402000053565768fe9343 } | |
| $a_23 = { 558bec81ec3c0a000053565733ff6826 } | |
| $a_24 = { 558bec81ec54040000682680acc86a01 } | |
| $a_25 = { 558bec83ec1c535733ff6822ded78a6a } | |
| $a_26 = { 558bec68c3d13f0f6a01e8fffcffff59 } | |
| $a_27 = { 558bec68c00f403e6a05e8c6fcffff59 } | |
| $a_28 = { 558bec81ec2806000053565733db6826 } | |
| $a_29 = { 558bec81ec140200005368ee7fd6aa6a } | |
| $a_30 = { 558bec81eca001000057687d75decd6a } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Isda_59c5de86654bb2f160988ee5a401948a10f9229aae2f369f308cd0e4e5bc9705 { | |
| strings: | |
| $a_2 = { 558b0694b8a878e0fe56c692e2033a89 } | |
| $a_3 = { 558b61902e093feafe8a749524f9f369 } | |
| $a_4 = { 558b965d891b2b769cf1a0c022d9514a } | |
| $a_5 = { 558b829c8ddb57e8dc34839c64627e15 } | |
| $a_6 = { 558b045ac54c14f41d5e53ecc2985c99 } | |
| $a_7 = { 558b1c6f10c4632513840cdadcf33453 } | |
| $a_8 = { 558bdd48421478a14e8d52980d88f8b1 } | |
| $a_9 = { 558bc4d94362f824a3f5aac318b1fc84 } | |
| $a_10 = { 558b97879b3a7b9ccde41134ae18ce72 } | |
| $a_11 = { 558b7a6784ab052cf916d340b46addd9 } | |
| $a_12 = { 558bedbe871970cba837009ebd32c861 } | |
| condition: | |
| 10 of them | |
| } | |
| rule RansomWin32Jaffrans_5163e93ecdab44471e9b51ac00845134add333684ba14c7f11830ee7b0b5532a { | |
| strings: | |
| $a_2 = { 558bec81ec2002000053568bf0568d85 } | |
| $a_3 = { 558bec8b55088a420c84c07410807b0c } | |
| $a_4 = { 558bec81ec6c040000538b1d4c704000 } | |
| $a_5 = { 558bec8b4d108b490883ec285356578b } | |
| $a_6 = { 558bec83e4f883ec106a00ff15707140 } | |
| $a_7 = { 558bec81ec9004000068040100008d85 } | |
| $a_8 = { 558bec83ec0c5356576a00ff15987040 } | |
| $a_9 = { 558bec518b078b0b508945fc8d45fc50 } | |
| $a_10 = { 558bec81ec0c0900005356578d8524ff } | |
| $a_11 = { 558bec81ecc4040000a1688040005356 } | |
| $a_12 = { 558bec51578b3d0c70400068000000f0 } | |
| $a_13 = { 558bec83ec6453568b354c7040005768 } | |
| $a_14 = { 558bec5633f639750c76498b0d0c8040 } | |
| $a_15 = { 558bec83ec2453578bf88d45f8506818 } | |
| $a_16 = { 558bec83ec2033c05657508945f08945 } | |
| $a_17 = { 558bec81ec98000000538b1d4c704000 } | |
| $a_18 = { 558bec538b5d088b03565733ff85c074 } | |
| $a_19 = { 558bec8b551085d2741b8b4d0c56578b } | |
| $a_20 = { 558bec51568bf0566a08ff154c704000 } | |
| $a_21 = { 558bec5156576a00ff15987040006a0a } | |
| $a_22 = { 558bec83ec308b4d085356578d45e450 } | |
| $a_23 = { 558bec8b14851080400053568bc25733 } | |
| $a_24 = { 558bec83ec78538b1d4c70400056578b } | |
| $a_25 = { 558bec83ec508b45088b4d10538b1d4c } | |
| $a_26 = { 558bec83ec105733ff397d08750733c0 } | |
| $a_27 = { 558bec81ec940400005356578b3d4c70 } | |
| $a_28 = { 558bec83ec345356578b3d4c7040008b } | |
| $a_29 = { 558bec83ec64565768f4724000c7052c } | |
| $a_30 = { 558bec81ec08040000565733ff8bf189 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Kitoles_d3a28327df38c258a8af00e5eb89abbef5ccf12c22e31b83b72a153d2b15f469 { | |
| strings: | |
| $a_2 = { 558bec6a005333c05568c73b420064ff } | |
| $a_3 = { 558bec52508b450850516a00a1b40543 } | |
| $a_4 = { 558bec81c484fdffff5356578945fc8d } | |
| $a_5 = { 558bec5356578bf18bfa8bd80fb65508 } | |
| $a_6 = { 558bec5168548b4200e8bad8fdff8945 } | |
| $a_7 = { 558bec5153568955fc8bf08b5e043bcb } | |
| $a_8 = { 558bec6a0053565733c0556891524200 } | |
| $a_9 = { 558bec515356578bf28bd8833dbc6243 } | |
| $a_10 = { 558bec33c055689d84420064ff306489 } | |
| $a_11 = { 558bec6a005333c05568e285420064ff } | |
| $a_12 = { 558bec33c0556826c1420064ff306489 } | |
| $a_13 = { 558bf28bd833ff8bc3e8bb6cffff508b } | |
| $a_14 = { 558bec83c4f85356578945fca140d042 } | |
| $a_15 = { 558bec6a005333c05568173b420064ff } | |
| $a_16 = { 558bec6a005333c055686f3b420064ff } | |
| $a_17 = { 558bec33c9515151515133c05568de44 } | |
| $a_18 = { 558bec33c055688d8c420064ff306489 } | |
| $a_19 = { 558bec51535657894dfc8bca8bf88b5d } | |
| $a_20 = { 558bec83c4cc535633db895dfc894df0 } | |
| $a_21 = { 558bec6a0033c055687c56420064ff30 } | |
| $a_22 = { 558bec83c4f053568bd88b45088b550c } | |
| $a_23 = { 558bec538bd88bc3e8a3aefdff506a00 } | |
| $a_24 = { 558bec33c0556813b4420064ff306489 } | |
| $a_25 = { 558bec5153568bf28945fc8d45fce825 } | |
| $a_26 = { 558bec5153568955fc8bd88b45fce80d } | |
| $a_27 = { 558bec5153568bf28945fc8d45fce8a1 } | |
| $a_28 = { 558bec53565733c05568b83a420064ff } | |
| $a_29 = { 558bec535684d2740883c4f0e85f18ff } | |
| $a_30 = { 558bec83c4d45356578bd88b028945fc } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32LockCrypt_722df6f33a9d11d841ce399a9081bac2788ce007474b0be9ee76efbf1f5a132b { | |
| strings: | |
| $a_2 = { 558bec83c4f4ff750ce8010f0000d1e0 } | |
| $a_3 = { 558bec8b4d0cc1e902d1e18b1d2cd840 } | |
| $a_4 = { 558bec515683e2f833f68b0183e0f83b } | |
| $a_5 = { 558bec83c4b8ff0583c8400068648001 } | |
| $a_6 = { 558bec83ec3c568b750885f6750833c0 } | |
| $a_7 = { 558bec83c4dc837d0c0074138d45dc50 } | |
| $a_8 = { 558bec50515256578b75088b7d0c8b4d } | |
| $a_9 = { 558bec83c4ec608b45088bc805208000 } | |
| $a_10 = { 558bec53e87b0000008b5d0c2b5d0872 } | |
| $a_11 = { 558bec578b450833c9bf054b56ac0faf } | |
| $a_12 = { 558bec33c08b75088b5d0cb9ffffffff } | |
| $a_13 = { 558bec515133c056408bf1833d8c7b40 } | |
| $a_14 = { 558bec83c4f468008000006a40e8d413 } | |
| $a_15 = { 558bec578b7d08397d0c76178b45108b } | |
| $a_16 = { 558bec518365fc00538b1d047c400056 } | |
| $a_17 = { 558bec83ec1c5356578bfa8bf185ff75 } | |
| $a_18 = { 558bec5356578b7d088b75088bff8a07 } | |
| $a_19 = { 558bec83ec108bd15356578b420433ff } | |
| $a_20 = { 558bec83c4fc6a406800300000680088 } | |
| $a_21 = { 558bec83c4f86880d64000e8d5080000 } | |
| $a_22 = { 558bec5151538bc133db833d8c7b4000 } | |
| $a_23 = { 558bec83c4fc68fd2a0000ff3538d840 } | |
| $a_24 = { 558bec81ec9c00000053565768a87b40 } | |
| $a_25 = { 558bec81c4a0fdffff8d85acfdffff50 } | |
| $a_26 = { 558bec518325487b400000b9507b4000 } | |
| $a_27 = { 558bec83ec0c568b75088975f88955fc } | |
| $a_28 = { 558bec56578b7d0833f685ff745a68a4 } | |
| $a_29 = { 558bec5356570ee8050000005f5e5bc9 } | |
| $a_30 = { 558bec68ed030000ff3538d84000e860 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32LockScreen_ba7b44b988ae906e121ef0586896db110fb2d83eb026b98806fcb0dad6e24bed { | |
| strings: | |
| $a_2 = { 558bbad0d1fba5aa862749ebabbc9632 } | |
| condition: | |
| 2 of them | |
| } | |
| rule RansomWin32Locky_99f52ec1b42f55a659cbbd38bfeeb5a7b2c4a618793ed78396dd02e91840e0c3 { | |
| strings: | |
| $a_2 = { 558bece80f000000837d08007405e82c } | |
| $a_3 = { 558bec8b45086a048b48048b09e8ba6d } | |
| $a_4 = { 558bec83e4f881ec780600005333db56 } | |
| $a_5 = { 558bec83e4f881ec5c0a0000538b5d08 } | |
| $a_6 = { 558bec83ec1c8d45f056ff7510be4c36 } | |
| $a_7 = { 558bec566a108bf1e87b7f01008bd059 } | |
| $a_8 = { 558bec837d18007417ff7518b910184c } | |
| $a_9 = { 558bec53ff75088bd9e8d4ffffff85c0 } | |
| $a_10 = { 558bec83ec085356578b7d148b4f0c8b } | |
| $a_11 = { 558bec81ec18020000e81572000084c0 } | |
| $a_12 = { 558bec833ddc344c0000750633c05dc2 } | |
| $a_13 = { 558bec8b550883c144e83b0c000033c0 } | |
| $a_14 = { 558becff750cff75086a1ae88e95fcff } | |
| $a_15 = { 558bec83e4f8b80c2d0000e850480200 } | |
| $a_16 = { 558bec83ec1453568bf1578d4d0ce862 } | |
| $a_17 = { 558b2f969ddecce71375887524c7ae0d } | |
| $a_18 = { 558bec568bf157c70698284b0033ff8d } | |
| $a_19 = { 558bec837d10000f85271b06008b0d7c } | |
| $a_20 = { 558bec83ec185356578bd98b4d0c68f0 } | |
| $a_21 = { 558bec8b45088b48048b09e8c86cfbff } | |
| $a_22 = { 558bec8b450883f8107766ff248551d0 } | |
| $a_23 = { 558bec83ec10568b750c833e000f84b1 } | |
| $a_24 = { 558bec8b4d0c5685c97516e8f02c0000 } | |
| $a_25 = { 558bec8b0d7c184c00a170184c00538b } | |
| $a_26 = { 558bec5157ff15c4d348008bf885ff74 } | |
| $a_27 = { 558bec83ec10ff75088d4df0e8627ffe } | |
| $a_28 = { 558bec837d0800568bf175095151e890 } | |
| $a_29 = { 558bec83ec1c57ff7508b910184c00e8 } | |
| $a_30 = { 558bec83ec2853565768d0010000e8a1 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Loktrom_d46501bc9afa35a8c6d0a8fb8dd90c0d550232a6a2983b77cef531c7df6165b2 { | |
| strings: | |
| $a_2 = { 558bec51a104c140002b450c8945fc8b } | |
| $a_3 = { 558bec5156ff15fcb440008bf085f674 } | |
| $a_4 = { 558b5c24102b5c243c89d85d01c50fbe } | |
| $a_5 = { 558bec83ec1c833df8be4000000f85b7 } | |
| $a_6 = { 558bec51535657ff354cc14000e8d627 } | |
| $a_7 = { 558ba72aa2f1329e065386d0e24ebb48 } | |
| $a_8 = { 558bec8b451083ec1c85c07505b80ba0 } | |
| $a_9 = { 558bec8b450c83ec6083e80f53568b35 } | |
| $a_10 = { 558bec56ff3560c14000e8350e00008b } | |
| $a_11 = { 558bec83ec1c5657ff354cc14000e855 } | |
| $a_12 = { 558bec83ec10837d0c0f744c837d0c30 } | |
| $a_13 = { 558bec8b4508a304c140008b0d84b140 } | |
| $a_14 = { 558bec5153565768fca1400033dbff15 } | |
| $a_15 = { 558bec5157ff3554c14000e8811f0000 } | |
| $a_16 = { 558bec538b5d185657ff33e80e010000 } | |
| $a_17 = { 558bec33c039450c7c31568b75085050 } | |
| $a_18 = { 558bec5657ff75108bf8ff750cff15a8 } | |
| $a_19 = { 558beca104c140002b4508a304c14000 } | |
| $a_20 = { 558bec83ec40538b1d48b54000576a05 } | |
| $a_21 = { 558bec83ec1c535657ff7514be001000 } | |
| $a_22 = { 558bec51516830c14000ff15a4b44000 } | |
| $a_23 = { 558bec83ec10568b7508575633ffe877 } | |
| $a_24 = { 558bec51837d0c00743d8b450c50e88a } | |
| $a_25 = { 558bec6af0ff7508ff1500b54000a900 } | |
| $a_26 = { 558b2ddcb54000ffd5eb068b2ddcb540 } | |
| $a_27 = { 558bec83ec385357ff3590be40008d45 } | |
| $a_28 = { 558bec8b45083b0584b1400072218b0d } | |
| $a_29 = { 558bec83ec10575656ff7508ff15e4b5 } | |
| $a_30 = { 558bec83ec18535657ff3554c1400033 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Lyposit_d54bc85f8531ace36cf65b32533ce23053f22211bde6eec9f58392e6c57371f6 { | |
| strings: | |
| $a_2 = { 558bec538b5d0856578bf9c707c47641 } | |
| $a_3 = { 558bec83ec2053576a1c33db53ff1528 } | |
| $a_4 = { 558bec6afe68d88541006880a3400064 } | |
| $a_5 = { 558bec83ec0c8b4d0c33c089018b4d10 } | |
| $a_6 = { 558bf89771d66f63f782c215a460fac6 } | |
| $a_7 = { 558bec568bf1c706a8764100e8661200 } | |
| $a_8 = { 558bec8b0db4bd4100a1b8bd41006bc9 } | |
| $a_9 = { 558bcabfd84241008bf033dbf3a77507 } | |
| $a_10 = { 558bec83ec10ff75088d4df0e80debff } | |
| $a_11 = { 558b28b9b2d57404574e506d205ec776 } | |
| $a_12 = { 558bec538b5d08568bf1c706c4764100 } | |
| $a_13 = { 558bec565733f6ff750cff7508e8c1cf } | |
| $a_14 = { 558b17d92b660ff16e8330819b2af22f } | |
| $a_15 = { 558b83fce98529407100f100ae0b9e7a } | |
| $a_16 = { 558bab7f477442ed7905a02a20bc79cf } | |
| $a_17 = { 558bec83ec2c538b5d088b4b3456578b } | |
| $a_18 = { 558bec83ec0c85ff750ae803bbffffe8 } | |
| $a_19 = { 558bec535657556a006a006898d44000 } | |
| $a_20 = { 558bec83ec14535657e8a2f0ffff8365 } | |
| $a_21 = { 558bec83ec10a1f8a341008365f80083 } | |
| $a_22 = { 558bec81ec28030000a3b0b84100890d } | |
| $a_23 = { 558bec83e4f8515156576a095933c033 } | |
| $a_24 = { 558b1165206407f095a23dc0cf0a67c8 } | |
| $a_25 = { 558bec8b4508568b750c578b7d1050ff } | |
| $a_26 = { 558bec518d45fc56508bc7e87affffff } | |
| $a_27 = { 558bec8b4508a320b741005dc36a1068 } | |
| $a_28 = { 558ba19ca5884cbe1ae07ab8e447335f } | |
| $a_29 = { 558bec83ec14a1b4bd41008b4d086bc0 } | |
| $a_30 = { 558bec51566a018bf08d45ff6a0150e8 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Malasypt_2410027ab75856a82c83ef793d320afa3912f9c1b78e308c137535079a5b3f42 { | |
| strings: | |
| $a_2 = { 558b623006c22a0190db3bae4367c580 } | |
| condition: | |
| 2 of them | |
| } | |
| rule RansomWin32Mambretor_53e1eda1b36f036458b5b81fd03de3c7db92cc6c425caa86c13fdbc107e9d6bb { | |
| strings: | |
| $a_2 = { 558bec81ecb0000000a19ce6420033c5 } | |
| $a_3 = { 558bec83ec0853565733ff897dfc897d } | |
| $a_4 = { 558bec81ec780a0000a100a0410033c5 } | |
| $a_5 = { 558becb824100000e87b7d0000a1ac96 } | |
| $a_6 = { 558bec83ec2853565750c745f4000000 } | |
| $a_7 = { 558bec83e4f8a1646802103d80bf0010 } | |
| $a_8 = { 558bec81ecac030000a100a0410033c5 } | |
| $a_9 = { 558bec83e4f883ec5c568b77046a006a } | |
| $a_10 = { 558bec83ec2c5633c05733f656568945 } | |
| $a_11 = { 558bec83ec0c5356578bf8ff159c4141 } | |
| $a_12 = { 558bec8b45088b804009000081ec5c01 } | |
| $a_13 = { 558bec8b4508538b5828568b750c8b4e } | |
| $a_14 = { 558bec5151a1ac96420033c58945fc8b } | |
| $a_15 = { 558bec568b75088b46148b4e105051e8 } | |
| $a_16 = { 558bec83e4c083ec74a10060021033c4 } | |
| $a_17 = { 558bec81ec80000000a1a0c0330033c5 } | |
| $a_18 = { 558bec83e4f881ec3c0100005683c030 } | |
| $a_19 = { 558bec83ec2c568b356042410033c08d } | |
| $a_20 = { 558bec568b7508ff36e80511ffffff76 } | |
| $a_21 = { 558bec83e4f883ec345633c06a008944 } | |
| $a_22 = { 558b0d809603008b1584960300a17c96 } | |
| $a_23 = { 558bec568b750856e8ff2e00005983f8 } | |
| $a_24 = { 558bec83ec54a130b641005356576869 } | |
| $a_25 = { 558bec83ec10ff75088d4df0e83b6aff } | |
| $a_26 = { 558bec83ec1c56e8ca09ffff85c07422 } | |
| $a_27 = { 558bec568b750857568bf9e8ff3d0000 } | |
| $a_28 = { 558bec81ec20040000a10060021033c5 } | |
| $a_29 = { 558bec83ec20a1506952000fb748148b } | |
| $a_30 = { 558bec81eccc010000a19ce6420033c5 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Milicry_1c414c2f2996a741e02c75ec520d3c318797ed9de65ddda92363bcc530d766ed { | |
| strings: | |
| $a_2 = { 558bec6aff68b0c2410064a100000000 } | |
| $a_3 = { 558becff75088bcec7460c78c04100ff } | |
| $a_4 = { 558bec83ecc72bc103c37470140000fc } | |
| $a_5 = { 558bec83ec20578b7d0c33d2f77510bf } | |
| $a_6 = { 5589e581ec1c0100000fb79540ffffff } | |
| $a_7 = { 558bec81ec98000000a198c0410033c5 } | |
| $a_8 = { 558bec66837d200075f38b7e282b7e24 } | |
| $a_9 = { 558bec6aff50ff1524b14100e8258700 } | |
| $a_10 = { 558bec8b450c89501bebe88b7df88b4d } | |
| $a_11 = { 558b000075f533db53031d8815400081 } | |
| $a_12 = { 558bec8b45088d5f083b0374e6ff7524 } | |
| $a_13 = { 558becc60489384de050e822f600ff3b } | |
| $a_14 = { 558bec568b750c33db570f85f4ffffff } | |
| $a_15 = { 5589e581eca401000005480400001345 } | |
| $a_16 = { 558bec5340fec2885dff8d45e0ff750c } | |
| $a_17 = { 558bec81ec0c020000538bc18be55dc3 } | |
| $a_18 = { 558bec6aff8d47013bd075f50fb6c885 } | |
| $a_19 = { 558bec8b45088946048b4580015d8440 } | |
| $a_20 = { 5589e551515356576864bd0000e822fd } | |
| $a_21 = { 558b6c241056ff7508ff7104ff1570b0 } | |
| $a_22 = { 558bec81ec88000000a19cc3410033c4 } | |
| $a_23 = { 558bec8b4508895638894e348b0856ff } | |
| $a_24 = { 5589e581ec04020000039554feffff2d } | |
| $a_25 = { 5589e583ec1053565768b17dffffe82b } | |
| $a_26 = { 558bec6aff6844c0410064a100000000 } | |
| $a_27 = { 558bec6aff6890b2410068809f410064 } | |
| $a_28 = { 558bec53e9000083c4751057e8fa0d83 } | |
| $a_29 = { 558bec83ec105333c05f8956088b45a4 } | |
| $a_30 = { 558bec6aff6880c2410064a100000000 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Mischa_1dbb15d64453eaf80b0630e7d8e25fdfad21329970bed1f2ecd0a81cc7499d9f { | |
| strings: | |
| $a_2 = { 558bec83ec20530fb65a03c1e308560f } | |
| $a_3 = { 558bec518b550c83ec088b4d08ff7510 } | |
| $a_4 = { 558bec51578bf98955fc3bfa740c8b42 } | |
| $a_5 = { 558bec81ec5c0c000056894df48d4dc0 } | |
| $a_6 = { 558bec83e4f883ec2c538b19568b710c } | |
| $a_7 = { 558bec83e4f881ec400100008bd18d4c } | |
| $a_8 = { 558bec83ec1033c0c745f00100000053 } | |
| $a_9 = { 558bec83ec44538b5d08568bf18b4604 } | |
| $a_10 = { 558bec8d451050ff750c8d4d08e86efc } | |
| $a_11 = { 558bec8b550c8b4d085de9c10f0000cc } | |
| $a_12 = { 558bec83ec648bc18955f45356578b70 } | |
| $a_13 = { 558bec81ec8c00000033c05356578bf9 } | |
| $a_14 = { 558bec81ec040500008d85fcfaffff53 } | |
| $a_15 = { 558becff75108b550c8b4d08e8af1c00 } | |
| $a_16 = { 558bec83ec0853568bf28bc1578975fc } | |
| $a_17 = { 558bec8b550c8b4d085de9510d0000cc } | |
| $a_18 = { 558bec8b550c8b4d085de9611d0000cc } | |
| $a_19 = { 558bec81ec980000005356578bfa8bd9 } | |
| $a_20 = { 558bec83e4f883ec3453568bf2895424 } | |
| $a_21 = { 558bec81ec380100008b4108538b590c } | |
| $a_22 = { 558bec83ec14568bf18955f4578b3e8b } | |
| $a_23 = { 558bec83ec2c5333c0c745d401000000 } | |
| $a_24 = { 558bec83ec088a4510538af8894df8d0 } | |
| $a_25 = { 558bec83ec3c5356576a308d7dc48955 } | |
| $a_26 = { 558bec8b4508568bf1c1e80257894608 } | |
| $a_27 = { 558bec5153568bf18955fc578b5e0483 } | |
| $a_28 = { 558bec568b325733ff8da42400000000 } | |
| $a_29 = { 558bec5156576890fa001068a0fa0010 } | |
| $a_30 = { 558bec81ecd406000053565733f68bf9 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Molock_eb7ab804f5d1dbec41063cae6569d4099b5de09245ebf521eb7703c8416a60ef { | |
| strings: | |
| $a_2 = { 558bec83ec4c8b1153568b7108578b79 } | |
| $a_3 = { 558b7c50629d91c5ebf19efe6868ff39 } | |
| $a_4 = { 558b44bfe1faa0f6d3525871818f2c01 } | |
| $a_5 = { 558be88becf9eb046497fec9548d6424 } | |
| $a_6 = { 558b225d8d817867ffff8dadc6ffffff } | |
| $a_7 = { 558be80fb65d005de9eb00000071fa68 } | |
| $a_8 = { 558bed35772ae9b27292a9a6f9c5a99e } | |
| $a_9 = { 558b59c6bd8a609b9ade82db98372792 } | |
| $a_10 = { 558bca0fc9ebdd8b49208d64240425ff } | |
| $a_11 = { 558be80fb65d005debc3c342d0b742f4 } | |
| $a_12 = { 558be80fb65d005debcc8d642404eb28 } | |
| $a_13 = { 558ba13a6a2a128f993f154ce2f94dad } | |
| $a_14 = { 558b6f489d19a2b01c629eddb0dd6922 } | |
| $a_15 = { 558bee83c518ebe28b7e249ceb570190 } | |
| $a_16 = { 558b96b661980e62248dc364092ccf93 } | |
| $a_17 = { 558b1b880f718c4e6995b55739e3fe6a } | |
| $a_18 = { 558beaebc38d64241c5f668bf1eb42b0 } | |
| $a_19 = { 558b3424eb1c23a93958ab1748eb02bd } | |
| $a_20 = { 558bb7ee8ef0d38c01da0f5f71df3b95 } | |
| $a_21 = { 558bc31ea50a83663fed2e73bdec5a29 } | |
| $a_22 = { 558bec81ecdc000000568bf2894df8eb } | |
| $a_23 = { 558b4a47c19ba958bfa3567e5af3566b } | |
| $a_24 = { 558bcc8481312d81375d964a7861ecaa } | |
| $a_25 = { 558bcdebc8eb57ce46d4b34ef07cfb6b } | |
| $a_26 = { 558bf166f7d60fce8b74241b8d642428 } | |
| $a_27 = { 558bee8d6d0cebe28d1c328d1c34eb13 } | |
| $a_28 = { 558bc766b81fc18b2c240f93c0e9f100 } | |
| $a_29 = { 558b0d9de417d31c6f76894c241cf961 } | |
| $a_30 = { 558ba6742e7cfee3b1ba8648542305ca } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Mytreex_357e75744b9a5146e1a1285a2f62d117fb2d256a1af63680912b88452c4ae076 { | |
| strings: | |
| $a_2 = { 558bec5de933ffffff6a0c68904f4100 } | |
| $a_3 = { 558becff750c6a02ff7508e8130c0000 } | |
| $a_4 = { 558bec83ec10ff750c8d4df0e8f7c4ff } | |
| $a_5 = { 558bec81ecb4000000a10c60410033c5 } | |
| $a_6 = { 558becff7508ff352c614100ff15d430 } | |
| $a_7 = { 558bec568b35bc9b4100eb215750ff75 } | |
| $a_8 = { 558bec8b45085633f63bc6751de87244 } | |
| $a_9 = { 558bec83ec1053ff75148d4df0e88b2e } | |
| $a_10 = { 558bec6a0a6a00ff7508e8080d000083 } | |
| $a_11 = { 558bec81ec94000000a10c60410033c5 } | |
| $a_12 = { 558bec83ec10ff750c8d4df0e88ac9ff } | |
| $a_13 = { 558bec8b45085633f63bc6751de8d4cc } | |
| $a_14 = { 558bec5633f6393514a04100750733c0 } | |
| $a_15 = { 558bec6807010000ff7508e8ab0b0000 } | |
| $a_16 = { 558bec8b4508a3146041005dc3a11460 } | |
| $a_17 = { 558bec6803010000ff7508e87d0a0000 } | |
| $a_18 = { 558bec833d84984100017505e8e00800 } | |
| $a_19 = { 558bec5de900ffffff6a1468b84f4100 } | |
| $a_20 = { 558bec83ec105333db538d4df0e8cdf9 } | |
| $a_21 = { 558bec833dd4a141000075128b45088b } | |
| $a_22 = { 558bec81ec28030000a10c60410033c5 } | |
| $a_23 = { 558becff750c6807010000ff7508e838 } | |
| $a_24 = { 558bec8b4508568d34c538614100833e } | |
| $a_25 = { 558bec6afe68484e4100685030400064 } | |
| $a_26 = { 558becff750c6a20ff7508e8ab0a0000 } | |
| $a_27 = { 558bec6817010000ff7508e84b0b0000 } | |
| $a_28 = { 558bec83ec10ff75088d4df0e88bc1ff } | |
| $a_29 = { 558bec83ec20a10c60410033c58945fc } | |
| $a_30 = { 558becff750c6807010000ff7508e86a } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Nasan_0350b2b16675ba9a69e782eca14065e0a7e37bd1b83fd4bcb2f8cdb5a822cc8f { | |
| strings: | |
| $a_2 = { 558bec6a00ff1530604000ff7508ff15 } | |
| $a_3 = { 558bec81ec340200008d85ccfdffff56 } | |
| $a_4 = { 558bec83ec10568bf18d4df08b46288d } | |
| $a_5 = { 558bec83ec308d55d06a0c59e87b0b00 } | |
| $a_6 = { 558bec83ec208d55f46a4f59e8cd0b00 } | |
| $a_7 = { 558bec6afe68f0724000682034400064 } | |
| $a_8 = { 558bec81ec24020000b80802000048c6 } | |
| $a_9 = { 558bec51565733ff8bf257576a03576a } | |
| $a_10 = { 558becff15a46040006a01a3e4af4100 } | |
| $a_11 = { 558bec535657556a006a0068782d4000 } | |
| $a_12 = { 558bec83ec448bd1536a445833db4888 } | |
| $a_13 = { 558bec81ec240300006a17e87b020000 } | |
| $a_14 = { 558bec6afe68d0724000682034400064 } | |
| $a_15 = { 558bec81ec4002000053566a518d55ec } | |
| $a_16 = { 558bec83ec508d55cc56576a0959e8ce } | |
| $a_17 = { 558bec83ec6c8d55e053566a0859e86f } | |
| $a_18 = { 558bec81ec20020000b80802000048c6 } | |
| $a_19 = { 558becff7508ff155460400050ff1540 } | |
| $a_20 = { 558be98bda85ed750d85db740583c8ff } | |
| $a_21 = { 558bec81eccc020000b8cc02000048c6 } | |
| $a_22 = { 558bec5356576a0052682638400051e8 } | |
| $a_23 = { 558bec81ec74040000568d45fcc745fc } | |
| condition: | |
| 18 of them | |
| } | |
| rule RansomWin32Natasa_7ec5ae6e3423c62d8d7c940407392bb4073f09d0d2e1ed36226e520c80edf512 { | |
| strings: | |
| $a_2 = { 558b6b4f95e40c90fb64faf201a9feec } | |
| condition: | |
| 2 of them | |
| } | |
| rule RansomWin32Nemreq_9655f7ea55dfed5cd5a1d8b345c1a8c29a83d62bbf71b048f27674085cdf4b1d { | |
| strings: | |
| $a_2 = { 558bec83ec085356578bf85733f6c745 } | |
| $a_3 = { 558bec535768feff000033db53ff15e0 } | |
| $a_4 = { 558bec83ec088b460c0fb74d0c8945f8 } | |
| $a_5 = { 558bec8b450c538b1de080400056578b } | |
| $a_6 = { 558bec53568bf08b4508578b3885ff74 } | |
| $a_7 = { 558bec83ec088b4510668338008b5508 } | |
| $a_8 = { 558bec83ec2856c745d800000000b8fe } | |
| $a_9 = { 558bec8b4508535650ff158480400085 } | |
| $a_10 = { 558bec83ec1456c745f800000000b800 } | |
| $a_11 = { 558bec83ec4456c745fc000000008b45 } | |
| $a_12 = { 558bec83ec185356578955f0894df4c7 } | |
| $a_13 = { 558bec8b4508568b700485f67438538b } | |
| $a_14 = { 558bec83ec0c8b450c0fbf4004538b5d } | |
| $a_15 = { 558bec81ec3c020000538bd833c05689 } | |
| $a_16 = { 558bec81ec4c01000053568b75085733 } | |
| $a_17 = { 558bec81ec2802000053568bd833c057 } | |
| $a_18 = { 558bec83ec148b45088945f4b8ff7f00 } | |
| $a_19 = { 558bec83e4f883ec0853578b7d2c6a00 } | |
| $a_20 = { 558bec515653ff15848040008945fc85 } | |
| $a_21 = { 558bec83ec24c745e000000000c745fc } | |
| $a_22 = { 558bec83ec1c8b471056506a008d7720 } | |
| $a_23 = { 558bec83ec0856b810000100e88f3700 } | |
| $a_24 = { 558bec518b450c50ff1584804000508b } | |
| $a_25 = { 558bec83ec1453578955ec894df0c745 } | |
| $a_26 = { 558bec83ec080fbf460653578b7d0c0f } | |
| $a_27 = { 558bec83ec0c8b550c0fbf4a048b520c } | |
| $a_28 = { 558bec81ec88000000c7459032c14000 } | |
| $a_29 = { 558bec51b810000100e8422f00008945 } | |
| $a_30 = { 558bec83ec345356578bf88b45086a02 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Nobig_b99c2eb8f74d549f825ca73a1f8a23436e668e5f0de2f3c2cedb548514c0093e { | |
| strings: | |
| $a_2 = { 558bec83ec448b450c5356578b7d1833 } | |
| $a_3 = { 558bec5151a16c60460033c58945fc83 } | |
| $a_4 = { 558bec568b75080fb7460450e8f11800 } | |
| $a_5 = { 558bec5156578bf1e8a9feffff6a018b } | |
| $a_6 = { 558bec56ff75108b35188c4600ff750c } | |
| $a_7 = { 558bec8d4108500fb6450850e8bbf100 } | |
| $a_8 = { 558bec83ec0c538bd9e82d47ffff3bd8 } | |
| $a_9 = { 558b6b04896c24048bec6aff6860d144 } | |
| $a_10 = { 558bec518b450853568bf1bb00010000 } | |
| $a_11 = { 558bec51566a088bf1e8c7a6ffff8945 } | |
| $a_12 = { 558bec833df09546000075065de9c10c } | |
| $a_13 = { 558bec83ec18538b5d08568b75145789 } | |
| $a_14 = { 558bec8b4d0c3a0d1c914600771ba118 } | |
| $a_15 = { 558bec8b49205de9be8800006a0cb81f } | |
| $a_16 = { 558bec568b35bc8b460033356c604600 } | |
| $a_17 = { 558bec568bf10f57c08d460450c706f4 } | |
| $a_18 = { 558bec51a16c60460033c58945fc578b } | |
| $a_19 = { 558becff7508ff15400045005dc3ff25 } | |
| $a_20 = { 558bec83ec1c5356578bd9e8a079ffff } | |
| $a_21 = { 558bec6aff6844d5440064a100000000 } | |
| $a_22 = { 558becff7508ff15240145005dc3e999 } | |
| $a_23 = { 558bec8b4d0883f9fe7515e8ede5feff } | |
| $a_24 = { 558bec568bf16a0cff7604e87bc6ffff } | |
| $a_25 = { 558b6b04896c24048bec6aff681fda44 } | |
| $a_26 = { 558becff750ce8403d0200590fb7c8b8 } | |
| $a_27 = { 558bec5151568bf1578b068b3857e85a } | |
| $a_28 = { 558bec53e8bd4502008b5d086a026800 } | |
| $a_29 = { 558bec6aff6833d4440064a100000000 } | |
| $a_30 = { 558bec81ecb0000000a16c60460033c5 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Nymaim_491d507b4bb78214d77c5194cd5116e5f7c3f1fe6be81feaaa153361705d7d3c { | |
| strings: | |
| $a_2 = { 558bec8b450803450c8a005dc3558bec } | |
| $a_3 = { 558bec51535657bb7a0104c633ff57ff } | |
| $a_4 = { 558b02a01230e00bce832e60421557ae } | |
| $a_5 = { 558ba5adf8b79da929a0e86a1f81bdce } | |
| $a_6 = { 558b733045d3e831f4f8ab8b5030e452 } | |
| $a_7 = { 558bec83ec14c745fc064542008d1506 } | |
| $a_8 = { 558bec8b4d0c33c0c70560aa4200dd0c } | |
| $a_9 = { 558becff750cff7508ff15b41042005d } | |
| $a_10 = { 558bec83ec108365f80053565733ffc7 } | |
| $a_11 = { 558bece81cefffff4bce8be876f8ffff } | |
| $a_12 = { 558bec81ec38040000c785ccfeffffc0 } | |
| $a_13 = { 558bec8b450c8b003504040200752b8b } | |
| $a_14 = { 558bec8b45088b088b0183f87b752c8b } | |
| $a_15 = { 558bec8b45088b4d088d90e031000023 } | |
| condition: | |
| 12 of them | |
| } | |
| rule RansomWin32Petya_dd69ce993a90ae48895d6078626b249a6544fc73cfab41bc0dc6e5e963cf1809 { | |
| strings: | |
| $a_2 = { 558b9003ae57ce14d747b0c970d19cfe } | |
| $a_3 = { 558bec83ec4481f660c20a05e81846ff } | |
| condition: | |
| 2 of them | |
| } | |
| rule RansomWin32Pottieq_373552cec2ef55396c85c39a003cff08ecaf77c3d0aa5bbda33850b460fe579f { | |
| strings: | |
| $a_2 = { 5589e583ec088945fcba64e95b00b800 } | |
| $a_3 = { 5589e583ec508945fcc745f400000000 } | |
| $a_4 = { 5589e583ec04895dfc89c38b4304e87d } | |
| $a_5 = { 5589e5803df05c5b00007502eb02eb26 } | |
| $a_6 = { 5589e581ecf400000089b50cffffff89 } | |
| $a_7 = { 5589e583ec10d9ebdb2d1cbf5700def9 } | |
| $a_8 = { 558b45d88b55d88b12ff928800000089 } | |
| $a_9 = { 5589e583ec10d9ebdb2d1cbf5700def1 } | |
| $a_10 = { 5589e583ec048945fc8b45fca380ab5c } | |
| $a_11 = { 5589e583ec2c8b450ce8d228ebff8d4d } | |
| $a_12 = { 558b55fc8b45f88b848288030000e856 } | |
| $a_13 = { 558b66980b1c619802715b169a2dbcca } | |
| $a_14 = { 5589e5803df08c5b00007502eb02eb0c } | |
| $a_15 = { 5589e583ec088945fc8b45fc8d502c8b } | |
| $a_16 = { 5589e5b84c265b00a370275a006a00b8 } | |
| $a_17 = { 5589e583ec08895df88975fce89f1fff } | |
| $a_18 = { 5589e583ec04895dfc8b1520605c0085 } | |
| $a_19 = { 5589e583ec088945fcb8ccdf58008945 } | |
| $a_20 = { 5589e583ec088945fc8b45fc8b401485 } | |
| $a_21 = { 5589e583ec088945fc8b45fce8df0000 } | |
| $a_22 = { 5589e583ec088945fc0fb70500ac5c00 } | |
| $a_23 = { 5589e5803d708a5b00007502eb02eb0c } | |
| $a_24 = { 5589e583ec04ba2cd85b00b81c9d5a00 } | |
| $a_25 = { 5589e5b8808a4b00a300a85c00b8d08a } | |
| $a_26 = { 5589e589ca8b4010e82305000089c18b } | |
| $a_27 = { 5589e5a1805d580085c0740bff35805d } | |
| $a_28 = { 5589e583ec048945fc8b45fce88fca01 } | |
| $a_29 = { 5589e583ec38895dc88945fc8955f88b } | |
| $a_30 = { 5589e58b45088b550cb100e8801effff } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32PrincessLocker_be7f8ba2127dc44ee7a8b5a4b972b6582571fb912e993f98978b96c8a5c74ee0 { | |
| strings: | |
| $a_2 = { 558b79a38802dc5af7649a1c749322f8 } | |
| $a_3 = { 558b0730b57caaa4342ab74ba5deab44 } | |
| $a_4 = { 558b8ff249c578223b24bd88c996f27b } | |
| $a_5 = { 558b99e24216e7ca006442424b21f975 } | |
| $a_6 = { 558b2c0438634b4e461e15365adf186f } | |
| $a_7 = { 558b30f3db5cd6be375f7109ead4356e } | |
| $a_8 = { 558b2c0438634b4e461e15365a8f106f } | |
| $a_9 = { 558b2c04384c5a0d46a1eac9a59c3e68 } | |
| $a_10 = { 558b6e2e00610c4fa8cc3b7ccc45a53f } | |
| $a_11 = { 558b7e2e72617f4fa1cc337c9745cb3f } | |
| $a_12 = { 558b30d47d7ad787a21c9abf6508701b } | |
| $a_13 = { 558ba5df4a2d5fc7004e435e9fd76e2b } | |
| condition: | |
| 10 of them | |
| } | |
| rule RansomWin32Pulobe_caf825aaf458247ea5349a135ddc83ca8029b9c05ae730573c29cb1d1ae4820e { | |
| strings: | |
| $a_2 = { 558bec83ec105333db538d4df0e81cce } | |
| $a_3 = { 558bec5151dd45085151dd1c24e8b21f } | |
| $a_4 = { 558bec837d0800750bff750ce89489ff } | |
| $a_5 = { 558bec83ec106a0ce8051400005985c0 } | |
| $a_6 = { 558bec568b750856e80c4a000050e8b0 } | |
| $a_7 = { 558becd945085151dd1c24e8d0380000 } | |
| $a_8 = { 558bec83ec10ff75088d4df0e8a5a7ff } | |
| $a_9 = { 558bec83ec38a1e8c5410033c58945fc } | |
| $a_10 = { 558bec8b450883f8fe7518e8f054ffff } | |
| $a_11 = { 558bec83ec1056ff750c8d4df0e8e6c4 } | |
| $a_12 = { 558bec83ec28a1e8c5410033c58945fc } | |
| $a_13 = { 558bec8b4508b960c341003bc1721f3d } | |
| $a_14 = { 558bec5153578bf88b47048b48048079 } | |
| $a_15 = { 558bec83ec10a1e8c541008365f80083 } | |
| $a_16 = { 558bec83ec10ff75088d4df0e8e19cff } | |
| $a_17 = { 558bec6afe68a08d410068f063400064 } | |
| $a_18 = { 558bec33c083ec0c3bf8750ae8563aff } | |
| $a_19 = { 558bec5151a1e8c5410033c58945fc53 } | |
| $a_20 = { 558bec83ec10ff75088d4df0e80e9eff } | |
| $a_21 = { 558bec833d2c474100007419682c4741 } | |
| $a_22 = { 558becb8e41a0000e8f20a0000a1e8c5 } | |
| $a_23 = { 558bec8b4508a3c0d441005dc38bff55 } | |
| $a_24 = { 558bec83ec2033c08b0cc5d8cd41003b } | |
| $a_25 = { 558bec83ec1056ff750c8d4df0e85ac5 } | |
| $a_26 = { 558bec83e4f8b874100000e825c20000 } | |
| $a_27 = { 558bec51833d8cd24100fe7505e89605 } | |
| $a_28 = { 558bec81ec1c090000538b1d10e04100 } | |
| $a_29 = { 558bec833dd8df41000075128b45088b } | |
| $a_30 = { 558bec83ec0c5356ff15303141008bd8 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Purubutu_90c370d4d11c274d6410ffd68d96610a88f60e448e27068847c6ab4cb563f135 { | |
| strings: | |
| $a_2 = { 558b4b5e8aae50ee41500457102d11f8 } | |
| $a_3 = { 558bd3baae323bd5b497aa59d3e78237 } | |
| $a_4 = { 558b17a2022d3835409fb2ad0b595524 } | |
| condition: | |
| 3 of them | |
| } | |
| rule RansomWin32Rackcrypt_172f368c5d4023a58b88808d86a16092278a2e7b6907bba7312581bdc47f9991 { | |
| strings: | |
| $a_2 = { 558b3119935ababf04b3680a91f5f8a8 } | |
| $a_3 = { 558b321a5e0043faae711191a5080010 } | |
| $a_4 = { 558b0a76f170335b86c729b6831a4d1d } | |
| $a_5 = { 558becc845102856be9bc1cab973b27c } | |
| $a_6 = { 558b96c500d9ea99fdb0307c7b075414 } | |
| $a_7 = { 558b039e03262c49fdfeae2c5f471705 } | |
| $a_8 = { 558b70bde80047fa7f93cd0371fc0062 } | |
| $a_9 = { 558b3d02b3302003c139b5483c2fc838 } | |
| $a_10 = { 558b416102b900c490284b0f0094e177 } | |
| $a_11 = { 558b60626d006ec6ec68448377af07a3 } | |
| $a_12 = { 558b40374c35254e5080a17d71623000 } | |
| $a_13 = { 558bec0fb703c023d266d3fad1c799d8 } | |
| $a_14 = { 558bd32f977900b738cdcc14196a4600 } | |
| $a_15 = { 558b16a271e88d00441d2007e21a5d94 } | |
| $a_16 = { 558b9e3f804e40958a86ade10164873e } | |
| $a_17 = { 558b457cb93100dc3dbd246751e7e500 } | |
| $a_18 = { 558beb7912ed70de380f17109aeac080 } | |
| $a_19 = { 558bf9072762eebb7d27f630beef6d72 } | |
| $a_20 = { 558bcc86145fee7028317599120b6a8c } | |
| $a_21 = { 558b2eb76f5708af9635065d2deb8e8b } | |
| $a_22 = { 558ba1d983e000dc58259d7c06c35ae4 } | |
| $a_23 = { 558bb3886cb190008c8f2470259cea01 } | |
| $a_24 = { 558b00eac7756c633e8648001f644ae1 } | |
| $a_25 = { 558b579685f075d8f69e03ced6dee2d5 } | |
| $a_26 = { 558bfccc58a9d600a34820019308350e } | |
| $a_27 = { 558b5d165b92564f53a1546ba3ee97e8 } | |
| $a_28 = { 558ba600223042d208c80402401e8419 } | |
| condition: | |
| 22 of them | |
| } | |
| rule RansomWin32Ranscrape_ebe8a360bdb4e3685d26aa6b57722753049a2afb84a7a0fe4d730755c4a2d053 { | |
| strings: | |
| $a_2 = { 558b013a84f6013b55e800003e110000 } | |
| $a_3 = { 558bec81ecfc020000535657c645d6a4 } | |
| $a_4 = { 558b011956e82aedfeffdcf86b469c10 } | |
| $a_5 = { 558bec81eca8000000568b45088945fc } | |
| $a_6 = { 558bb359edf0e02597b22d0000000000 } | |
| $a_7 = { 558be723348b4724346b425b5d5fd720 } | |
| $a_8 = { 558bfb27c3f3a58ba08acb74b5fcff7b } | |
| $a_9 = { 558bffd4cd42b46f539cf898a2027800 } | |
| $a_10 = { 558bec81ec2801000056c685e5feffff } | |
| $a_11 = { 558becb87c7a0000e8b3faffff57c645 } | |
| $a_12 = { 558bec81ec880200005356c745f80000 } | |
| $a_13 = { 558bf88e5408bf5053561db389c14c1a } | |
| $a_14 = { 558bec81eca00100005356c745fc4000 } | |
| $a_15 = { 558b010e33dbc7ff82c09fd6e702c552 } | |
| $a_16 = { 558b262a018d10a255be8870efe8732b } | |
| $a_17 = { 558b4a37f90f03116689601b8d495e76 } | |
| $a_18 = { 558bf8f554d28f000000000000000000 } | |
| $a_19 = { 558bec83ec6056c645b58d68031f4600 } | |
| $a_20 = { 558b26376c24c493c90f50f10000cc93 } | |
| $a_21 = { 558b78448b756494f40f0000d07afeff } | |
| $a_22 = { 558bec83ec18c745f002000000c705b8 } | |
| $a_23 = { 558b26e00f2b593b2160a71ce06f6663 } | |
| $a_24 = { 558bec81ec980100008b450ca3f42d47 } | |
| $a_25 = { 558b9eb95004af5312235db94bfc1db2 } | |
| $a_26 = { 558bc88fb108e90000a09bffffd8a9cc } | |
| $a_27 = { 558b0a61f78a0dfa020f4d8cbe741f40 } | |
| $a_28 = { 558be290e80f802683e8126522488042 } | |
| $a_29 = { 558b0695db0f0000903100000c95ed0f } | |
| $a_30 = { 558bf8b2e2a360103305a46f44000b77 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Ransoc_58abf40c45f6e468846b78bed6d0766805710cf7298858d62b8f12101d730627 { | |
| strings: | |
| $a_2 = { 5589e5535657556a006a0068b8ca4000 } | |
| $a_3 = { 558b20020000e8eef9006689378b3589 } | |
| $a_4 = { 558b68fa489af60fff0fffff0f0fffff } | |
| $a_5 = { 558bec8bcdffd233c05b5f33f6d3eaf7 } | |
| $a_6 = { 558becff15f0f2400083c4048385bc06 } | |
| $a_7 = { 5589e583ec1c53568b5d08833d748946 } | |
| $a_8 = { 5589e583ec04535657ff1570f1400089 } | |
| $a_9 = { 558beca1641241002bc68a0c18880b74 } | |
| $a_10 = { 558bec83ec08dd1c2468941341006838 } | |
| $a_11 = { 5589e581ec44010000020d3411400052 } | |
| $a_12 = { 558becff15bcf0400083ec488b45088b } | |
| $a_13 = { 5589e581ec1c03000081d24e33000085 } | |
| $a_14 = { 5589e581eca00100000fb785b4feffff } | |
| $a_15 = { 558bec8b4218565323caf3a4806405d4 } | |
| $a_16 = { 558becffb698000000e825e4ffff833e } | |
| $a_17 = { 558bece8bae9ffff8b3d741041008bf0 } | |
| $a_18 = { 5589e56aff68d4f9400068a8c9400064 } | |
| $a_19 = { 558b4424645b00e81a25e9d9c9d98815 } | |
| $a_20 = { 558bece85a3f000083c40c530f95c03b } | |
| $a_21 = { 558bec83ec14ff750cff7508e815cdff } | |
| $a_22 = { 5589e581ec5c0100006812abffffe820 } | |
| $a_23 = { 5589e581ec100200000355a88d0c111d } | |
| $a_24 = { 558bec6a0281e2dc7a00005081cefa31 } | |
| $a_25 = { 5589e581eca40200002dba21000029d0 } | |
| $a_26 = { 5589e583ec088d45f850ff157cf14000 } | |
| $a_27 = { 5589e583ec085356578b45088b55108b } | |
| $a_28 = { 558bec8b4508ff1524f140008b4df066 } | |
| $a_29 = { 558bec535633f6e806c7ffff894704eb } | |
| $a_30 = { 558bec8d85a4fcffff508b4590891083 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Rantest_1a473917e142e96e8ffdc8e1f99227d4c606172d43e8259c9c3997749573552b { | |
| strings: | |
| $a_2 = { 558becff05b8ab410053568b7508bb00 } | |
| $a_3 = { 558bec51566820b141008d4dffe85000 } | |
| $a_4 = { 558bec83ec18837d10007512e80bc5ff } | |
| $a_5 = { 558bec83ec388b451c8b4d108b551489 } | |
| $a_6 = { 558bec833d08ae410000740e6a00ff75 } | |
| $a_7 = { 558bec51a100a0410033c58945fc578b } | |
| $a_8 = { 558bec53568bf1ff762ce822fdffff59 } | |
| $a_9 = { 558bec6afe680890410068e023400064 } | |
| $a_10 = { 558bec83ec2ca100a0410033c58945fc } | |
| $a_11 = { 558bec83ec2057ff7508e8bdfdffff59 } | |
| $a_12 = { 558bec5de9ebfaffff6a0868888e4100 } | |
| $a_13 = { 558bec8b450883c02050ff1578304100 } | |
| $a_14 = { 558bec8b450883c02050ff157c304100 } | |
| $a_15 = { 558bec535657556a006a0068692c4000 } | |
| $a_16 = { 558bec8b4508a32cae41005dc38bff55 } | |
| $a_17 = { 558bec83e4f881ecac060000a100a041 } | |
| $a_18 = { 558bec51a100a0410033c58945fc8b4d } | |
| $a_19 = { 558bec568b75080fbe0650e826380000 } | |
| $a_20 = { 558bec83ec208d4de053ff7510e8f1c6 } | |
| $a_21 = { 558bec8b018b400cc1e80ca801740c8b } | |
| $a_22 = { 558beca100a0410083e01f6a20592bc8 } | |
| $a_23 = { 558bec81ec28030000a100a0410033c5 } | |
| $a_24 = { 558bec83ec48a100a0410033c58945fc } | |
| $a_25 = { 558bec568bf1ff36e8892c00008b5508 } | |
| $a_26 = { 558bec8b450885c07515e863eaffffc7 } | |
| $a_27 = { 558bec837d18007515e8c53e0000c700 } | |
| $a_28 = { 558becb818140000e838370000a100a0 } | |
| $a_29 = { 558becb810140000e826380000a100a0 } | |
| $a_30 = { 558bec83ec10ff750c8d4df0e857c7ff } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Rensen_b936c47327def597f7a5ca1f70cb1e3505fd797f23f81a46ec016ed76e8559d8 { | |
| strings: | |
| $a_2 = { 558b4b5dc6768ee58f7a091e89be1b44 } | |
| condition: | |
| 2 of them | |
| } | |
| rule RansomWin32Reveton_2d6a252b329c902c37b71660c8af7f761661af5a1f900b28d8a9056cdda9d2e3 { | |
| strings: | |
| $a_2 = { 558bec83c4f40fb705104042008945f8 } | |
| $a_3 = { 558bec83c4f85356578bf8b30133d255 } | |
| $a_4 = { 558bec6a005333d255684c8f410064ff } | |
| $a_5 = { 558bec83c4dc5356578bf033c0556810 } | |
| $a_6 = { 558bec83c4f853568945fc8b45fc8b55 } | |
| $a_7 = { 558bec33c951515151515356578b751c } | |
| $a_8 = { 558bec83c4f053568bda8bf08bc3e8f5 } | |
| $a_9 = { 558bec535657bf2c7642008b470885c0 } | |
| $a_10 = { 558bece81cfdffff84c074108b450c50 } | |
| $a_11 = { 558bec6a0033c055686280410064ff30 } | |
| $a_12 = { 558bf28bd88bc6e885c8ffff8bf88bc3 } | |
| $a_13 = { 558bec515356578bd833c055684caf40 } | |
| $a_14 = { 558bec518945fc33d255682c55400064 } | |
| $a_15 = { 558bec5153568955fc8bd88b45fce841 } | |
| $a_16 = { 558bec83c48c33c08945948945908945 } | |
| $a_17 = { 558bec81c404f0ffff5081c440fbffff } | |
| $a_18 = { 558bec51b9a50100006a006a004975f9 } | |
| $a_19 = { 558bec81c4f4fcffff53565733c08985 } | |
| $a_20 = { 558bec51538945fc8b45fce8c883feff } | |
| $a_21 = { 558bec33c055686158400064ff306489 } | |
| $a_22 = { 558bec33c05568c510410064ff306489 } | |
| $a_23 = { 558bec83c4f85356578bd8803db87542 } | |
| $a_24 = { 558bec33c055683df4410064ff306489 } | |
| $a_25 = { 558bece840f5ffff5531c968cc3a4000 } | |
| $a_26 = { 558bec5153565768d0ff4100e8635afe } | |
| $a_27 = { 558bec6a005333d25568ac8f410064ff } | |
| $a_28 = { 558bec33c05568cff3410064ff306489 } | |
| $a_29 = { 558b43048b00e829feffff598b530489 } | |
| $a_30 = { 558bec83c4f85356578945fca12c4042 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Sagecrypt_af178ccebbb4d57a0b60ed9500b2afeb7cfa8eba7f8777786c12511de307ef6f { | |
| strings: | |
| $a_2 = { 558bec8bc18b4d08c7008866f61c8b09 } | |
| $a_3 = { 558bec81ec28030000a3c8eef61c890d } | |
| $a_4 = { 558bec568bf18b4608c7066466f61c85 } | |
| $a_5 = { 558bec83e4c0565753b8349c0100e87d } | |
| $a_6 = { 558bec568b75085756e8dc5300005983 } | |
| $a_7 = { 558bec83ec10ff75088d4df0e8c468ff } | |
| $a_8 = { 558bec83ec1056ff750c8d4df0e85f92 } | |
| $a_9 = { 558bec83ec0c5356ff15ac60f61c8bd8 } | |
| $a_10 = { 558bec81ec80020000a1c4ccf61c33c5 } | |
| $a_11 = { 558b160fc16b80586e5b8b79945ce962 } | |
| $a_12 = { 558bec83ec24a1c4ccf61c33c58945fc } | |
| $a_13 = { 558bec33c08b4d083b0cc5786ff61c74 } | |
| $a_14 = { 558bec83ec20a1c4ccf61c33c58945fc } | |
| $a_15 = { 558bec83ec10ff75088d4df0e84146ff } | |
| $a_16 = { 558bec833da8e4f61c017505e8a30800 } | |
| $a_17 = { 558bec83ec74a1c4ccf61c33c58945fc } | |
| $a_18 = { 558bec83ec1056ff750c8d4df0e8eb91 } | |
| $a_19 = { 558bec81ecfc010000a1c4ccf61c33c5 } | |
| $a_20 = { 558bec83ec108b45088b4d0c68d089f6 } | |
| $a_21 = { 558bec81ec70010000897dfc8975f889 } | |
| $a_22 = { 558bec83ec10a1c4ccf61c8365f80083 } | |
| $a_23 = { 558bec8b450c568b75088906e8972900 } | |
| $a_24 = { 558bec68e066f61cff155461f61c85c0 } | |
| $a_25 = { 558becff3514ebf61cff154c61f61c85 } | |
| $a_26 = { 558bec56ff75088bf1e833130000c706 } | |
| $a_27 = { 558becff0598e4f61c6800100000e84a } | |
| $a_28 = { 558bec568bf1c7068866f61ce868ffff } | |
| $a_29 = { 558bec53568b354861f61c578b7d0857 } | |
| $a_30 = { 558bec5356576a0052684699f51c51e8 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Sarento_1fe6b1ca252797c3da76c1d71673bb9883c098f39ae1b1e9c7d21065107f2210 { | |
| strings: | |
| $a_2 = { 5589e583ec18e81584feffc704245013 } | |
| $a_3 = { 5589e583ec18a1ec91410085c0743ac7 } | |
| $a_4 = { 5589e551509f9f9e585656be4315b027 } | |
| condition: | |
| 3 of them | |
| } | |
| rule RansomWin32Shieldcrypt_9488c278449c36014adfc8a3427406c5313802624fd7eca63630a83d21040355 { | |
| strings: | |
| $a_2 = { 558bec81ec50040000a100b0400033c5 } | |
| $a_3 = { 558bec83e4f881ecac010000a100b040 } | |
| $a_4 = { 558bec81ecc4090000a100b0400033c5 } | |
| $a_5 = { 558bec81ec18040000a100b0400033c5 } | |
| $a_6 = { 558bec81ec34080000a100b0400033c5 } | |
| $a_7 = { 558bec81ec08010000a100b0400033c5 } | |
| $a_8 = { 558bec83e4f881ec34060000a100b040 } | |
| $a_9 = { 558bec832560b440000083ec105333db } | |
| $a_10 = { 558bec81eca00e0000a100b0400033c5 } | |
| $a_11 = { 558bec83ec085356578d45fc5033db6a } | |
| $a_12 = { 558bec538b5d088bd1565785d275028b } | |
| $a_13 = { 558becff7508ff15d850400050ff15dc } | |
| $a_14 = { 558bec81ec700e0000a100b0400033c5 } | |
| $a_15 = { 558becb820100000e8d3210000a100b0 } | |
| $a_16 = { 558bec81ec400a0000a100b0400033c5 } | |
| $a_17 = { 558bec83ec088b4508538ab800010000 } | |
| $a_18 = { 558bec83ec1053565768000000f033ff } | |
| $a_19 = { 558bec81ec380a0000a100b0400033c5 } | |
| $a_20 = { 558becff15ec5040006a01a35cb44000 } | |
| $a_21 = { 558bec81ec240300006a17e855020000 } | |
| $a_22 = { 558becb850120000e8231d0000a100b0 } | |
| $a_23 = { 558bec6a00ff15e0504000ff7508ff15 } | |
| $a_24 = { 558bec81ec24070000a100b0400033c5 } | |
| $a_25 = { 558bec5356578b7d0832db32f666c787 } | |
| $a_26 = { 558bec81ec1c050000a100b0400033c5 } | |
| condition: | |
| 21 of them | |
| } | |
| rule RansomWin32SieteCrypto_7aaa26bba8ab78ecabc3bbb0cb026cdcd7e917cfa2174e7f33cbfb5383172449 { | |
| strings: | |
| $a_2 = { 558bec83ec18a1e0e840008365e8008b } | |
| $a_3 = { 558bec83ec148b4d08a158f540008b15 } | |
| $a_4 = { 558bec535657556a006a0068102b4000 } | |
| $a_5 = { 558bec8b5508a1c8ec400053b948ec40 } | |
| $a_6 = { 558bec83ec4c5356576a0458e853e2ff } | |
| $a_7 = { 558b6c2408568bf1396e14577305e8c9 } | |
| $a_8 = { 558bc1c1f8058bf18d3c8540f440008b } | |
| $a_9 = { 558bcbe8d9fcffff566a008bcbe8cffc } | |
| $a_10 = { 558b6b1403ef83fdfe76078bcbe82508 } | |
| $a_11 = { 558bec5153fc8b450c8b40083b05e0e8 } | |
| $a_12 = { 558bec83ec105333db391d8cf1400056 } | |
| $a_13 = { 558bec83ec1ca1e0e8400053568b7508 } | |
| $a_14 = { 558bec83ec10a1e0e8400085c074073d } | |
| $a_15 = { 558bec515153565733ff393d4cf54000 } | |
| $a_16 = { 558bac24200400005655898424200400 } | |
| $a_17 = { 558bec83ec0ca1e0e840006a068945fc } | |
| $a_18 = { 558bec51518b45083b0520f440005657 } | |
| $a_19 = { 558bec83ec10f60590ef40000156be20 } | |
| $a_20 = { 558bcbe81bfbffff85ed766d837b1810 } | |
| $a_21 = { 558b6b1403ee83fdfe76078bcbe8240b } | |
| $a_22 = { 558bec6aff681892400068282c400064 } | |
| $a_23 = { 558bec81ec18050000a1e0e840008945 } | |
| $a_24 = { 558b6c241883fdfe76078bcbe8350900 } | |
| $a_25 = { 558bec6aff68f083400064a100000000 } | |
| $a_26 = { 558bec5633f646393570f04000577510 } | |
| $a_27 = { 558bcbe81afeffff85ed76768b4f18b8 } | |
| condition: | |
| 22 of them | |
| } | |
| rule RansomWin32Simlosap_239f8f451d95b79e3610565e8253dc90402dd8a206aa220be0bdb6e51d96c8ca { | |
| strings: | |
| $a_2 = { 558bec81c468feffff535657c7053887 } | |
| $a_3 = { 558becbaf8884600b800084200e822fb } | |
| $a_4 = { 558bec6a00538bd933c9556873f34200 } | |
| $a_5 = { 558bec83c4d45756538945fca07f8646 } | |
| $a_6 = { 558bec6a006a0033c055688284410064 } | |
| $a_7 = { 558bea8bf88bc7e83dc7ffff8bf0bb01 } | |
| $a_8 = { 558bec51538a98f8000000885dff6683 } | |
| $a_9 = { 558bec6a0053568bf18bda33c0556810 } | |
| $a_10 = { 558bec6a00538bd833c05568e6d44200 } | |
| $a_11 = { 558bec6a0033c055683ac1440064ff30 } | |
| $a_12 = { 558bec5331db89c1dd4508d88ba04146 } | |
| $a_13 = { 558bec51538955fc8bd88b45fce86e79 } | |
| $a_14 = { 558bc7e8a6dcffff50e81c02fcff83c4 } | |
| $a_15 = { 558becba388a4600b8401d4200e8dae5 } | |
| $a_16 = { 558bec33c05568395b420064ff306489 } | |
| $a_17 = { 558becba0c894600b830094200e8eef9 } | |
| $a_18 = { 558bec6a0053568bda33d25568cb0243 } | |
| $a_19 = { 558becba18894600b8dc094200e83ef9 } | |
| $a_20 = { 558bec535684d2740883c4f0e8cfd3fe } | |
| $a_21 = { 558be833db8b7d108b750c2bf77f174e } | |
| $a_22 = { 558becba088a4600b8fc194200e826e9 } | |
| $a_23 = { 558bec33c0556881d2420064ff306489 } | |
| $a_24 = { 558bec33c05568312f430064ff306489 } | |
| $a_25 = { 558bec33c055688925420064ff306489 } | |
| $a_26 = { 558bec8b450883c00450e8a5acffff5d } | |
| $a_27 = { 558bec51538bd8686c984600e81723fc } | |
| $a_28 = { 558bec33c0556809bc430064ff306489 } | |
| $a_29 = { 558bec33c05568a591430064ff306489 } | |
| $a_30 = { 558bec53568b45088b40fce8fce6feff } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32SintaCry_b1209d8a7c09729cfe4cceb5fb407b92cc0170f74d5990798473b9735aafc77c { | |
| strings: | |
| $a_2 = { 558b6c240c8b45043db8911f1e743168 } | |
| $a_3 = { 558b6c241c83fd057763ff24adb0f808 } | |
| $a_4 = { 558be881fdffffff7f761c8b0df4a921 } | |
| $a_5 = { 558bec83e4c08b480483ec40f7415400 } | |
| $a_6 = { 558b6c2430578b7c242cc74424100100 } | |
| $a_7 = { 558becb81d08241e5dc3cccccccccccc } | |
| $a_8 = { 558b43048b481853ffd183c4045f5e33 } | |
| $a_9 = { 558b6c2408568bf08b065055e87f0700 } | |
| $a_10 = { 558b6804837d18000f85fc0000006a00 } | |
| $a_11 = { 558b6c240c575550e889fcf8ff8bf883 } | |
| $a_12 = { 558b6c240c5750e873bdfeff8bf883c4 } | |
| $a_13 = { 558b6c241c8d442410506a005155ffd3 } | |
| $a_14 = { 558b6c240c895c240c85ed0f849b0300 } | |
| $a_15 = { 558b6c240c568b750883ee0157782e8b } | |
| $a_16 = { 558b6c2408568b7704f7465400000080 } | |
| $a_17 = { 558b4c24185157e84297f7ff83c40885 } | |
| $a_18 = { 558b2d64c2111e4e578b7c241885f67e } | |
| $a_19 = { 558b6c24208b5d0883fb017528660fb6 } | |
| $a_20 = { 558b6c241085c07d02f7d88b4b0885c9 } | |
| $a_21 = { 558b6c24308bfd2b7c24288bcf0fafce } | |
| $a_22 = { 558b6c241885ed7c0485ff7d248b0685 } | |
| $a_23 = { 558bec83e4c083ec34a188f9211e5356 } | |
| $a_24 = { 558b6c241450e86d91010083c40485c0 } | |
| $a_25 = { 558b4c24188b44240c6a0057512bc656 } | |
| $a_26 = { 558b2df4c1111e6a0a56ffd583c40885 } | |
| $a_27 = { 558b6c24305633f657b80701000033ff } | |
| $a_28 = { 558bec6afe68e04f1e1e680ab2111e64 } | |
| $a_29 = { 558b6c240c578d5412fe81fdcc00221e } | |
| $a_30 = { 558b6c240c5633f633db85ff7e2b8b44 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Sobnot_6d94bffb35137a3fe2642c32e4eb9faa19c63b631028ec48e4c3c132009f014c { | |
| strings: | |
| $a_2 = { 558becff750c6a01ff7508e80e6f0000 } | |
| $a_3 = { 558bec33c941840d205b4200755d090d } | |
| $a_4 = { 558bec83ec10a1ac5a42005333db568b } | |
| $a_5 = { 558bec56ff75088bf1e8aaa8ffffc706 } | |
| $a_6 = { 558bec8b4d0ca1904d42008b55082355 } | |
| $a_7 = { 558bec56e8e03400008b75083bb09800 } | |
| $a_8 = { 558bec5151a1d45a42008a0084c0750c } | |
| $a_9 = { 558bec83ec1c568b35d45a420033c980 } | |
| $a_10 = { 558bec83ec10ff750c8d4df0e8614bff } | |
| $a_11 = { 558bec33c0668b4d08663b88a0174200 } | |
| $a_12 = { 558bec83ec10ff750c8d4df0e87a50ff } | |
| $a_13 = { 558bec8b4508568d34c520464200833e } | |
| $a_14 = { 558beca1d45a4200803840ff750c7510 } | |
| $a_15 = { 558bec83ec14a1988842008b4d086bc0 } | |
| $a_16 = { 558bec5356576a006a0068834c400051 } | |
| $a_17 = { 558bec81ec28030000a1d040420033c5 } | |
| $a_18 = { 558bec83ec18a1d04042008365e8008d } | |
| $a_19 = { 558bec83ec106a008d4df0e80c83ffff } | |
| $a_20 = { 558bec6857010000ff7508e84c6e0000 } | |
| $a_21 = { 558bec83ec10a1d04042008365f80083 } | |
| $a_22 = { 558bec833d44594200007518e83b1e00 } | |
| $a_23 = { 558bec8b4508a3445b42005dc38bff55 } | |
| $a_24 = { 558becff750c6a04ff7508e8ba6e0000 } | |
| $a_25 = { 558bec5151a1d45a42008a005333db56 } | |
| $a_26 = { 558bec8b450883f8fe7518e80940ffff } | |
| $a_27 = { 558bec8bc18b4d08c7006801420085c9 } | |
| $a_28 = { 558bec83ec188b15d45a42000fbe0253 } | |
| $a_29 = { 558becff750851e87523000059595dc2 } | |
| $a_30 = { 558bece8f52b000085c075056a0c585d } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Somhoveran_cbba2b29d48d78ef7da661901cb110ca327f8697b0c1c932f6b12caa40b60aa2 { | |
| strings: | |
| $a_2 = { 558bec51485568401cfb0bf02f8064ff } | |
| $a_3 = { 558babc41330011ff859cac874927704 } | |
| condition: | |
| 2 of them | |
| } | |
| rule RansomWin32Sorikrypt_37677c296d473e545837acd1cbabfad05c12b285227a04cb826fd0ad96d50c28 { | |
| strings: | |
| $a_2 = { 558bec83c4f868000000f06a016a006a } | |
| $a_3 = { 558bec6a00ff3566774000ff7520ff75 } | |
| $a_4 = { 558bec83c4bc817d0c110100000f857e } | |
| $a_5 = { 558bec83c4e46a016a006a006a008d45 } | |
| $a_6 = { 558bec5756538b75088b068b560433db } | |
| $a_7 = { 558becd16d0cd16d088b450829450c8b } | |
| $a_8 = { 558bec60bbb96d40008b75088bfe33d2 } | |
| $a_9 = { 558bec83c4a4c745d030000000c745d4 } | |
| $a_10 = { 558bec83c4fc538945fc83f8ff7514bf } | |
| $a_11 = { 558bec83c4fc6800020000685e754000 } | |
| $a_12 = { 558bec83c4f88d45fc508d45f8506a00 } | |
| $a_13 = { 558bec83c4f0536a026a0e6a00e8cf05 } | |
| $a_14 = { 558bec5756538b75088b068b5604bbb9 } | |
| $a_15 = { 558bec83c4e8b910000000bff96d4000 } | |
| $a_16 = { 558bec8b45088b088b50040fc90fca89 } | |
| $a_17 = { 558bec81ec440100008d85bcfeffff50 } | |
| $a_18 = { 558becff75086819704000e8c6150000 } | |
| condition: | |
| 14 of them | |
| } | |
| rule RansomWin32Spora_5e7ef8713bb2b57757959620b0a7bf4917f614254855493fde12eee9c72d3ae2 { | |
| strings: | |
| $a_2 = { 558b2c0e1bae64a4d6e3bcb17eaace47 } | |
| condition: | |
| 2 of them | |
| } | |
| rule RansomWin32Stampado_f4af76d1938f74c8479dcb7a3aea6b51d030f3b2305b67e1527f4dce47c79d0c { | |
| strings: | |
| $a_2 = { 558bec51568b750883fefe7515e872ac } | |
| $a_3 = { 558becff7508b968324100e810feffff } | |
| $a_4 = { 558bec83ec488d45b850ff1560c04000 } | |
| $a_5 = { 558bec807d08007512e821030000e873 } | |
| $a_6 = { 558b582ddf26322da476bbc321f5970a } | |
| $a_7 = { 558bec8b450883c02050ff1578c04000 } | |
| $a_8 = { 558bec568b750885f67515e82fbaffff } | |
| $a_9 = { 558b1c9d78c140005668000800006a00 } | |
| $a_10 = { 558b7b732112e10c02d45450f7f43e8b } | |
| $a_11 = { 558b85028a9267f3f32933518a45117c } | |
| $a_12 = { 558bec568b750885f6742081fe50db40 } | |
| $a_13 = { 558bec5de9f3faffff6a0868f00f4100 } | |
| $a_14 = { 558bea0cc744e5688c44ea6452c7072c } | |
| $a_15 = { 558bec8b4d0885c9741681f950db4000 } | |
| $a_16 = { 558bec5151568b75085756e808d0ffff } | |
| $a_17 = { 558bec51568b750883fefe750de82fc6 } | |
| $a_18 = { 558bec535657556a006a0068682b4000 } | |
| $a_19 = { 558becff7508b9f82d4100e830230000 } | |
| $a_20 = { 558bec6a00ff1538c04000ff7508ff15 } | |
| $a_21 = { 558bece8a705000085c0740f807d0800 } | |
| $a_22 = { 558bec56e8460b00008b55088bf06a00 } | |
| $a_23 = { 558bec56578b7d0857e84ac1ffff5983 } | |
| $a_24 = { 558becff7508b964324100e8bdffffff } | |
| $a_25 = { 558bec566830c240006828c240006830 } | |
| $a_26 = { 558bec8b450883c02050ff1574c04000 } | |
| $a_27 = { 558bec5356576a0052689227400051e8 } | |
| $a_28 = { 558bec83ec10ff750c8d4df0e81dbfff } | |
| $a_29 = { 558bec81ec2403000053566a17e80b8a } | |
| $a_30 = { 558bec8b4d0883f9fe7515e89beaffff } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Takabum_a0d53484fccdd511ea64e630723f6292868b99738beb808c2783f149d9e2e44b { | |
| strings: | |
| $a_2 = { 558bec83c4f45357566a0089142433d2 } | |
| $a_3 = { 558bec83c4fc51535257568b75088734 } | |
| $a_4 = { 558bec81c4dcfeffff51525357565350 } | |
| $a_5 = { 558bec535657526a0089342433f60b75 } | |
| $a_6 = { 558bec83c4f85051525356578b9b5091 } | |
| $a_7 = { 558bec83c4fc5152ff4d08034d08512b } | |
| $a_8 = { 558bec51526a00893c2433ff0bfa8bc7 } | |
| $a_9 = { 558bec83c4f4526a0089042433c00345 } | |
| $a_10 = { 558bec83c4fc50515256563134245e6a } | |
| $a_11 = { 558be803ea8bc55d837dfc6473136a00 } | |
| condition: | |
| 9 of them | |
| } | |
| rule RansomWin32Teerac_750695204903efa2442c3fdd6873bf079722ed20d559cd128cd129baa403cdc5 { | |
| strings: | |
| $a_2 = { 558b84feec66898797c8db95fc5a8de5 } | |
| $a_3 = { 5589e588c0ecdbde54ea135774a0a416 } | |
| $a_4 = { 558bb5e82b3fd62fa9a7a340e29f93a9 } | |
| $a_5 = { 558b2ab1810ddd3cf28e40cb3c28f25f } | |
| $a_6 = { 558b8743a903c1998c978b13ea4137db } | |
| $a_7 = { 558b3115bb33b98c0d58d3973f96c7cf } | |
| $a_8 = { 558b592e9def6b73115b034f04eb4423 } | |
| $a_9 = { 558b44a8f4ad9e9a6c3db0f4c91b2a2a } | |
| condition: | |
| 7 of them | |
| } | |
| rule RansomWin32Tescrypt_19c876c7274fa5924d21ec94f597da11e9fc3856cc7347a5d71fd979733da1ed { | |
| strings: | |
| $a_2 = { 558beca1d8f041008b0d88f041008b15 } | |
| $a_3 = { 558b0373246e8480cc20c36c038d9072 } | |
| $a_4 = { 558b7580694c8443c0c7504d4024f880 } | |
| $a_5 = { 558beca1b8f041008b0de4f041008b15 } | |
| $a_6 = { 558b50ff03eb050cc03000150c1500c0 } | |
| $a_7 = { 558bec6aff6868c041006813cf400064 } | |
| $a_8 = { 558b6c5350446e89404541455fc0150f } | |
| $a_9 = { 558b014975cc89543beb530505447084 } | |
| $a_10 = { 558b9028064c55056f0f756540722410 } | |
| $a_11 = { 558beca198f041008b0dd0f041002bc1 } | |
| $a_12 = { 558b8965559010c36c4c065f4c437248 } | |
| $a_13 = { 558beca1c4f041008b0d84f041008b15 } | |
| $a_14 = { 558bc7031543fc4d0589c37403049083 } | |
| $a_15 = { 558b660004447555707065e801757466 } | |
| $a_16 = { 558b44eb08c0836f8569f81543c32075 } | |
| $a_17 = { 558b0824f80030032841895008688580 } | |
| $a_18 = { 558b0672ff01f86690444344ff757424 } | |
| $a_19 = { 558beb503375e8207230033b53c30f28 } | |
| $a_20 = { 558b83086e616c060670fe858480050c } | |
| $a_21 = { 558b0054c0836e404973c76920308445 } | |
| $a_22 = { 558bccfe454472c061668933458d4100 } | |
| $a_23 = { 558bec83ec2c535657c745ec3c030000 } | |
| $a_24 = { 558b15246e4d85006902fc8d69530644 } | |
| $a_25 = { 558b030c6e40e8fe1049e841724cc35f } | |
| $a_26 = { 558b0c06087384480050066effc3c0c0 } | |
| $a_27 = { 558b457244848b737348558404617274 } | |
| $a_28 = { 558b6f4d4106896f8555c369fe0f080c } | |
| $a_29 = { 558b3090105306700489734490044133 } | |
| $a_30 = { 558b666e5444496e897448848b20c7fe } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Tibbar_b55f4b75ae20bf5e5aee3c4fc8a702449af4f415328e4045e60402116f9f1b27 { | |
| strings: | |
| $a_2 = { 558bec8b450885c0741a8b481c85c974 } | |
| $a_3 = { 558bec837d0c00750433c0eb11ff7510 } | |
| $a_4 = { 558bec565733ff57576a025757680000 } | |
| $a_5 = { 558bec81ec30060000a10080180133c5 } | |
| $a_6 = { 558bec8b450885c074608b481c85c974 } | |
| $a_7 = { 558becff750ce8a1e2ffff595dc3558b } | |
| $a_8 = { 558bec8b450c0faf451050e8b5e2ffff } | |
| $a_9 = { 558bec81ec28030000a320811801890d } | |
| $a_10 = { 558becb8ac120000e893030000a10080 } | |
| $a_11 = { 558bec8b4508c7404c88401801c74054 } | |
| $a_12 = { 558bec8b451053565785c07476803831 } | |
| $a_13 = { 558bec83ec08535633f656566a03566a } | |
| $a_14 = { 558bec5356578b7d0885ff74608b5f1c } | |
| condition: | |
| 11 of them | |
| } | |
| rule RansomWin32Tobfy_df22f7099377b4fc9451d67d4f6b6512d42d2e1b0d429fb6f85d772a89dee450 { | |
| strings: | |
| $a_2 = { 558bec83ec0c681612400064a1000000 } | |
| $a_3 = { 558bec6a0858e87cabffff6881574000 } | |
| $a_4 = { 558b0dcc804000c704010a80526a6a04 } | |
| $a_5 = { 558bec5151681612400064a100000000 } | |
| $a_6 = { 558bec6a1858e8c8baffff8b45088945 } | |
| $a_7 = { 558bece8020000005dc3558bec515168 } | |
| $a_8 = { 558bec6a4858e84ebdffffa140844000 } | |
| $a_9 = { 558becb8ab761a74f7d8b9baf77c3f83 } | |
| condition: | |
| 7 of them | |
| } | |
| rule RansomWin32Tocrypt_c6df77b7b5ceee3a02b484b4a435b02e004e3c03b7394cafd56917ecee21441c { | |
| strings: | |
| $a_2 = { 558bffd3fd8b5d2f79556ca74756659f } | |
| $a_3 = { 558b7db400af86d48b754ebdc4301a01 } | |
| $a_4 = { 558b4d942a998b0c9e83c3267c36d8fe } | |
| $a_5 = { 558b01c5e8680534941036998fe8c198 } | |
| $a_6 = { 558b063b1401d87f8a3b248b3f148b44 } | |
| $a_7 = { 558b1d759c08df4b0c3f79e301752cbf } | |
| $a_8 = { 558b038d7d21ac2602f089de83e79a2c } | |
| $a_9 = { 558b10cf29aa6340082313c2060e3914 } | |
| $a_10 = { 558bd58c38700941e13ef40697d002d5 } | |
| $a_11 = { 558b45d421104e91dd27a4e189dd8bcd } | |
| $a_12 = { 558bc5c364fd20998a80b6fb64052212 } | |
| $a_13 = { 558b394551ef9c51a7c8fdf9464c32f2 } | |
| $a_14 = { 558b6d8c29f12fff4105a06c14fc0e83 } | |
| $a_15 = { 5589e527450c700b1f9f179c20fef901 } | |
| condition: | |
| 12 of them | |
| } | |
| rule RansomWin32Tovicrypt_0e79dcf2add1506f45eab299e906ddd76406e1934664b79d4dd37ee8b7a26b61 { | |
| strings: | |
| $a_2 = { 558bec5068970c4000ff74240c683041 } | |
| $a_3 = { 558bec83e4f86aff68503c4100e8aee1 } | |
| $a_4 = { 558bec33c06afd6af26890364000e80b } | |
| $a_5 = { 558bec83e4f881ec57384100a1793741 } | |
| $a_6 = { 558bec682803400068410840006898e7 } | |
| $a_7 = { 558bec83c4fc8b55088b126a0252c1ea } | |
| $a_8 = { 558bec83e4f881ec49384100a1653241 } | |
| $a_9 = { 558bec6a69681f060000e87ab3ffff52 } | |
| $a_10 = { 558bec526ac3e814000000000000558b } | |
| $a_11 = { 558bec83e4f881ec3d334100a1dd3641 } | |
| $a_12 = { 558bec83c4fc5268450a4000685d7b40 } | |
| $a_13 = { 558bec83ec305756520975e4ff75dc83 } | |
| $a_14 = { 558bec83e4f86aff6821334100e8eea2 } | |
| $a_15 = { 558bec83ec30515383f9c874022bcb03 } | |
| $a_16 = { 558be6ebb652e21405b1b142ed26e614 } | |
| $a_17 = { 558bec83e4f881ec51354100a1fa3041 } | |
| $a_18 = { 558b086a006a543b432c0f86aa2b0000 } | |
| $a_19 = { 558b0e6a0356ff51548b761451ffb424 } | |
| $a_20 = { 558bec33c068890e4000ff74240c6827 } | |
| $a_21 = { 558bec83e4f881ec18344100a1f43541 } | |
| $a_22 = { 558b41108d4110568bf1e856310000f6 } | |
| $a_23 = { 558bec50310424310c246a36ff74240c } | |
| $a_24 = { 558b6b14578bfd568b742410526a4b56 } | |
| $a_25 = { 558b4de00955dc5785f9730203ca83c4 } | |
| $a_26 = { 558bec83e4f881ec93374100a0381104 } | |
| $a_27 = { 558bec6aff680a3141008d64241058c2 } | |
| $a_28 = { 558bec83e4f86aff685936410064a100 } | |
| $a_29 = { 558bec83e4f881ec1f374100a0381104 } | |
| $a_30 = { 558bec83e4f881ec1b3d4100a1e93841 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Troldesh_854c2b822c8c56da5beda3e354051bd235114879329c7492c0781c05e5b8e09e { | |
| strings: | |
| $a_2 = { 558b52f6cf1e4444769f7359dd21f137 } | |
| $a_3 = { 558bec8b450c508b4d0851e800feffff } | |
| $a_4 = { 558bf4f4f4f4f4f4f4f4f4f4f4f4f4f4 } | |
| $a_5 = { 558bec83ec588b450c8945fcc645bb18 } | |
| $a_6 = { 558bec81ec90020000a138604f008945 } | |
| $a_7 = { 558b0fb5e938c741d7cbf2b8f1e6789a } | |
| $a_8 = { 558bec81ecb0010000c645d972a10c64 } | |
| $a_9 = { 558b4145c31dab3c401a69e9cc8a696a } | |
| $a_10 = { 558bf0bfa5bb9ea06fbee19756461ba3 } | |
| $a_11 = { 558b06574dd344d5cf12e743296a6f48 } | |
| $a_12 = { 558bec568bf68b25dc3452008bf65dff } | |
| $a_13 = { 558b294404be11450cc4e93e00000000 } | |
| $a_14 = { 558bec81ec48050000a12c3552008945 } | |
| $a_15 = { 558b61cd41493d35c40628db10fc72fc } | |
| $a_16 = { 558bec83ec5c8b45088945fc8b4d0c89 } | |
| $a_17 = { 558becea40442d9cc7940cd40d87a63c } | |
| $a_18 = { 558b5d6f13573381acaa115a3274bd0c } | |
| $a_19 = { 558b5dd9d3b38a2fa369470db6f07c35 } | |
| $a_20 = { 558bec83ec18c745f002000000c705d8 } | |
| $a_21 = { 558bec83ec18c745fc40000000c745f4 } | |
| $a_22 = { 558bec83ec08a1283552008945f88b0d } | |
| $a_23 = { 558b4a1415a71e680000000000000000 } | |
| $a_24 = { 558bec81ec80010000c745f800000000 } | |
| $a_25 = { 558b729d2d904df9d2e069ad6efd0108 } | |
| $a_26 = { 558b386a8821b77c4771d3ff3a8d938c } | |
| $a_27 = { 558b177f521d5e14539fdf6cb5ba983c } | |
| $a_28 = { 558bec83ec7457c745d400000000687c } | |
| condition: | |
| 22 of them | |
| } | |
| rule RansomWin32Urausy_f21c2890dd6b9b4a021a5c24d3b657862791f4fe91105cc909c1569ac5ad0f95 { | |
| strings: | |
| $a_2 = { 558bec8b45086a0050ff15405041005d } | |
| $a_3 = { 558bec8b4508b9005241003bc1721f3d } | |
| $a_4 = { 558bec56fc8b750c8b4e0833cee8d020 } | |
| $a_5 = { 558bec81ec1c050000a16050410033c5 } | |
| $a_6 = { 558bec83ec10eb0dff7508e89f1e0000 } | |
| $a_7 = { 558bec8b450883f8fe750fe85fbeffff } | |
| $a_8 = { 558bec8b4508a3dc0c4200a3e00c4200 } | |
| $a_9 = { 558bec8bc18b4d08c700bc1441008b09 } | |
| $a_10 = { 558bec568b7508b8005241003bf07222 } | |
| $a_11 = { 558bec56e85d50ffff8b75083bb09800 } | |
| $a_12 = { 558bec53568b358c104100578b7d0857 } | |
| $a_13 = { 558bec8b450883c1095183c00950e8cc } | |
| $a_14 = { 558bec83ec4c568d45b450ff15cc1041 } | |
| $a_15 = { 558bec535657556a006a0068e8864000 } | |
| $a_16 = { 558bec83ec0c5356ff15141141008bd8 } | |
| $a_17 = { 558bec5356576a0052687657400051e8 } | |
| $a_18 = { 558bec51833d545e4100fe7505e8422f } | |
| $a_19 = { 558bec568bf1c70650374100e81b1eff } | |
| $a_20 = { 558bec83ec10a16050410033c58945fc } | |
| $a_21 = { 558becff3590034200ff15e410410085 } | |
| $a_22 = { 558bec6afe68183c410068e01c400064 } | |
| $a_23 = { 558bec83ec10ff750c8d4df0e8b8a6ff } | |
| $a_24 = { 558bec565733f6ff750cff7508e81824 } | |
| $a_25 = { 558bec83ec10ff750c8d4df0e881b3ff } | |
| $a_26 = { 558bec8b4508ff34c5785c4100ff15f0 } | |
| $a_27 = { 558bec68ac154100ff156c10410085c0 } | |
| $a_28 = { 558bec8b450885c07515e80abeffffc7 } | |
| $a_29 = { 558becff05980342006800100000e8cd } | |
| $a_30 = { 558bec83ec18a1605041008365e8008d } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Vaultcrypt_c85c78a48bf98568ef707b685661a7fdfb824d35e74b16729e6571d1e3be3d35 { | |
| strings: | |
| $a_2 = { 558bec6aff686087400068047a400064 } | |
| $a_3 = { 558bdda85c2ef7d78847d26c5f8b9dfe } | |
| $a_4 = { 558bec6aff68207e400064a100000000 } | |
| condition: | |
| 3 of them | |
| } | |
| rule RansomWin32Wadhrama_370e46dc3d13b95e219043efa225a09e19772930687c60d4137261cc1210e372 { | |
| strings: | |
| $a_2 = { 558bec518b45088945fcba010000008b } | |
| $a_3 = { 558bec81ec080100008b4518508b4d14 } | |
| $a_4 = { 558bec8b45080faf450c506a088b0dd0 } | |
| $a_5 = { 558bec83ec088b450c50e87143000083 } | |
| $a_6 = { 558bec518b45080fbf4806394d0c7e4c } | |
| $a_7 = { 558bec51c745fc0000000068b88a4100 } | |
| $a_8 = { 558bec83ec30c745d0000000008b450c } | |
| $a_9 = { 558bec83ec108b450c9983e20f03c2c1 } | |
| $a_10 = { 558bec8b450850ff151cb040005dc3cc } | |
| $a_11 = { 558bec83ec2cc745f000000000c745fc } | |
| $a_12 = { 558bec6affe846f9ffff5dc3cccccccc } | |
| $a_13 = { 558bec83ec30c745e4000000008b4508 } | |
| $a_14 = { 558bec81ec880000006a016880000000 } | |
| $a_15 = { 558bec8b4508506a008b0dd08a410051 } | |
| $a_16 = { 558bec518b450c8945fc8b4d0883f1ff } | |
| $a_17 = { 558bec83ec2c8b45088945d46a026880 } | |
| $a_18 = { 558bec516a286a01e8432c000083c408 } | |
| $a_19 = { 558bec83ec28c745fc000000008b4508 } | |
| $a_20 = { 558bec83ec546a108b450805e4010000 } | |
| $a_21 = { 558bec83ec148b451483e8018945f88b } | |
| $a_22 = { 558bec83ec20c745e00000000068feff } | |
| $a_23 = { 558bec6800200000e8c347000083c404 } | |
| $a_24 = { 558bec81ec64020000c785a0fdffff00 } | |
| $a_25 = { 558bec51c745fcff0000000fb645fc33 } | |
| $a_26 = { 558bec83ec10c745f0000000006a006a } | |
| $a_27 = { 558bec51c745fc000000006a208b4508 } | |
| $a_28 = { 558bec83ec186a0268800000006880e0 } | |
| $a_29 = { 558bec83ec0cc745f800000000e8bee5 } | |
| $a_30 = { 558bec6a008b450850ff1508b04000f7 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Wagcrypt_a682165ddf6f873b9c0125038b27d6141198378ef2f8e2f8c31b8f177fc1087e { | |
| strings: | |
| $a_2 = { 558becf6450801568bf1c70624bf4200 } | |
| $a_3 = { 558bec535657ff7510e87c42ffff59e8 } | |
| $a_4 = { 558becff7508682cde4300e85e000000 } | |
| $a_5 = { 558bece8647300008b4d088948185dc3 } | |
| $a_6 = { 558bec538b5d0833c95733c08d3c9d00 } | |
| $a_7 = { 558bec5151a1bc91430033c58945fc53 } | |
| $a_8 = { 558bec51e8953c00008b484c894dfc8d } | |
| $a_9 = { 558bec8b450883c02050ff152cb14200 } | |
| $a_10 = { 558becb818140000e8fb14ffffa1bc91 } | |
| $a_11 = { 558bec83ec10837d08007514e80cf5fe } | |
| $a_12 = { 558bec6aff6814a0420064a100000000 } | |
| $a_13 = { 558bec83ec10ff750c8d4df0e827feff } | |
| $a_14 = { 558bec81ec0c010000a1bc91430033c5 } | |
| $a_15 = { 558becff75086a00ff7104ff1500b142 } | |
| $a_16 = { 558bec568bf1ff36e85a2b00008b5508 } | |
| $a_17 = { 558bec8b45088b003b0524de43007407 } | |
| $a_18 = { 558bec6aff686ca1420064a100000000 } | |
| $a_19 = { 558bec51568b750883fefe7515e84fa4 } | |
| $a_20 = { 558bec6aff68de9f420064a100000000 } | |
| $a_21 = { 558bec81ec1c010000a1bc91430033c5 } | |
| $a_22 = { 558bec81ec2403000053566a17e80aa2 } | |
| $a_23 = { 558bec83ec2853565733dbc645ff0053 } | |
| $a_24 = { 558bec51568b750883fefe750de8c67d } | |
| $a_25 = { 558bec83ec10ff75088d4df0e88344ff } | |
| $a_26 = { 558bec6a00ff1570b14200ff7508ff15 } | |
| $a_27 = { 558bec81ecd0010000a1bc91430033c5 } | |
| $a_28 = { 558bec8b4d0885c97515e867ddffffc7 } | |
| $a_29 = { 558bec8b4d0c568b7508890ee8602700 } | |
| $a_30 = { 558bec5de97dfeffff6a0c6898734300 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32WannaCrypt_9a8f0648c1e56159d59518653548d5bc8dc549bbb23d46fec4103f0157183072 { | |
| strings: | |
| $a_2 = { 558bec568bf157837e0800742b8d7e10 } | |
| $a_3 = { 558bec83ec3453568bf157807e040075 } | |
| $a_4 = { 558bec6aff68e081400068f476400064 } | |
| $a_5 = { 558b207a101c9447fbfa6642076f2f70 } | |
| $a_6 = { 558bec53568b355c804000576a00ff75 } | |
| $a_7 = { 558b10e6a673b3aba6730a01873e13e1 } | |
| $a_8 = { 558bec6aff68a0a1400068a29b400064 } | |
| $a_9 = { 558bec83ec0c568b7508576a018b068b } | |
| $a_10 = { 558bec81ec9801000066a174f8400053 } | |
| $a_11 = { 558b6c2414568b742414575568781243 } | |
| $a_12 = { 558b14797ab46e96e2755c9b5759b9dc } | |
| $a_13 = { 558bec81ecd8040000668b1574f84000 } | |
| $a_14 = { 558bec81ecdc02000056576a05be4ce0 } | |
| $a_15 = { 558be6e2efcea72438ad5e6d6c14d87b } | |
| $a_16 = { 558ba1dd62551dab34793d930937fa15 } | |
| $a_17 = { 558bec8b450c53568b580885db75086a } | |
| $a_18 = { 558bce94bb5d9ca2aaca08bef9c295ce } | |
| $a_19 = { 558bec518b450833d253568b48048b00 } | |
| $a_20 = { 558b9ec749e970970c0a46c8324f8ca8 } | |
| $a_21 = { 558bec83ec28578bf9897de4807f0400 } | |
| $a_22 = { 558bd2640c6cda0f02193c3750b0d689 } | |
| $a_23 = { 558b1bbbaf2ae204af368bf41198ac42 } | |
| $a_24 = { 558bec83ec1c538b5d0856578b030fb7 } | |
| $a_25 = { 558bec81ec08020000a010f940005788 } | |
| $a_26 = { 558bec518d45fc5650ff7508e8b7ffff } | |
| $a_27 = { 558bec83ec5456576a1033c0598d7db0 } | |
| $a_28 = { 558b578eb39d0d7bf3a9dff4c1a75d2f } | |
| $a_29 = { 558bf909952a7a05c5f8528075b848ce } | |
| $a_30 = { 558bd785cf7179447b4bccd74e3db6d1 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Weelsof_381828786de04a649c8d8d20133db0868b514657b945fd0b482d13fb5019a502 { | |
| strings: | |
| $a_2 = { 558b2d14004200ffd58b3dfc3d42008b } | |
| condition: | |
| 2 of them | |
| } | |
| rule RansomWin32Weenloc_5a277a5922aed5d45059a8aad0a3fe97f58321c614fc22214b7159df3c94e769 { | |
| strings: | |
| $a_2 = { 558b780a828db276aca01b16c397cc8c } | |
| $a_3 = { 558bec51485568401c8064ff32648922 } | |
| condition: | |
| 2 of them | |
| } | |
| rule RansomWin32WinPlock_1aba4416d433618ac1d3378e960593220c96b8e84d56bd5f639885db50f4ed67 { | |
| strings: | |
| $a_2 = { 558bec8b450c535650e882eeffff83c4 } | |
| $a_3 = { 558bac248c000000034d048b550c5657 } | |
| $a_4 = { 558bac2424010000578b3d0c1040008d } | |
| $a_5 = { 558bd25d7a0555660bf65d78046683c3 } | |
| $a_6 = { 558be95d5df50aed575656465e5e5fe8 } | |
| $a_7 = { 558bec510fbe050210400033d233c903 } | |
| condition: | |
| 6 of them | |
| } | |
| rule RansomWin32Wyhymyz_958a9ad02b4299e5d5d02ad1bfd3e58c67f42575ce10b4e826b889f6c5a5f46c { | |
| strings: | |
| $a_2 = { 558bec51535657ff750833f6e8990000 } | |
| $a_3 = { 558bec8b450833c98bd085c0740d0faf } | |
| $a_4 = { 558bec81ecc806000033d2538b5d0856 } | |
| $a_5 = { 558bec81ec1401000056be140100008d } | |
| $a_6 = { 558bec8b4d0833c085c9741033d24066 } | |
| $a_7 = { 558bec535657ff750ce8d4ffffffff75 } | |
| $a_8 = { 558bec568b750c56e8210000005985c0 } | |
| $a_9 = { 558bec5151833dd0da4500015356576a } | |
| $a_10 = { 558bec83ec3c8d45fcc745f832000000 } | |
| $a_11 = { 558bec568b750856e8dbffffff33d259 } | |
| $a_12 = { 558bec83ec4453565733ffbe38a94000 } | |
| $a_13 = { 558bec538b5d08565733ff538bf7e8ca } | |
| $a_14 = { 558bec5153568b75085756e818010000 } | |
| $a_15 = { 558bec5153568b75085756e86f000000 } | |
| $a_16 = { 558bec81ece80d0000535657660f6f05 } | |
| $a_17 = { 558bec8b4d0833c04080790100740740 } | |
| $a_18 = { 558bec81ec800200005356578d45f8c7 } | |
| $a_19 = { 558bec83ec0c56578b7d0833f68b473c } | |
| $a_20 = { 558bec81ecb80f0000565768e8030000 } | |
| $a_21 = { 558bec515153566a0468001000006888 } | |
| $a_22 = { 558bec81ec18060000a11c6340005356 } | |
| $a_23 = { 558bec81eca80100008d458453566a10 } | |
| $a_24 = { 558bec8b4d088d419f83f8198d41e076 } | |
| $a_25 = { 558bec81ecd0070000535657e8760300 } | |
| $a_26 = { 558bec5151535657ff750ce8a1ffffff } | |
| $a_27 = { 558bec83ec0c53565768105a4000ff15 } | |
| $a_28 = { 558bec81ec340a000053565768200300 } | |
| $a_29 = { 558bec81ec240d0000535657be4c0400 } | |
| $a_30 = { 558bec53ff750c33dbe82b0000005985 } | |
| condition: | |
| 24 of them | |
| } | |
| rule RansomWin32Ysakrypt_4a0788e20368ef16218661b04b8af9894c2eff93a38226c8bfa9642dc0d4fe09 { | |
| strings: | |
| $a_2 = { 558bfa216d14a3dd8fb05df1fb452e3b } | |
| $a_3 = { 558b550a48774782ffffffff00e298d2 } | |
| $a_4 = { 558bec5de91808f01083ec18b9fffdde } | |
| $a_5 = { 558b6a84f5a400eab06622b75dc2589f } | |
| $a_6 = { 558b7ffc0a8f0f3d3aa66245dee4a26e } | |
| condition: | |
| 5 of them | |
| } | |
| rule RansomWin32ZCryptor_ca3d1aa0a05c8d7732de77e473a1bd4d79a54a045b649ee1905ecd48175d291f { | |
| strings: | |
| $a_2 = { 558bd9e2bd0b6bbc773d9e8ae6c3ee88 } | |
| $a_3 = { 558b67b4c2c69112f0d20978898a1a64 } | |
| $a_4 = { 558b6e7b7e1a188419d05f5b6ef581b5 } | |
| $a_5 = { 558be86be590b99cc915c0f73cab2d3a } | |
| $a_6 = { 558b4e19a6aff28f9e2ce3a866109ec5 } | |
| $a_7 = { 558bf2e6fc861301bdbd641c2d60b03f } | |
| $a_8 = { 558b2f907e18497c6dd9fa546abafdf4 } | |
| $a_9 = { 558b526bc92339ea4ee5ddf617807478 } | |
| $a_10 = { 558b240a505e7904069a40c855c98b49 } | |
| $a_11 = { 558b0dd43cf38af6bf121676bbe354dc } | |
| $a_12 = { 558b187edd0fecee31e3f1ebca9fa23b } | |
| condition: | |
| 10 of them | |
| } | |
| rule RansomWin32Zuresq_d41cc64f14de55ae74be7afaff27d2601c3068acd094562e7b08cecf23dd0fcf { | |
| strings: | |
| $a_2 = { 558bad2d97c90d427e85a84ec63a702a } | |
| $a_3 = { 558bca174739ab3604c94b2b80fc3bab } | |
| condition: | |
| 2 of them | |
| } | |
| rule RansomWin64Satwancrypt_fc24fbd14e942bbccfb0ad90cd1d37f38aaa59ced82a9926c81c4e083ccb8c32 { | |
| strings: | |
| $a_2 = { 558b4207dfd88e67129d9e58303945ec } | |
| $a_3 = { 558b65f1d32660c87415d53f5d05d22d } | |
| condition: | |
| 2 of them | |
| } | |
| rule SpammerWin32Clodpuntor_5e2997f86bd5829ee7a9a3c1d5850805b69a13b5386b1bf7d4c891c950679f79 { | |
| strings: | |
| $a_2 = { 5589e58b550889f08b0083c604c9c204 } | |
| $a_3 = { 5589e529c00588b137322d8837373289 } | |
| condition: | |
| 2 of them | |
| } | |
| rule SpammerWin32Cutwail_40099394e89c6cc6792835a34e08e5169d298730ac5b4b24196e8beaa23fdb78 { | |
| strings: | |
| $a_2 = { 558bac24cc0100005657558bf1e873d7 } | |
| $a_3 = { 558bec6aff68a11a410064a100000000 } | |
| $a_4 = { 558bcbe807fbffff85ed766d8b4f18b8 } | |
| $a_5 = { 558b6c240c8a450088038b4d04894b04 } | |
| $a_6 = { 558bec53565766608b75088b7d0c8b5d } | |
| $a_7 = { 558b6c2410837d000056742233f68d64 } | |
| $a_8 = { 558bac24640d00005657558bf1e8e3d6 } | |
| $a_9 = { 558b6c2408568bf1396e14577305e858 } | |
| $a_10 = { 558b6c241485ed0f8481000000807d00 } | |
| $a_11 = { 558be9898424f0030000c74500942241 } | |
| $a_12 = { 558bec6aff68202441006828d0400064 } | |
| $a_13 = { 558b2d58214100682025410052ffd585 } | |
| $a_14 = { 558bcbe842f1ffff8b166a018bce8bf8 } | |
| $a_15 = { 558bcbe80bfaffff85ed7668837b1810 } | |
| $a_16 = { 558bec83e4f881ec3c070000a1305641 } | |
| $a_17 = { 558b6c24288b4d0456578d4424105033 } | |
| $a_18 = { 558b6c24145553e812fcffff83c4086a } | |
| $a_19 = { 558b2d58214100681c24410056ffd585 } | |
| $a_20 = { 558b2ddc204100565768e0930400ffd3 } | |
| $a_21 = { 558bec6aff68811a410064a100000000 } | |
| $a_22 = { 558bf86801001f00d1ffff15d8204100 } | |
| $a_23 = { 558bec83e4f881ec0c060000a1305641 } | |
| $a_24 = { 558bec6aff68201a410064a100000000 } | |
| $a_25 = { 558b6c240885ed56578bf10f8e8f0000 } | |
| $a_26 = { 558bcbe8b9faffff566a008bcbe8affa } | |
| $a_27 = { 558b6c240885ed57745c8b44241085c0 } | |
| $a_28 = { 558be98a881906000084c956744c6a1b } | |
| $a_29 = { 558bec83e4f881ec1c0c000053568b75 } | |
| $a_30 = { 558b6c241883fdfe76078bcbe8499700 } | |
| condition: | |
| 24 of them | |
| } | |
| rule SpammerWin32Delf_e3f694485066accdf3c71071157d880cfe9200b580447585e0458231499eec0f { | |
| strings: | |
| $a_2 = { 558bec6a0033c055684e19460064ff30 } | |
| $a_3 = { 558bec83c4f4538bd852e8adaeffff89 } | |
| $a_4 = { 558bec33c055681d68400064ff306489 } | |
| $a_5 = { 558becba020000808b8000030000e8f9 } | |
| $a_6 = { 558bec53568bf18bd866a120b8440066 } | |
| $a_7 = { 558bec33c055687d6d420064ff306489 } | |
| $a_8 = { 558bec33c05568fdcf450064ff306489 } | |
| $a_9 = { 558bec5356578bf8a1fca94700e856d0 } | |
| $a_10 = { 558bec51538bd8516a02a120214100b1 } | |
| $a_11 = { 558bec5356bed0a94700a1d4a94700e8 } | |
| $a_12 = { 558bec6a006a005333c05568a8ac4100 } | |
| $a_13 = { 558bec8b45088078fe0075548b450880 } | |
| $a_14 = { 558bec6a005633c05568e79b400064ff } | |
| $a_15 = { 558bec33c98a4d0c8b45088b5510e8ed } | |
| $a_16 = { 558bec6a005356578bd833c055681bd2 } | |
| $a_17 = { 558bec6a00535633c055683d9b400064 } | |
| $a_18 = { 558becb2018b8074030000e8803ffcff } | |
| $a_19 = { 558bec515356578945fc833dfca94700 } | |
| $a_20 = { 558bec33c0556835d0450064ff306489 } | |
| $a_21 = { 558bec33c055684e01410064ff306489 } | |
| $a_22 = { 558bec33c05568a21f430064ff306489 } | |
| $a_23 = { 558bec33c05568c9e4420064ff306489 } | |
| $a_24 = { 558bec83c4d45756538945fca037a747 } | |
| $a_25 = { 558bec33c055689d5f420064ff306489 } | |
| $a_26 = { 558bec538bd88b83080300008b4068ba } | |
| $a_27 = { 558bec33c9515151515133c05568dcab } | |
| $a_28 = { 558bec83c4e46a00515250e814dcfaff } | |
| $a_29 = { 558bd6a12cac4700e8a2320000e8d12f } | |
| $a_30 = { 558bec538bd8ba0f0000808b83000300 } | |
| condition: | |
| 24 of them | |
| } | |
| rule SpammerWin32DirectBlaster_aecd69ad6e7f13f519d504a45959de52da3cd37e00dab4c32d49ff8dd7d7f84c { | |
| strings: | |
| $a_2 = { 558bcee8949cfdff568bcbe888dcffff } | |
| $a_3 = { 558bec81ec90000000535657ff159c34 } | |
| $a_4 = { 558bec6aff6858e6450064a100000000 } | |
| $a_5 = { 558bec6aff68b0c4460068c011430064 } | |
| $a_6 = { 558bec6aff6808e6450064a100000000 } | |
| $a_7 = { 558bcee86af6ffff8d9ee0000000bf9b } | |
| $a_8 = { 558bec83ec14a168d8470083f8ff755c } | |
| $a_9 = { 558bec83ec4456578b7d088bf157e818 } | |
| $a_10 = { 558bec5657ff750cff7508ff15883546 } | |
| $a_11 = { 558bec5356578bf1e808c0feff8b4e68 } | |
| $a_12 = { 558bec518365fc008d45fc506860ca46 } | |
| $a_13 = { 558bec5356be684e48005756ff157c33 } | |
| $a_14 = { 558bec56ff7514e824630000ff7514ff } | |
| $a_15 = { 558bcee8120100005e33c05d83c424c2 } | |
| $a_16 = { 558bec6aff685fcd450064a100000000 } | |
| $a_17 = { 558bec515153568b35c0084800578b56 } | |
| $a_18 = { 558bec83ec1853568b35303646005789 } | |
| $a_19 = { 558bec83ec5856578bf1e8fe3400000f } | |
| $a_20 = { 558bec8b4508533b05403e4800560f83 } | |
| $a_21 = { 558bec83ec3453568d45dc578b3d6436 } | |
| $a_22 = { 558bec833dac4e4800005356750fff75 } | |
| $a_23 = { 558b6c245456578b3d1c31460055ffd7 } | |
| $a_24 = { 558bec83ec1053568bf16a01ff151c35 } | |
| $a_25 = { 558bec83ec3c568bf1578d4dc4e87a70 } | |
| $a_26 = { 558bcee8c1e9ffff85c07406ff86fc02 } | |
| $a_27 = { 558bec515356578bf9e8a17201008bf0 } | |
| $a_28 = { 558bceff52288b4424108bce50e84955 } | |
| $a_29 = { 558bec56576a746a0133ffe829010000 } | |
| $a_30 = { 558bec5657ff75088b3df4344600ffd7 } | |
| condition: | |
| 24 of them | |
| } | |
| rule SpammerWin32Emotet_d0846bdeb892ee54c8c4020fc941e37660bad8ebc741431a493964820d45e027 { | |
| strings: | |
| $a_2 = { 558bcab951e35e45488d203d237d3323 } | |
| $a_3 = { 558bc36c85a83ce8ff4dff680884f54a } | |
| $a_4 = { 558b660fdb5d0469b493f058e39c8d6e } | |
| $a_5 = { 558b5dff1084cc8500ff89f1e8008edb } | |
| $a_6 = { 558b404d0000855c0076a666e6124028 } | |
| $a_7 = { 558bff8bc38900404020150f411d8b02 } | |
| $a_8 = { 558b6f04a1eb7475535342ff89f64500 } | |
| $a_9 = { 558b0f0f8bc9240041c390ffcc890033 } | |
| $a_10 = { 558bc8006af030ff89c0663494075ad4 } | |
| $a_11 = { 558b0800cc4368ff2050b606ff8b6515 } | |
| $a_12 = { 558b33ff6118fbcd2abb7b768b004801 } | |
| $a_13 = { 558b0afff8520148e883deff04681420 } | |
| $a_14 = { 558bcc450f688d5d0800e8333000008b } | |
| $a_15 = { 558b0320d7894d066fff8d0f8b2440c3 } | |
| $a_16 = { 558b44c748834048007c30440f00004c } | |
| $a_17 = { 558b45e0407409e84500000073000045 } | |
| $a_18 = { 558b028b005ec6ffcc24c900f08b0000 } | |
| $a_19 = { 558b483075f6c9f329c494d96486898b } | |
| $a_20 = { 558b8b6a00c7898bf48b08cc05337505 } | |
| $a_21 = { 558b4007c1f021c1ff246851d65aee02 } | |
| $a_22 = { 558b00e8080000ff0048cc3000ffff00 } | |
| $a_23 = { 558bd6040475d66f076bf3518003c620 } | |
| $a_24 = { 558bff005d0200c32403067500850f00 } | |
| $a_25 = { 558b8985d202834685ff75ffe809246a } | |
| $a_26 = { 558bff0283f00000000210ff838b00e8 } | |
| $a_27 = { 558b00040000ff014d6400078a8ba289 } | |
| $a_28 = { 558b76d84e240082c6f6e88374205240 } | |
| $a_29 = { 558b4589ff8b08000010ff08006a0040 } | |
| $a_30 = { 558be81c0fc60ab4ffe85674ba8b2ca3 } | |
| condition: | |
| 24 of them | |
| } | |
| rule SpammerWin32Fifesock_d48a6f21f3061ccb555c035f933b70dbab57dd6c0faa71bc0d2afcde5ad3980d { | |
| strings: | |
| $a_2 = { 558bac2488000000578bf8750e5fb801 } | |
| $a_3 = { 558bc7e8210a344c83c40885c0753668 } | |
| $a_4 = { 558bef4d0f843101000083ed040f8428 } | |
| $a_5 = { 558bfee8210ce2ac8b4c24208b442418 } | |
| $a_6 = { 558bec83ec405356576a048b4510508b } | |
| $a_7 = { 558bf8e82106acfc5589442454e82106 } | |
| $a_8 = { 558bd8568b3333ed896c240c39ae8c02 } | |
| $a_9 = { 558b288b471c5633f68974240ca80275 } | |
| $a_10 = { 558b6c247485ff74188b4424248b108b } | |
| $a_11 = { 558b6c241c57568bf8e8210adf9c83c4 } | |
| $a_12 = { 558b9424c800000033c03b932c010000 } | |
| $a_13 = { 558b6c240c5755e8210d3b3c8bf883c4 } | |
| $a_14 = { 558bec83ec40535657b8010000005f5e } | |
| $a_15 = { 558bec81ec70080000535657c745fc00 } | |
| $a_16 = { 558bec81ec780100005356576a006a00 } | |
| $a_17 = { 558bec8b450c50ff15000e02a083c404 } | |
| $a_18 = { 558b6c240c8bd88b43645733ff397804 } | |
| $a_19 = { 558bec83ec48535657894dfc6a00ff15 } | |
| $a_20 = { 558bec83ec40535657c7050012bc4c00 } | |
| $a_21 = { 558b6c240885ed752268160100006800 } | |
| $a_22 = { 558b2b3d4e010000741c5068000e4e68 } | |
| $a_23 = { 558b6c244433db895c24383beb0f84c1 } | |
| $a_24 = { 558b6c2418565785ed0f842001000080 } | |
| $a_25 = { 558bec6aff6800122fb0680002cb2464 } | |
| $a_26 = { 558b6c242056555268000e2938c74424 } | |
| $a_27 = { 558b6c243855e82106ac6c55e82106ac } | |
| $a_28 = { 558bec83ec445356578d45fc50683f00 } | |
| $a_29 = { 558b6c246456578bf88bf1c744241400 } | |
| $a_30 = { 558bec81ec40040000535657837d0800 } | |
| condition: | |
| 24 of them | |
| } | |
| rule SpammerWin32Hedsen_25ff9484f67b64c103f17aa91d66aaaa682e7a927c2df6d65c4dc70fb8b82af9 { | |
| strings: | |
| $a_2 = { 558bec53568b35c8504100578b7d0857 } | |
| $a_3 = { 558bec5151a128b5410033c58945fca1 } | |
| $a_4 = { 558bec81ec1c050000a128b5410033c5 } | |
| $a_5 = { 558becff3580be4100e812f1ffff5985 } | |
| $a_6 = { 558bec833da8b84100017505e8350800 } | |
| $a_7 = { 558bec5de9471600008bff558bec5153 } | |
| $a_8 = { 558bec83ec1853ff75108d4de8e841cc } | |
| $a_9 = { 558bdba4028856e2a0d4000080008301 } | |
| $a_10 = { 558bec833d90c441000074196890c441 } | |
| $a_11 = { 558bec83ec20a128b5410033c58945fc } | |
| $a_12 = { 558bec8b4508568d34c558ac4100833e } | |
| $a_13 = { 558bec8b4508a384be4100a388be4100 } | |
| $a_14 = { 558bec8b0d40c34100a144c341006bc9 } | |
| $a_15 = { 558bec81ec28030000a128b5410033c5 } | |
| $a_16 = { 558beca110bd410083ec0c53568b35ac } | |
| $a_17 = { 558bec8b450833c93b04cd78ad410074 } | |
| $a_18 = { 558bec83ec10ff75088d4df0e874dbff } | |
| $a_19 = { 558bec83ec34a128b5410033c58945fc } | |
| $a_20 = { 558bec83ec30568b35205141006a6cff } | |
| $a_21 = { 558bec8b4508a328bd41005dc38bff55 } | |
| $a_22 = { 558bec565733f6ff7508e8a7eaffff8b } | |
| $a_23 = { 558bec535657556a006a0068343b4100 } | |
| $a_24 = { 558bec83ec1c568b3510514100578b7d } | |
| $a_25 = { 558bec538b5d08568bf1c706b06d4100 } | |
| $a_26 = { 558bec8b45088b0de4ab410056395004 } | |
| $a_27 = { 558bec83ec0ceb0dff7508e83e1a0000 } | |
| $a_28 = { 558bec5356576a006a00686725410051 } | |
| $a_29 = { 558bec83ec10a128b541008365f80083 } | |
| $a_30 = { 558bec8bc18b4d08c700b06d41008b09 } | |
| condition: | |
| 24 of them | |
| } | |
| rule SpammerWin32Kukunefo_f1bd13d0a52fa19178d6ad97137454272ec8e30dfab8c9882f4b7d42c92ffbe7 { | |
| strings: | |
| $a_2 = { 558bec6aff6852f8001064a100000000 } | |
| $a_3 = { 558bec83ec14894dec8b45ec50ff1508 } | |
| $a_4 = { 558bec81ec8c00000057899574ffffff } | |
| $a_5 = { 558becff1504110010a300d004105dc3 } | |
| $a_6 = { 558bec6aff68a01400106880f6001064 } | |
| $a_7 = { 558bec6aff68101600106880f6001064 } | |
| $a_8 = { 558bec81ec280100008995d8feffff89 } | |
| $a_9 = { 558bec6aff68b01400106880f6001064 } | |
| $a_10 = { 558bec81ec180200008b4508a354c604 } | |
| $a_11 = { 558bec6aff682af8001064a100000000 } | |
| $a_12 = { 558bec51894dfc8b45fc50e8001b0000 } | |
| $a_13 = { 558bec51894dfc68801001108b45fc50 } | |
| $a_14 = { 558bec81eca8000000898d58ffffff6a } | |
| $a_15 = { 558bec81ec180400006a6f68de000000 } | |
| $a_16 = { 558bec83ec0c8855f4894df88b45f889 } | |
| $a_17 = { 558bec51894dfcba6c1701108b4dfce8 } | |
| $a_18 = { 558bec83ec10568955f8894dfc8b4508 } | |
| $a_19 = { 558bec81ec14040000898decfbffff6a } | |
| $a_20 = { 558bec6aff68fbf8001064a100000000 } | |
| $a_21 = { 558bec6aff6866f8001064a100000000 } | |
| $a_22 = { 558bec83ec48894dbcc745d400000000 } | |
| $a_23 = { 558bec6aff68ddf8001064a100000000 } | |
| $a_24 = { 558bec81ec3c01000056578995c4feff } | |
| $a_25 = { 558bec6aff6848f8001064a100000000 } | |
| $a_26 = { 558bec68003000006a006824d50410e8 } | |
| $a_27 = { 558bec6aff6839f9001064a100000000 } | |
| $a_28 = { 558bec6af1ff158410001050ff158010 } | |
| $a_29 = { 558bec83ec088955f8894dfc837d0800 } | |
| $a_30 = { 558bec83ec208955e4894de8c745ec00 } | |
| condition: | |
| 24 of them | |
| } | |
| rule SpammerWin32Mohtersend_964360dfeb7b16a0f5de979300f5f7e552c11d135082c1b98ff7e8db2e69c5a8 { | |
| strings: | |
| $a_2 = { 558bec51538bda8945fca170d90614e8 } | |
| $a_3 = { 558bec515356578955fc33c055684b93 } | |
| $a_4 = { 558bec5356578bf8a168781314e8b6c3 } | |
| $a_5 = { 558bec6a005333c05568d6f0001464ff } | |
| $a_6 = { 558bec33c05568897c0a1464ff306489 } | |
| $a_7 = { 558bec83c4f48945fcb201a158230214 } | |
| $a_8 = { 558bd6a1bc7b1314e84e330000e84d30 } | |
| $a_9 = { 558bec33c05568b9b7021464ff306489 } | |
| $a_10 = { 558bec8b45088078fe0075548b450880 } | |
| $a_11 = { 558bec6a0033c05568fe45021464ff30 } | |
| $a_12 = { 558bec51538a98f8000000885dff6683 } | |
| $a_13 = { 558bec33c055688411021464ff306489 } | |
| $a_14 = { 558becba607d1314b85cdf0514e8c6e7 } | |
| $a_15 = { 558bec6a006a0053568bf033c055684e } | |
| $a_16 = { 558bec83c4f88945fca1b46513148078 } | |
| $a_17 = { 558bec33c0556835e6061464ff306489 } | |
| $a_18 = { 558bec538bd8a160781314e868fbffff } | |
| $a_19 = { 558bec33c0556899470a1464ff306489 } | |
| $a_20 = { 558bec5356578bfa8bf033c05568e452 } | |
| $a_21 = { 558bc7e87cfbffff59bf01000000434e } | |
| $a_22 = { 558bec6a00538bd833c0556849690b14 } | |
| $a_23 = { 558bec81c4f0f7ffff5356578bf18955 } | |
| $a_24 = { 558bec83c4d85356578b450ce8835afe } | |
| $a_25 = { 558becba5c7c1314b8e8cd0514e83ef9 } | |
| $a_26 = { 558bec6a006a00535657bbb494131433 } | |
| $a_27 = { 558bec33c05568f5e3071464ff306489 } | |
| $a_28 = { 558becba347c1314b88ccb0514e8aafb } | |
| $a_29 = { 558becbaf87b1314b844c80514e8e6fe } | |
| $a_30 = { 558bec83c4f48955f88945fca14c7813 } | |
| condition: | |
| 24 of them | |
| } | |
| rule SpammerWin32Morphisil_8e65d4bf4f5cf9dc4cbaf2098c90a23a01d66f09c674ea212debc1b0dfb733df { | |
| strings: | |
| $a_2 = { 558bec83ec14a1106041008945fc6a00 } | |
| $a_3 = { 558bec81ec88000000a1648e5e008945 } | |
| $a_4 = { 558bf7176945a2752df8c9ba07890fe4 } | |
| $a_5 = { 558b7ba621e95675d4b29814072654da } | |
| $a_6 = { 558bec83ec34ff15206341008b45ec83 } | |
| $a_7 = { 558b09ae45bbcfe7396e090083469b88 } | |
| $a_8 = { 558bff83f1ffbd7bbfcc54fdffe77ab3 } | |
| $a_9 = { 558b850274efff076c10000a508b4d02 } | |
| $a_10 = { 558b7543d334b03b0200009113b645fa } | |
| $a_11 = { 558bec83ec24c645f3fdc645f3fd8bc9 } | |
| $a_12 = { 558b28003affffff9e6627009e662700 } | |
| $a_13 = { 558bec81eca0000000c1e100eb00c645 } | |
| $a_14 = { 558b885a888506f0eeff10fb7a8dc2ef } | |
| $a_15 = { 558b976488025147f8830afb7c45b2b1 } | |
| $a_16 = { 558bec83ec18c745f002000000c70538 } | |
| $a_17 = { 558b101099de32d686eec592018bc3fb } | |
| $a_18 = { 558b0200007a02000078020000578b91 } | |
| $a_19 = { 558b97068375fe076e0acdb0fe2a3270 } | |
| $a_20 = { 558bec83ec08c745f8d08e5e008b45f8 } | |
| $a_21 = { 558b3f6c2fcd62974d127a16e25d8894 } | |
| $a_22 = { 558bd74ebccc4ec0cbccd795eb8bc718 } | |
| $a_23 = { 558b4765d7ff1db882c8216cdb7f7a88 } | |
| $a_24 = { 558bb74882b82c2c2cc264efffca2f24 } | |
| $a_25 = { 558b5c264415567170246051cd894ce6 } | |
| $a_26 = { 558bec83ec20c745f800000000a1648f } | |
| $a_27 = { 558ba73fbfcceeb4c8cc4eb3c8ccd772 } | |
| $a_28 = { 558b19f8ff45dc6a7b52e8bddcfcab0b } | |
| $a_29 = { 558bec83ec0ceb00a1548f5e00030580 } | |
| $a_30 = { 558b4e200a856f56368beffb84ed3637 } | |
| condition: | |
| 24 of them | |
| } | |
| rule SpammerWin32Noname_582b96d1d4ec2ab86225a24457b69eba923c07ee6bdcc436e2628f24d55943d8 { | |
| strings: | |
| $a_2 = { 558b08894c2434ff157861400085c074 } | |
| $a_3 = { 558bec83ec14a1d48940008b15d88940 } | |
| $a_4 = { 558bec51515333db391de88940005657 } | |
| $a_5 = { 558bec6aff68a064400068dc3e400064 } | |
| $a_6 = { 558bec6aff68a061400068dc3e400064 } | |
| $a_7 = { 558bec535657556a006a0068fc3d4000 } | |
| $a_8 = { 558bec6aff68e864400068dc3e400064 } | |
| $a_9 = { 558b2df8604000565733db33f633ff3b } | |
| $a_10 = { 558b2dcc844000565785ed743d8b4504 } | |
| $a_11 = { 558b2d5461400056578d4424106a0050 } | |
| condition: | |
| 9 of them | |
| } | |
| rule SpammerWin32Norin_26d06b4fb7d2f0f4060c2f6eab3a75d3799af70e3ed71f8b347d550c400b72ad { | |
| strings: | |
| $a_2 = { 558bec83c4f8e8f52dffff8855fb8945 } | |
| $a_3 = { 558bec5356578bf8a12cf64700e89ed2 } | |
| $a_4 = { 558b163c26754fa1ccec470080780800 } | |
| $a_5 = { 558bec33c05568603c440064ff306489 } | |
| $a_6 = { 558bec53565784d2740883c4f0e8a657 } | |
| $a_7 = { 558bd98bfa8be88bc5e85ff8fdff84c0 } | |
| $a_8 = { 558bec51538d5dfca1743747008b5508 } | |
| $a_9 = { 558bec5153568b750c8b5d088bc3e8d1 } | |
| $a_10 = { 558bec538b5d083b1db8394700743653 } | |
| $a_11 = { 558bec538b5d08803de4f64700007520 } | |
| $a_12 = { 558bec83c4d85356576a0ea120ea4700 } | |
| $a_13 = { 558bec83c4a85356578bf08b86f80100 } | |
| $a_14 = { 558bec33d255682e1b400064ff326489 } | |
| $a_15 = { 558bec5dc2080090558bec33c0556895 } | |
| $a_16 = { 558bec53568bf28bd88b53708bc6e8ed } | |
| $a_17 = { 558bec6a00538bd833c05568d5c44300 } | |
| $a_18 = { 558bec6a006a00538bd833c055680b5e } | |
| $a_19 = { 558bda8bf88bc38b15506f4500e8e72e } | |
| $a_20 = { 558bec5153568bd88bc3e889a5fcff8d } | |
| $a_21 = { 558bec33c05568a565400064ff306489 } | |
| $a_22 = { 558b4328e859bfffff50e8af36fcff59 } | |
| $a_23 = { 558bf28bf88b4608e8d4aa00008bd866 } | |
| $a_24 = { 558bec83c4f8538bd8b201a154ed4000 } | |
| $a_25 = { 558bf28bd880bb0802000000740889b3 } | |
| $a_26 = { 558be8a1d4f74700e8c46600008bf04e } | |
| $a_27 = { 558bec33c05568913e450064ff306489 } | |
| $a_28 = { 558bec33c05568d918420064ff306489 } | |
| $a_29 = { 558bec33c055685110420064ff306489 } | |
| $a_30 = { 558bec53a15cf74700837804000f95c3 } | |
| condition: | |
| 24 of them | |
| } | |
| rule SpammerWin32Rowdab_c4b633cf5b310e438a2eebeaddc492cfec063e69861a602f666ff8b2cc4b6885 { | |
| strings: | |
| $a_2 = { 558bd1ea40d50000000082b989bfe215 } | |
| $a_3 = { 558ba19cabd1000f27447106f3840000 } | |
| $a_4 = { 558b480627850068ab6b360093655401 } | |
| $a_5 = { 558bc055f89c0ce6039b87f20fab84b0 } | |
| $a_6 = { 558b89457f0eb8016c169b006b8a55c0 } | |
| $a_7 = { 558b7b4dc76f890d6b83000012fe3cf0 } | |
| $a_8 = { 558bb8061b8400e98761f8ff909808c7 } | |
| $a_9 = { 558b48151a860068828b00000162d109 } | |
| $a_10 = { 558b6bc6e1971c11469566d2379d6c50 } | |
| $a_11 = { 558b7985e751eeff72a9f5ff2b4a34b8 } | |
| $a_12 = { 558b6bc798ebfe8a641eb78da727cf01 } | |
| $a_13 = { 558b4e25938d9e012b06c08df08b4e10 } | |
| $a_14 = { 558b9b3c1b880068b58a000070a5d6c1 } | |
| $a_15 = { 558bf7fefc4dad33d9c9f9c15cc35400 } | |
| $a_16 = { 558b874593ff00000000fcfbe45c0089 } | |
| $a_17 = { 558b520e56e3e9ff6b210050c382a102 } | |
| $a_18 = { 558b59c0379bab7593d826ff467fab15 } | |
| $a_19 = { 558bec81ec380100008b45088945fc8b } | |
| $a_20 = { 558b0635d0d2c7d4833e1600741b053d } | |
| $a_21 = { 558b0b35e4608e874d7f4035efea0b45 } | |
| $a_22 = { 558bc8895e860083977f69000000001e } | |
| $a_23 = { 558b8155637be8d5fc3bfa82a741bf45 } | |
| $a_24 = { 558b7d95af49efff496370a92c8483c4 } | |
| $a_25 = { 558b8a548d7fa055e0e063a88b2eeb68 } | |
| $a_26 = { 558b48916b8600e91185000053abfdff } | |
| $a_27 = { 558b6b8d9f8addffea9cb2000000007e } | |
| $a_28 = { 558b0b6fe02bf3118be666884d5f6302 } | |
| $a_29 = { 558bffb5ee8075c92c5560012b897b55 } | |
| $a_30 = { 558b00003b322500db8300003f322500 } | |
| condition: | |
| 24 of them | |
| } | |
| rule SpammerWin32Sispotat_b1072d4d076b38724ba622f0ec5206a27acb608dfd0f098a3e89cca0d177b581 { | |
| strings: | |
| $a_2 = { 558bec56e8365f00008bf085f67413ff } | |
| $a_3 = { 558bec83ec108b4514538b5d08895df8 } | |
| $a_4 = { 558bec0fb6450850e8129fffff85c00f } | |
| $a_5 = { 558bec83ec10a15869430033c58945fc } | |
| $a_6 = { 558bec81ec78020000a15869430033c5 } | |
| $a_7 = { 558bec83ec10ff75108d4df0e82107ff } | |
| $a_8 = { 558bec568bf1c706e4f64200e868ffff } | |
| $a_9 = { 558bec5151568b75088b4604578b3ec1 } | |
| $a_10 = { 558bece8f85400008b8098000000eb0a } | |
| $a_11 = { 558bec81ec00020000a15869430033c5 } | |
| $a_12 = { 558bec8b4508ff34c5706a4300ff1548 } | |
| $a_13 = { 558bec81ec98050000568b35ac804200 } | |
| $a_14 = { 558bec8b450885c07515e8bbdeffffc7 } | |
| $a_15 = { 558bec8b450885c07515e815dfffffc7 } | |
| $a_16 = { 558bec51518d45f850ff15dc8042008b } | |
| $a_17 = { 558bec8b450883f8fe7518e87f7fffff } | |
| $a_18 = { 558becb854100000e83c550100535657 } | |
| $a_19 = { 558bec833d80fa43000075148b45088b } | |
| $a_20 = { 558bec568bf1c70620014300e82af9ff } | |
| $a_21 = { 558bec5153568bf08bd9e8b6d7fffff6 } | |
| $a_22 = { 558b6c2438837c2410070f8dcc040000 } | |
| $a_23 = { 558bec81ec040400008365fc00682087 } | |
| $a_24 = { 558bec833d7002440000741968700244 } | |
| $a_25 = { 558bec5de9d4040000c70154f34200e9 } | |
| $a_26 = { 558bec81ec0401000053568b750c5768 } | |
| $a_27 = { 558bec83ec24a15869430033c58945fc } | |
| $a_28 = { 558bec83ec105356ff75108d4df0e8a1 } | |
| $a_29 = { 558bec81ec04040000535657bf64e443 } | |
| $a_30 = { 558bec51566888020000c745fc040000 } | |
| condition: | |
| 24 of them | |
| } | |
| rule SpammerWin32Talwadig_532cd4038a405396f80a5d6f194c7c98211d31fd1dea13c12d970f5c1943f353 { | |
| strings: | |
| $a_2 = { 558bec83ec2033c08b0cc5b82547003b } | |
| $a_3 = { 558bec833d9c3947000075108b45088d } | |
| $a_4 = { 558bec83ec20535657ff750c33db8bf1 } | |
| $a_5 = { 558bec833d447e460000741568447e46 } | |
| $a_6 = { 558bec518b51042b1156c1fa03beffff } | |
| $a_7 = { 558bec83ec18dd05d0854600dd5df0dd } | |
| $a_8 = { 558bec518d45fc5650c745fc0c000000 } | |
| $a_9 = { 558bcec6460600e8d0ebffff84c00f84 } | |
| $a_10 = { 558bec5151568b750857568d4508508b } | |
| $a_11 = { 558becff35243d4700e80bccffff5985 } | |
| $a_12 = { 558bec83ec74a10417470033c58945fc } | |
| $a_13 = { 558bec8bc18b4d08c700e07d46008b09 } | |
| $a_14 = { 558bec568b750c2b7510c1fe02eb598b } | |
| $a_15 = { 558bec8b45088b4d0c568d34886a008d } | |
| $a_16 = { 558bec5de934f4ffff8bff558bece831 } | |
| $a_17 = { 558bec518d45ff50ff750cff7508e8a8 } | |
| $a_18 = { 558bc8e8f5b40000eb0233c06a10899c } | |
| $a_19 = { 558bec568b75085756e8df0100005983 } | |
| $a_20 = { 558bec81ece40000005356578b7d188b } | |
| $a_21 = { 558bec51568bf18d4e046a0051e893fe } | |
| $a_22 = { 558becb820100000e8534fffffa10417 } | |
| $a_23 = { 558bec8b4518234120538bd8c1eb038b } | |
| $a_24 = { 558bec51568d45fc50ff75088bf1e84c } | |
| $a_25 = { 558bec8b450833c93b04cd1017470074 } | |
| $a_26 = { 558bec8b450883f8fe7518e807f7ffff } | |
| $a_27 = { 558becb8e41a0000e86b74ffffa10417 } | |
| $a_28 = { 558bec518d45ff50ff750cff7508e8ac } | |
| $a_29 = { 558bec518d45ff50ff750cff7508e8ab } | |
| $a_30 = { 558bec51568b750c56e8993300008945 } | |
| condition: | |
| 24 of them | |
| } | |
| rule SpammerWin32Tedroo_17bd696210794c1a2fe9a32b93d81bfbfc3cc056566772ecfd9aa96895ab973c { | |
| strings: | |
| $a_2 = { 558bec83ec308b45088945ec8b4dec83 } | |
| $a_3 = { 558bec83ec08ff15acdc40008945fcc7 } | |
| $a_4 = { 558bec83ec3c5657c745fc00a040008b } | |
| $a_5 = { 558bec83ec080fb6451485c07513833d } | |
| $a_6 = { 558bec81ec100100008b450cc60000c7 } | |
| $a_7 = { 558becb89c280000e8d1660000c60558 } | |
| $a_8 = { 558bec83ec0c8b45188945f88d4d0851 } | |
| $a_9 = { 558bec83ec10ff15acdc40008945f8ff } | |
| $a_10 = { 558bec83ec1068040100008b4508506a } | |
| $a_11 = { 558bec81ec0c010000837d08007505e9 } | |
| $a_12 = { 558bec81ec0804000068000400006a00 } | |
| $a_13 = { 558bec518d4508508b4d0c518b550852 } | |
| $a_14 = { 558bec81ec4c010000c745fc00000000 } | |
| $a_15 = { 558bec518b450cc60000c745fc000000 } | |
| $a_16 = { 558bec81ec680100006a446a008d45a0 } | |
| $a_17 = { 558bec81ec98000000c645ff00837d08 } | |
| $a_18 = { 558bec83ec148d4508508b4d0c518b55 } | |
| condition: | |
| 14 of them | |
| } | |
| rule SpammerWin64Emotet_94e1f09ea43f4f5e19f079037d81cabc6263a70d600f93f71469368dc57a55b4 { | |
| strings: | |
| $a_2 = { 558bec83ec0c535668003000006a40ff } | |
| $a_3 = { 558b8c24c80000004869c93405000048 } | |
| condition: | |
| 2 of them | |
| } | |
| rule SpammerWinNTSrizbi_b9306aee0c66364cf6abd4bd348526d90d00208395204eb27d49d1e24266f738 { | |
| strings: | |
| $a_2 = { 558b04aeacd686d510d1eb4daeacd612 } | |
| condition: | |
| 2 of them | |
| } | |
| rule TrojanAndroidOSBoxerSms_d03f56406ac7dd4a34efeea9a6fc88387cfb218e18426223faca2dbf169dc439 { | |
| strings: | |
| $a_2 = { 558b84549a4283850d5643da928a564a } | |
| condition: | |
| 2 of them | |
| } | |
| rule TrojanAndroidOSGamex_405c3d334a429ee5bc75cf5f0c5f545d42a9df293b93937f227d15c0d636cb27 { | |
| strings: | |
| $a_2 = { 558bbacaf0fbb40b8f924d7263940bda } | |
| condition: | |
| 2 of them | |
| } | |
| rule TrojanAndroidOSGGSmart_b4867062b93adcac32ffd649bb2476020dd7d3325791c02cd322ff08503d02ba { | |
| strings: | |
| $a_2 = { 558b6f6655c32da5e0a6e43e43434368 } | |
| $a_3 = { 558b50e4cd93e0cd93a0c74d0f00cb50 } | |
| $a_4 = { 558b6a0800006a080000270000007265 } | |
| $a_5 = { 558b471ea4352cc0ea0d7c2b058af437 } | |
| $a_6 = { 558b6a0800006a080000270000000000 } | |
| condition: | |
| 5 of them | |
| } | |
| rule TrojanAndroidOSGingerMaster_cc64eb497955611f347d8a34749c8dfe656be7573c4344498efc0595ac6e07e2 { | |
| strings: | |
| $a_2 = { 558bfaf594dbb108ac631b79dfb6110d } | |
| $a_3 = { 558bed75145e89343f901e33be5ff13c } | |
| $a_4 = { 558b9b15aec3517ac66485f3b68816b8 } | |
| $a_5 = { 558b20fdee65d5c6efb6d3f47af582fe } | |
| $a_6 = { 558b6c3c9c7838479462976a21f2a6b8 } | |
| $a_7 = { 558b696664875515e718fa775e21b77f } | |
| $a_8 = { 558b9a58d2bdcbeb49492caf7624581c } | |
| $a_9 = { 558bcbcee5f42bd92b295d07cb55dd1a } | |
| $a_10 = { 558b93b5f2bed02f442d54f31d88b1b5 } | |
| $a_11 = { 558b694e92878408713291fef1a46792 } | |
| $a_12 = { 558b3ec60d99a6ab06043fbacff9e067 } | |
| $a_13 = { 558b0760731f8e6505b3f6ce54b7d61d } | |
| $a_14 = { 558bec5599bf19f643ccc0530dd3e9b1 } | |
| $a_15 = { 558bc18136800a29b0a69512eb0edd07 } | |
| $a_16 = { 558b8c96c994eafb5d2c3e44f5f4779e } | |
| $a_17 = { 558bc1d42240cdfe7f385d10e0eb2aa0 } | |
| $a_18 = { 558bddc85f8f55c282754d6febce6a9c } | |
| $a_19 = { 558bf932a612670ad19cb6756878e7ed } | |
| $a_20 = { 558b5e564b051353cb3241501baa1a90 } | |
| $a_21 = { 558b4209b31aab9fcdbe9843c2d89648 } | |
| $a_22 = { 558bc5d01711d5d14f227ede1cb25b68 } | |
| $a_23 = { 558b590667d95be459e2e93937e173e4 } | |
| $a_24 = { 558b62356f3ea21483944646aeb8682f } | |
| $a_25 = { 558b5c8cb7453e4dbd6ca6555a5c2bd0 } | |
| $a_26 = { 558baaee879414ff179e37a881f5c21e } | |
| $a_27 = { 558bacc7e41321f66cbe9e274e8c8df6 } | |
| $a_28 = { 558b71e1c658e1088a27f494bc37a324 } | |
| $a_29 = { 558b1eb2e081afacf7fed16963ffb9bb } | |
| $a_30 = { 558b617c04c8f33586ed4a8f21bd0459 } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanAndroidOSInfosteal_8804a6a0e1af5de45f3336f142a060c0e17d37ed6a993581cba1cc89a1fa2d20 { | |
| strings: | |
| $a_2 = { 558b73ab4d131343eab55eb6c9a46a6a } | |
| condition: | |
| 2 of them | |
| } | |
| rule TrojanAndroidOSKapuser_ee4454fc668cb94b1b3d5673a2d55b0020486338cff030a951ea43b93c2b8f8e { | |
| strings: | |
| $a_2 = { 558b3df99030e83d73678fbaaee5d728 } | |
| $a_3 = { 558bd548b50934f38c703ef02f2b792d } | |
| $a_4 = { 558bbb0248a7cb09ee6e5fd216864568 } | |
| $a_5 = { 558ba85f88c125319ffed5a3752a26d9 } | |
| $a_6 = { 558bb1565359cc548cb75ac96292a6b2 } | |
| $a_7 = { 558bf3677592c233de780d65a34ede9f } | |
| $a_8 = { 558b9483c4c87ff39728dfa40fb1a0db } | |
| $a_9 = { 558bf2bc08eda1c1fd127122eadabcfd } | |
| $a_10 = { 558b66d55a6deca79f96425f6be28ed1 } | |
| $a_11 = { 558b2bdc069614a53ccb0bf54f5c72a1 } | |
| $a_12 = { 558b1b713db3b09c6a019e4b03518ffc } | |
| $a_13 = { 558be7e3af737955b5d3581a2445f4f2 } | |
| $a_14 = { 558bc76c1e95ea42f5bffdf04211a3bb } | |
| $a_15 = { 558b2da95a6c49d5624baa165b52b5d8 } | |
| $a_16 = { 558b8d01d695b0a52f99f1ea6c8cd76c } | |
| $a_17 = { 5589e572cec106c426d6e106221f6136 } | |
| $a_18 = { 558bda27a2f60c0c4bdd6ef126bf8ff2 } | |
| $a_19 = { 558b59d13fed011dee3f005a80e9121f } | |
| $a_20 = { 558b7f41f9bf536d769c62f12af81af8 } | |
| $a_21 = { 558b602d58ff9db16a33d5a4f87ea14b } | |
| $a_22 = { 558b862a02a94e201c0d842b03a5de61 } | |
| $a_23 = { 558bf0f78f11aa9bb80ae638de697b58 } | |
| condition: | |
| 18 of them | |
| } | |
| rule TrojanAndroidOSOpFakeSms_42edd427ac65072dfd5f431fc88e99582ce7dfe1973e59ebc85966f682abdd5e { | |
| strings: | |
| $a_2 = { 558bef8e0f9e17ce096ffa3c6fc1dcf8 } | |
| condition: | |
| 2 of them | |
| } | |
| rule TrojanAndroidOSPlankton_8f1d8d1af257a9abc4b525ab6556724d9999abc0d00a56f578afefdd413990c6 { | |
| strings: | |
| $a_2 = { 558ba68ac72266ca52812087e646c4ef } | |
| $a_3 = { 5589e51631c6b2b0ae71853529e7b2b4 } | |
| $a_4 = { 558b5493689ac6d9c929bbe080635954 } | |
| $a_5 = { 558b8eb6c7e544f91091c26050d79574 } | |
| $a_6 = { 558b6f6655c32da5e0a6e43e43434368 } | |
| $a_7 = { 558b566c35499c936c201371bbf71197 } | |
| $a_8 = { 558bb394304959e9f4701c9722cf09c3 } | |
| $a_9 = { 558b44e83a6c8e13314e71349abceb61 } | |
| $a_10 = { 558bc759e798f03c8e789efdf9d9b3cf } | |
| $a_11 = { 558b618d7cbf818610dce36def72a5b1 } | |
| $a_12 = { 558b29aedb6aac4185d27af7dea59c5a } | |
| condition: | |
| 10 of them | |
| } | |
| rule TrojanAndroidOSSMSer_e32b3145dfd7c0bc874e0d95a18c2bd1693f090f8ce49aefbbf55fbf8c6e27cc { | |
| strings: | |
| $a_2 = { 558b371292e557f2fb0dd19f624f3187 } | |
| $a_3 = { 558bdb7ff88959e744b984c7aad81f6a } | |
| $a_4 = { 558bdbea2f7561adc534f5e736ad6aa0 } | |
| $a_5 = { 558b366e94c75d41bd653c0e46eab21b } | |
| $a_6 = { 558b9aa76f589b12d834cf36a9c6c937 } | |
| $a_7 = { 558be96f9358e01f32f7527c217aff08 } | |
| condition: | |
| 6 of them | |
| } | |
| rule TrojanAutoItNateqj_1687a1548a929078a0939a7711495c67f0fe5be299665900386246d4a9a44416 { | |
| strings: | |
| $a_2 = { 558bc2766bce3438018d1c94c7077313 } | |
| $a_3 = { 558bec568b750856e899ffffff56e88d } | |
| $a_4 = { 558bec53568b7510578bf9e820520000 } | |
| $a_5 = { 558bec568b750856e8cfffffff56e8fa } | |
| $a_6 = { 558bec8b450c8b550850526a0651e8b9 } | |
| $a_7 = { 558bec8b4508568bf15056e87073ffff } | |
| $a_8 = { 558bec8b4508568bf18b48048b09e84c } | |
| $a_9 = { 558bec8b45086a0150e83438ffff5dc2 } | |
| $a_10 = { 558bec51e8fe3cfcff84c074215de969 } | |
| $a_11 = { 558bec568b750856e8097dffff8d4608 } | |
| $a_12 = { 558bec8b45086a0450e86a38ffff5dc2 } | |
| $a_13 = { 558bec8b45088b48048b09e8c31efcff } | |
| $a_14 = { 558bec8b450c8b550850526a0451e801 } | |
| $a_15 = { 558bec8b450853568bf15056e8ad2fff } | |
| $a_16 = { 558bec568bf1e8e60dfafff645080174 } | |
| $a_17 = { 558bec568b750856e87a39ffff84c074 } | |
| $a_18 = { 558bec8b410883ec0883f8010f85db9a } | |
| $a_19 = { 558bec51568b750c56e81311ffff8945 } | |
| $a_20 = { 558bec568b75088d4e08e8c314fcff8d } | |
| $a_21 = { 558bec8b45088b48048b1152e8b686ff } | |
| $a_22 = { 558bec568b750856e8ddffffff56e8b2 } | |
| $a_23 = { 558bec568b750856e81f8affff56e895 } | |
| $a_24 = { 558bec6afe68f8d1480068d06c410064 } | |
| $a_25 = { 558bec518b410453565785c00f843971 } | |
| $a_26 = { 558bec538b5d1056576a24e8bffdfbff } | |
| $a_27 = { 558bec8b45088b48048b1152e8d2a7fe } | |
| $a_28 = { 558bec568b75088d4e04e8c4f9fbff8b } | |
| $a_29 = { 558bec56e8893b0000e87e3b000050e8 } | |
| $a_30 = { 558bec568b750856e8c5ffffff56e86b } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanBATDelwin_fc01fc99e4fb93d0e54bc78eb24350f205d589cede62c8edc09322717c58c389 { | |
| strings: | |
| $a_2 = { 558bec83ec18dd0570c14000dd5df8dd } | |
| $a_3 = { 558bec51833d28c9f00000535657751d } | |
| $a_4 = { 558bec6aff68e0c0400068b883400064 } | |
| $a_5 = { 558b6c24105657742aa1c0c7f0008b5c } | |
| $a_6 = { 558bec515153568b35dcc8f000578b7d } | |
| $a_7 = { 558bec6aff68f0c4400068b883400064 } | |
| $a_8 = { 558bec83ec0c53568b7508573b35e0dc } | |
| $a_9 = { 558bec83ec0c53bb18db400033c983eb } | |
| $a_10 = { 558beca1f057f00083c001a3f057f000 } | |
| $a_11 = { 558becc705d8dd400000000000a1f057 } | |
| $a_12 = { 558bec8b4508a384c2f0008b0d34c2f0 } | |
| $a_13 = { 558bec81ecac0c00005657a0e4c6f000 } | |
| $a_14 = { 558becc705f057f000000000008b450c } | |
| $a_15 = { 558bec6aff68a8c4400068b883400064 } | |
| $a_16 = { 558becb800100000e82cadffff538b5d } | |
| $a_17 = { 558bec51515333db391decdcf0005657 } | |
| $a_18 = { 558bec8b451050e80900000083c40433 } | |
| $a_19 = { 558bec81ec0002000057c745f8000000 } | |
| $a_20 = { 558bc18bf1c1f80583e61f8d3c85e0db } | |
| $a_21 = { 558bec8b450885c075025dc3833d28c9 } | |
| $a_22 = { 558bec81ec0c01000057c785f4feffff } | |
| $a_23 = { 558becb894770300e84e44000057a0a4 } | |
| $a_24 = { 558bec83ec14a198cbf0008b159ccbf0 } | |
| $a_25 = { 558bec535657ff7508e843ffffffff75 } | |
| $a_26 = { 558bec5dc3558bec5dc3558bec51c745 } | |
| $a_27 = { 558b2d84c04000565733db33f633ff3b } | |
| $a_28 = { 558bec535657556a006a0068d8824000 } | |
| $a_29 = { 558bec5168c8d140006890c3f000e81a } | |
| $a_30 = { 558bec803dbcc7f00000535674278b5d } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanBATNabucur_39bd3648d5693d6269104bb54e4dbaadd6a4cc95e815b0fe2884616289e4d309 { | |
| strings: | |
| $a_2 = { 558b823755339f021529701df4b3750e } | |
| $a_3 = { 558b44bdd22b8ed90c36b245542b3439 } | |
| $a_4 = { 558ba14c570926a48028bc3d32e57fcd } | |
| $a_5 = { 558b87970685fc47b1c61edbf9885027 } | |
| $a_6 = { 558b36ef47b3f775f0f8e6041bc4ac6d } | |
| $a_7 = { 558b01db4a911741a57d77ceadd7ee3e } | |
| $a_8 = { 558b9a3fd63ee161d0176f7b7f0385a2 } | |
| $a_9 = { 558b19354d2ff957918e0f645642d315 } | |
| $a_10 = { 558b8e35c94e5988c582cb6f56054f94 } | |
| $a_11 = { 558b1180e44fb1966a46d78ecfa3dfd0 } | |
| $a_12 = { 558b7ec390a92db41e66a22b1ba63f14 } | |
| $a_13 = { 558b9f6c816fe22b6d1f3450584cb74b } | |
| $a_14 = { 558b3d4beebf66910175bc97e551cdb6 } | |
| $a_15 = { 558ba866cb0774322b088ed3f7d15887 } | |
| $a_16 = { 558b754b01b17f9c115c1cae9ea457a5 } | |
| $a_17 = { 558bca7777b0cbff8cca44868b503a42 } | |
| $a_18 = { 558b8a345ebca4abcd500f94edfd1a4f } | |
| $a_19 = { 558bda8230ae96a83aa1ed7fdc06cee8 } | |
| $a_20 = { 558bbef3c1af5daa7ac7e3c6aca29062 } | |
| $a_21 = { 558b3b64c39c87e29a623889142b9cb4 } | |
| $a_22 = { 558b16bf8731cb09cd639a7bd1151639 } | |
| $a_23 = { 558b721f3a7952a976cb525cd98efc84 } | |
| $a_24 = { 558b5851c57e5f866768ce955a835473 } | |
| $a_25 = { 558beb6f4296c0acd8aaedc4804acdb1 } | |
| $a_26 = { 558b5e8e91e819d2d6b103afa421b940 } | |
| $a_27 = { 558be50e03c841683b655ba63400d0ec } | |
| $a_28 = { 558b2743bd6f7cb0e118d9ebe5db44c5 } | |
| $a_29 = { 558b5430bccdc0264de474ce1e09332e } | |
| $a_30 = { 558b8c1b286881feefa083844536a6bd } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanBATQhost_6bdbc685b9735c14ff2ed564cb348382bdbdd9fb41e9efbb43160150eabdc994 { | |
| strings: | |
| $a_2 = { 558bec81ec18020000c785f8feffff07 } | |
| condition: | |
| 2 of them | |
| } | |
| rule TrojanBATRescon_6a1adf6c9d7c240e788f753d4bea04929682b9fab8bb43c1c0cdd38f35402399 { | |
| strings: | |
| $a_2 = { 558b2e98db929b6920a6780d4b54a32a } | |
| $a_3 = { 558bc83412685a7f65af7359104b36d8 } | |
| $a_4 = { 558b7fcba5d30fc609166210f25b59a2 } | |
| $a_5 = { 558bae4155562f4f5720e0a02aa1fbed } | |
| $a_6 = { 558bfcb189207ac372a102b1ff3f2add } | |
| $a_7 = { 558ba5472705f329c9b315cfc2972027 } | |
| $a_8 = { 558bc43f64e445e50ca63e7d0773a5af } | |
| $a_9 = { 558b0b4feea516f8d145ba5f1e417e53 } | |
| $a_10 = { 558b5f6ef3481ea64b5338ed2957639c } | |
| condition: | |
| 8 of them | |
| } | |
| rule TrojanBATRunner_006df2eb081eb830d9d4c9da7ac3569ac4975613f6a5cdd82ddaa1b43d448dc5 { | |
| strings: | |
| $a_2 = { 558bec5151538d45f850ff1558aa4300 } | |
| $a_3 = { 558bec5633f6833d80884500027d2d8b } | |
| $a_4 = { 558bec83ec10837d08007514e83d9eff } | |
| $a_5 = { 558bec5de9653b00008bff558bec5de9 } | |
| $a_6 = { 558bec51a1808845008b4d08565783f8 } | |
| $a_7 = { 558bec83ec20a1b8a1430033c58945fc } | |
| $a_8 = { 558beca1d48d450085c074106a00ff75 } | |
| $a_9 = { 558bcee88adbffff84c00f849b050000 } | |
| $a_10 = { 558bec5151a1b8a1430033c58945fc53 } | |
| $a_11 = { 558bec51a1b8a1430033c58945fc578b } | |
| $a_12 = { 558becb80c200000e8b8370000803d18 } | |
| $a_13 = { 558becb810140000e8cf03ffffa1b8a1 } | |
| $a_14 = { 558bf7e8be840100595985c0753c83c7 } | |
| $a_15 = { 558beca1b8a1430083e01f6a20592bc8 } | |
| $a_16 = { 558bec51568b750883fefe750de8508e } | |
| $a_17 = { 558bec83ec1c8d4de453ff7510e80def } | |
| $a_18 = { 558bec568b75080fbe0650e8e0120000 } | |
| $a_19 = { 558bec51a1b8a1430033c58945fc5668 } | |
| $a_20 = { 558bec568b750c8b063b05f88d450074 } | |
| $a_21 = { 558bec6b450818050890450050ff15cc } | |
| $a_22 = { 558becb800200000e8355101008b4508 } | |
| $a_23 = { 558bec8b4d0833c03b0cc5a023430074 } | |
| $a_24 = { 558bec81ec000200008d8500ffffff53 } | |
| $a_25 = { 558bcfe87b77ffffc1e80c8bcf0fb6c0 } | |
| $a_26 = { 558bec5668541a4300684c1a43006854 } | |
| $a_27 = { 558bec64a1000000008bd16aff68a1f0 } | |
| $a_28 = { 558bec8b4d0c568b7508890ee8142400 } | |
| $a_29 = { 558bec83ec10ff750c8d4df0e853b1ff } | |
| $a_30 = { 558becff7508e85bfbffff595dc3566a } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanBATSafrabla_8a203cbaf311335e226a5e55d4120fc3b9bc79f35af6057a27a62f1b6efc54d5 { | |
| strings: | |
| $a_2 = { 558bcfe89e5103008b4e50b8fdffffff } | |
| $a_3 = { 558b6c240c56576aff8b45008bb59c01 } | |
| $a_4 = { 558bec83ec185356576a19e889350000 } | |
| $a_5 = { 558bcee85d4300005f5b5e33c05d83c4 } | |
| $a_6 = { 558b6c247456578b45008b5d088b7504 } | |
| $a_7 = { 558bcee821d7ffff3b4424407f0b478b } | |
| $a_8 = { 558bcee8344406005fa3088aa1005eb8 } | |
| $a_9 = { 558b44241085c0744d8b474450e846a6 } | |
| $a_10 = { 558bec8b450850b90027a300e8ef82ff } | |
| $a_11 = { 558bec6aff68f9e2470064a100000000 } | |
| $a_12 = { 558bec6aff6800b1a00068ec6f460064 } | |
| $a_13 = { 558bce8944241ce8765b04008bd8896c } | |
| $a_14 = { 558bec5756538b750c8b7d088d058454 } | |
| $a_15 = { 558bcee851c2ffff8be88b442418473b } | |
| $a_16 = { 558bec6aff6872a2071064a100000000 } | |
| $a_17 = { 558bec5153568bf1578b4e688d86d800 } | |
| $a_18 = { 558bec833d785fa200007529ff7514dd } | |
| $a_19 = { 558bec5153568bf157ff36ff15242348 } | |
| $a_20 = { 558bec81ec24000000c745fc00000000 } | |
| $a_21 = { 558bec5151dd4508dc1dc857081056df } | |
| $a_22 = { 558be9568d4c240ce86a55fdff8b5c24 } | |
| $a_23 = { 558bcbe807ffffff5e5d5bc204008b4b } | |
| $a_24 = { 558bac24940100008b88c80100005657 } | |
| $a_25 = { 558bcee8fe41feff8b6c2414892f8b0b } | |
| $a_26 = { 558bec5657ff75088b3de4234800ffd7 } | |
| $a_27 = { 558bec535657556a006a006850e70510 } | |
| $a_28 = { 558b6c240c56578b7c241c8b450481ff } | |
| $a_29 = { 558bcee82a4706005fa3c84909105eb8 } | |
| $a_30 = { 558bec83ec10833db8060b10007509c7 } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanBATStartpage_7419b3f4150bbb2e33a41c66120ea56c11024bc0a857bc39ba6d5b79373ea7cf { | |
| strings: | |
| $a_2 = { 558bec83c4f85356578945fca12ca040 } | |
| $a_3 = { 558bec6a006a00538bd833c05568ed53 } | |
| $a_4 = { 558bec83c4f40fb70518a040008945f8 } | |
| $a_5 = { 558bec83c4d45756538945fca007d840 } | |
| $a_6 = { 558bec33c055680351400064ff306489 } | |
| $a_7 = { 558bec535657a1c8d7400085c0744e8b } | |
| $a_8 = { 558bbcff5086bdff487bb9ff4772b9ff } | |
| $a_9 = { 558bec33c055689c8b400064ff306489 } | |
| $a_10 = { 558bec518945fc8b45fce869b6ffff33 } | |
| $a_11 = { 558bec33c055684d8f400064ff306489 } | |
| $a_12 = { 558bec33c05568958f400064ff306489 } | |
| $a_13 = { 558bec518945fc33d25568ac4d400064 } | |
| $a_14 = { 558be88b3d2ca0400085ff74218b4704 } | |
| $a_15 = { 558bec515356578945fc33d255686337 } | |
| $a_16 = { 558bec33c05568844e400064ff306489 } | |
| $a_17 = { 558bec51538945fc8b45fce820f1ffff } | |
| $a_18 = { 558bec6a00535633c055685171400064 } | |
| $a_19 = { 558bec33c055681e91400064ff306489 } | |
| $a_20 = { 558bec83c4ec535657bec0d84000c706 } | |
| $a_21 = { 558bec51535657a1c8d7400085c07451 } | |
| $a_22 = { 558bec6a005633c05568fb71400064ff } | |
| condition: | |
| 18 of them | |
| } | |
| rule TrojanClickerMSILEzbro_48859b0c3ead37b741188866106c61fb4a037c6ad708198ee495685a0a8fa267 { | |
| strings: | |
| $a_2 = { 558bec518b4d0853565733dbe8909090 } | |
| $a_3 = { 558bec83ec44a19090909033c58945fc } | |
| $a_4 = { 558bec81ec90909090a19090909033c5 } | |
| condition: | |
| 3 of them | |
| } | |
| rule TrojanClickerMSILFakeIE_c5d5306621830be53b00b9786d975f1f297800734a9a4f8f1146b379014a346a { | |
| strings: | |
| $a_2 = { 558b37eb0dfd10b64b523d85ebb0abc4 } | |
| condition: | |
| 2 of them | |
| } | |
| rule TrojanClickerMSILXobnff_624eaa527badea90e78f17aa01db58a97225090abf68eb17b6902444fcb69a35 { | |
| strings: | |
| $a_2 = { 558b3c5fefc1436e3726db3f61598329 } | |
| $a_3 = { 558b1e1da7de5d81057d87702cd25a4b } | |
| condition: | |
| 2 of them | |
| } | |
| rule TrojanClickerMSILYouclick_675e717a5c6b4ca0e81388c4bb008d24a46cc4fe25a90fa14a303ba9738b17d7 { | |
| strings: | |
| $a_2 = { 558b8ea782c076923eb706d0c1b10026 } | |
| $a_3 = { 558bc18dfef3a39ec0e14f0f46ff86ee } | |
| $a_4 = { 558b8e598287e1a2c247158395cf0fe7 } | |
| $a_5 = { 558b1f47d49db010d4387cf4288fce3d } | |
| $a_6 = { 558be9764ad4b205456ac9bc02c00680 } | |
| condition: | |
| 5 of them | |
| } | |
| rule TrojanClickerWin32Adload_97d59bc829efebad66dc983ba23d21c292fdceb0e428ee34f3db54373da7cc5c { | |
| strings: | |
| $a_2 = { 558bec6a00538bda33d2556802004600 } | |
| $a_3 = { 558b4a24f8d6108da4baa55d1035c199 } | |
| $a_4 = { 558b4f6910bfb1e4f353dc55d8c99c79 } | |
| $a_5 = { 558bbe0ee397a12d74acbd1f94886c8a } | |
| $a_6 = { 558b76b1626e883fdd1d5ca32fb7b332 } | |
| $a_7 = { 558bcc62601651f0f33dd9d0cf72fd57 } | |
| $a_8 = { 558b4f4967eb52fb0ee4195d3cee897d } | |
| $a_9 = { 558bb74821969b8051eb44076a78e783 } | |
| $a_10 = { 558b6c006b75161943e0241cc61ba1a7 } | |
| $a_11 = { 558b3b9ca2919537ef33e0ccb9e0ec4c } | |
| $a_12 = { 558b1365da21500f161c6d2982dbe2bf } | |
| $a_13 = { 558b2a755a72509af44f2d5d8549a9d3 } | |
| $a_14 = { 558b8d68685cd8cbfcf19bdd22c3c948 } | |
| $a_15 = { 558b57d8675e3f6dfd73652a39f7327d } | |
| $a_16 = { 558b6211b65a408914fb1686b928754b } | |
| $a_17 = { 558bf070951552d5566a7e9b7e0aa5ec } | |
| $a_18 = { 558bec5356578bd885c0743233d25568 } | |
| $a_19 = { 558bf55b9803b340ab6076cc733dd083 } | |
| $a_20 = { 558b326d8120c0c03aed532a40131122 } | |
| $a_21 = { 558bec6a005333c055686ff4450064ff } | |
| $a_22 = { 558b6933ac70348fc9e11914b0593f09 } | |
| $a_23 = { 558bfaece0e57af92f640cabdc585668 } | |
| $a_24 = { 558b1a86f45823c75da711a094eb9130 } | |
| $a_25 = { 558bc1f3e6c676644e40993ec7c8246d } | |
| $a_26 = { 558bb65087c7a4e9e26b8b77773a89c8 } | |
| $a_27 = { 558b9f4f6745fd35031b702a065f41a5 } | |
| $a_28 = { 558b32c4b3fa8bf850f920afca5ea079 } | |
| $a_29 = { 558bec83c4e8538bd88d45e850e8a6c2 } | |
| $a_30 = { 558bc00fe3a3a66c809b73d0a00a0e6a } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanClickerWin32Agent_c0c0487e4a13f590784d0b80aa708884d01e080dd3e1028859948d0e549e98b4 { | |
| strings: | |
| $a_2 = { 558bec51833d689b00100053751d8b45 } | |
| $a_3 = { 558bec8b4508ff3485f4700010ff1550 } | |
| $a_4 = { 558bec6aff682064001068e84c001064 } | |
| $a_5 = { 558bec6aff68e865001068e84c001064 } | |
| $a_6 = { 558bec83ec14a1509e00108b15549e00 } | |
| $a_7 = { 558becb82c120000e8681600008d8568 } | |
| $a_8 = { 558b2da4600010565733db33f633ff3b } | |
| $a_9 = { 558bec515153568b3540970010578b56 } | |
| $a_10 = { 558bec6aff687064001068e84c001064 } | |
| $a_11 = { 558bec5756538b750c8b7d088d05609b } | |
| $a_12 = { 558bec535657556a006a0068084c0010 } | |
| $a_13 = { 558bec6aff683864001068e84c001064 } | |
| $a_14 = { 558bec5153568b352477001057837e10 } | |
| $a_15 = { 558b2dbc6000107e40a1549e00108b3d } | |
| $a_16 = { 558bec83ec185356576a19e865e4ffff } | |
| $a_17 = { 558bec83ec485356576880040000e824 } | |
| $a_18 = { 558bec51833d689b001000535657751d } | |
| $a_19 = { 558bec6aff685864001068e84c001064 } | |
| $a_20 = { 558bec51515333db391da8a100105657 } | |
| $a_21 = { 558bec8b450856833c85f4700010008d } | |
| condition: | |
| 17 of them | |
| } | |
| rule TrojanClickerWin32Bessal_bc3d0590fe970b6452b7a012610626a6de2ef6a996270d6899b53f10a88f680f { | |
| strings: | |
| $a_2 = { 558bec5251e8e6010000010580344000 } | |
| $a_3 = { 558bec83c4f4ff7510ff750cff7508e8 } | |
| $a_4 = { 558bec81c4c0feffff8d85c2feffff50 } | |
| $a_5 = { 558bec6068934c13688f4cadfb9dc729 } | |
| condition: | |
| 4 of them | |
| } | |
| rule TrojanClickerWin32Chiakik_84de1c0e82bca9c66c919dd6595cd7c531db6d3f9489e23a95342b696e3b1933 { | |
| strings: | |
| $a_2 = { 558bec8b4508565785c07c593b0548fc } | |
| $a_3 = { 558bec83ec28a1809a480033c58945fc } | |
| $a_4 = { 558bec6aff6860e1460064a100000000 } | |
| $a_5 = { 558bec83ec10568b750c85f67512e8d6 } | |
| $a_6 = { 558bce8bfbe8b50900008bc55f5e5d5b } | |
| $a_7 = { 558bec56e87e4100006a008bf0e8a569 } | |
| $a_8 = { 558bec837d0c007505e87934ffff833d } | |
| $a_9 = { 558bec5633f6393508e3480075393975 } | |
| $a_10 = { 558bec568bf1c706e0fa4600e8fffeff } | |
| $a_11 = { 558bec83ec185356578d4de833ffe80f } | |
| $a_12 = { 558bec83ec1853ff75148d4de8e88086 } | |
| $a_13 = { 558bec8b450833c93bc1740fc7009418 } | |
| $a_14 = { 558bec56ff750c8bf1ff7508e82ff6ff } | |
| $a_15 = { 558bec5153568bf033db3bf3751ee8f4 } | |
| $a_16 = { 558b6c242c56578bf185ed0f849f0000 } | |
| $a_17 = { 558bec83ec10ff750c8d4df0e8e392fe } | |
| $a_18 = { 558bec6a106a00ff7508e86e55010083 } | |
| $a_19 = { 558bec5356e84dc1ffff8bd88b431033 } | |
| $a_20 = { 558bec56e8d38effff8b40048b750889 } | |
| $a_21 = { 558bec5151535633f6578b3d50da4800 } | |
| $a_22 = { 558becff356cda4800e8716e00005985 } | |
| $a_23 = { 558bec81ec28030000a1809a480033c5 } | |
| $a_24 = { 558bec56ff75088bf156ff157cf44600 } | |
| $a_25 = { 558bec8b450c568bf185c07508e8ac93 } | |
| $a_26 = { 558bec568d4508508bf1e81ecfffff84 } | |
| $a_27 = { 558bec568d4508508bf1e8dde8ffff84 } | |
| $a_28 = { 558bec56578bf9e82779ffff8bf033c0 } | |
| $a_29 = { 558bec6a006a00e8e1defeff595985c0 } | |
| $a_30 = { 558bec515356578b7d0c85ff7505e835 } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanClickerWin32ClickTrans_db5290530186fcfe0d6f73df555aa11993cee6bfaac835620cb1ef7630a95cf0 { | |
| strings: | |
| $a_2 = { 558b2e9b45921aba56bf91bf5e81095e } | |
| $a_3 = { 558b3d274107932d3609a9403f52d318 } | |
| $a_4 = { 558ba67a2e545f799f495122df9b984a } | |
| $a_5 = { 558b7a1c68823fdcb8e89d7e0a0024d3 } | |
| $a_6 = { 558bb29868e214a89430564a1ac23f57 } | |
| $a_7 = { 558b91a83b14cd32b020a0035918e1f8 } | |
| $a_8 = { 558bafa15190454af776e23bf65110e9 } | |
| $a_9 = { 558b76495eaaaf618425517086ad89ae } | |
| $a_10 = { 558b656c04ccd933b6f818e3b8e559e7 } | |
| condition: | |
| 8 of them | |
| } | |
| rule TrojanClickerWin32Clikug_df5a9c8450d41928aa3ce4593ae0b111527a4428f4fdba09e7205e29fbaf37e2 { | |
| strings: | |
| $a_2 = { 558bec568bf1c70638354100e818ffff } | |
| $a_3 = { 558bec568bf1578d7e1457ff15043141 } | |
| $a_4 = { 558bec8b5508568bf185d275156a18ff } | |
| $a_5 = { 558becf6450801568bf1c706643e4100 } | |
| $a_6 = { 558bec6aff682808410064a100000000 } | |
| $a_7 = { 558bec51518bc1538b18568b4bf08b73 } | |
| $a_8 = { 558bec6aff68e001410064a100000000 } | |
| $a_9 = { 558bec8b4508394110730b68e03d4100 } | |
| $a_10 = { 558bec568bf1833e007408ff36e894cf } | |
| $a_11 = { 558bec83ec0c53568bf133db395e0474 } | |
| $a_12 = { 558bec568b7508eb0c6a008bcee8a815 } | |
| $a_13 = { 558bec5356576a00ff75088bf1e80808 } | |
| $a_14 = { 558bec518365fc00568bf18bcae81503 } | |
| $a_15 = { 558bec83e4f86aff682e1a410064a100 } | |
| $a_16 = { 558bec83ec1ca134a0410033c58945fc } | |
| $a_17 = { 558bec568bf18b4d0868dcb84100ff15 } | |
| $a_18 = { 558bec83ec0c8b4508538b5d0c56807b } | |
| $a_19 = { 558becf6450801568bf1c70618344100 } | |
| $a_20 = { 558bec81ec240300006a17e80f710000 } | |
| $a_21 = { 558bec6aff680002410064a100000000 } | |
| $a_22 = { 558becff75086a00ff7104ff15f03041 } | |
| $a_23 = { 558bec518b450cc1e804400fb7c06a06 } | |
| $a_24 = { 558bec56ff75088bf1e851f8ffff33c0 } | |
| $a_25 = { 558bec568bf18b4d086808ba4100ff15 } | |
| $a_26 = { 558bec568bf16814bf4100c706575040 } | |
| $a_27 = { 558bec83e4f86aff68af1a410064a100 } | |
| $a_28 = { 558bec568b750857568bf9ff15fc3141 } | |
| $a_29 = { 558bec568bf1c70670334100ff150432 } | |
| $a_30 = { 558bec538b5d08568b750c5785f67442 } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanClickerWin32Delf_45a21ea6f87c82334f3d2ef7e87a624f7ec44398fd86890f3bd5b129133ae904 { | |
| strings: | |
| $a_2 = { 558b61e240b4a1f600758d1a8875f9ed } | |
| $a_3 = { 558b78c4568ef418a26e1fc6146457bc } | |
| $a_4 = { 558b5882c942f8a3cd01a5740c5db014 } | |
| $a_5 = { 558ba46493f3742d60a2c1700134af9f } | |
| $a_6 = { 558b358c56176ca9283d84a9c9d50c9d } | |
| condition: | |
| 5 of them | |
| } | |
| rule TrojanClickerWin32Doorplus_62c8779afb9f8acba3814f67e5871ae3fedecb0f2d566eafb6f99744f8712bca { | |
| strings: | |
| $a_2 = { 558bec515356578bf133ff397e047403 } | |
| $a_3 = { 558bec81ec24040000535633f6578935 } | |
| $a_4 = { 558bec515180259cc84000008d45fc56 } | |
| $a_5 = { 558bec5156ff15a01140008d45fc50ff } | |
| $a_6 = { 558bec83ec3833c056505050508d45fc } | |
| $a_7 = { 558bec51568bf1ff7508e84dabffff8b } | |
| $a_8 = { 558bec8b45080bc0740e6681384a4375 } | |
| $a_9 = { 558bec51518025b0dc4000008d45fc56 } | |
| $a_10 = { 558bcfe89a140000687c3b40008bcfe8 } | |
| $a_11 = { 558bec81ec940000008025e8de400000 } | |
| $a_12 = { 558bec81ec0c0100008365fc008d45fc } | |
| $a_13 = { 558bec515356578bf9e8c6e6ffffff75 } | |
| $a_14 = { 558b6c240c568b3578114000578bf985 } | |
| $a_15 = { 558bec25ca9b827d803a648d81383b4e } | |
| $a_16 = { 558bec6aff6898124000689a63400064 } | |
| $a_17 = { 558bec5151802540da4000008d45fc56 } | |
| $a_18 = { 558bec515180257cdc4000008d45fc56 } | |
| $a_19 = { 558bec5356578b7d0c680cc540008bcf } | |
| $a_20 = { 558bec83ec28536a02ff7508ff158810 } | |
| $a_21 = { 558bec8b4d0c56680cc54000e8a50f00 } | |
| $a_22 = { 558bec5151802538d94000008d45fc56 } | |
| $a_23 = { 558bec51515356578bf1e811e6ffff8d } | |
| $a_24 = { 558becb8a8150000e85445000053568b } | |
| $a_25 = { 558bec81ec0c020000565733ff57ff15 } | |
| $a_26 = { 558bec5151802544db4000008d45fc56 } | |
| $a_27 = { 558bcbe86d1c00005deb0c68383b4000 } | |
| $a_28 = { 558b4dfc8be833c0d3e5e8ad0000000b } | |
| $a_29 = { 558bec535657bb50344000ff7514be02 } | |
| $a_30 = { 558bcfe8cb140000837b50008d734c74 } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanClickerWin32Ellell_2904bc4fb25160836a2f7cce7b90c575870d3190fe81a5d323c7f0129c7de438 { | |
| strings: | |
| $a_2 = { 558bec6aff68e043400068741b400064 } | |
| $a_3 = { 558bec6aff68f843400068741b400064 } | |
| $a_4 = { 558b2d3c404000565733db33f633ff3b } | |
| $a_5 = { 558bec6aff68a040400068741b400064 } | |
| $a_6 = { 558bec51515333db391da85a40005657 } | |
| $a_7 = { 558bec535657556a006a0068941a4000 } | |
| $a_8 = { 558bec83ec14a1585740008b155c5740 } | |
| condition: | |
| 6 of them | |
| } | |
| rule TrojanClickerWin32Erbon_90c9b7bc154b12ee2072a2fdce98ede0f9a704167e305dfe91015332e4c11af9 { | |
| strings: | |
| $a_2 = { 558bec565733f6ff7508e8a2feffff8b } | |
| $a_3 = { 558becb8e41a0000e859450000a15800 } | |
| $a_4 = { 558bece882410000ff7508e8cf3f0000 } | |
| $a_5 = { 558bec83e4f881ec54040000a1580001 } | |
| $a_6 = { 558bec568b750856e825faffff50e850 } | |
| $a_7 = { 558bec83ec14684612400064a1000000 } | |
| $a_8 = { 558b2d2cc0001057837e0c0075108b46 } | |
| $a_9 = { 558beca19017011083ec0c53568b3500 } | |
| $a_10 = { 558bec83ec20a15800011033c58945fc } | |
| $a_11 = { 558bec6a0a6a00ff7508e8e6f8ffff83 } | |
| $a_12 = { 558becff35dc140110e871f8ffff5985 } | |
| $a_13 = { 558bec568b7508b8300901103bf07222 } | |
| $a_14 = { 558bec57bfe803000057ff15b4c00010 } | |
| $a_15 = { 558bec535657556a006a0068b0a60010 } | |
| $a_16 = { 558bec51568b750c56e8db2000008945 } | |
| $a_17 = { 558bec837d0c017505e86a460000ff75 } | |
| $a_18 = { 558bec8bc18b4d08c70048c300108b09 } | |
| $a_19 = { 558bec83ec18684612400064a1000000 } | |
| $a_20 = { 558bec5356576a006a0068076a001051 } | |
| $a_21 = { 558bec8b4508a3e01401105dc38bff55 } | |
| $a_22 = { 558bec56ff357c0601108b3594c00010 } | |
| $a_23 = { 558bec8b4508b9300901103bc1721f3d } | |
| $a_24 = { 558bec538b5d08568bf1c70648c30010 } | |
| $a_25 = { 558bec81ec28030000a15800011033c5 } | |
| $a_26 = { 558bec83ec10ff75088d4df0e88da8ff } | |
| $a_27 = { 558bec83ec14a1541c01108b4d086bc0 } | |
| $a_28 = { 558bec83ec14a15800011033c58945fc } | |
| $a_29 = { 558bec568b75085756e8bc3400005983 } | |
| $a_30 = { 558bec8b45088b0d000c011056395004 } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanClickerWin32Frosparf_5ab1884930fa114ff9e90770e9480ea6fd03646f9d502d713f973c611702dea3 { | |
| strings: | |
| $a_2 = { 558bee5246a597a04cbeec36b5e57b58 } | |
| $a_3 = { 558bcaec76a85af9a61e4463dc12517f } | |
| $a_4 = { 558b2959f624bfd96f0a9a0d358a980c } | |
| $a_5 = { 558bb2364294fa757f4ababcc907549a } | |
| $a_6 = { 558be92728f81e3561873237e37ea985 } | |
| $a_7 = { 558bc843b3587dfd838c68f2b3fe9711 } | |
| $a_8 = { 558b4a69a3208faa1772877e3055061d } | |
| $a_9 = { 558bac842343ca3ab4bdb00c81c782d9 } | |
| $a_10 = { 558b9e10cc0ff7b96e54736d74cba4eb } | |
| $a_11 = { 558bd090e994213a59bdaef6cffa948c } | |
| $a_12 = { 558b221328869bc4661724d6af181ab3 } | |
| $a_13 = { 558b7424340fbef831cf66d3edf7de66 } | |
| $a_14 = { 558bbd3c567faf4c802149defc87a933 } | |
| $a_15 = { 558b2945133f1d39c2f697c1588a2943 } | |
| $a_16 = { 558b9495b64fa98f947595432b2827e0 } | |
| $a_17 = { 558b2c76ace6304e57d0062f5386b653 } | |
| $a_18 = { 558b6f7d94b3d838718c517bf3940680 } | |
| $a_19 = { 558baa40fdb316a3f1c56ce83bc39493 } | |
| $a_20 = { 558bcae40d3d4775b2d2fb2d6e98a1c9 } | |
| $a_21 = { 558bc9fc353fa873c6a940b8a028f691 } | |
| $a_22 = { 558bf85c7d60a6a4a471dacb3997d00a } | |
| $a_23 = { 558b3ac67f1c36dff9571fed3293d0df } | |
| condition: | |
| 18 of them | |
| } | |
| rule TrojanClickerWin32Hatigh_dd12559817e48ae200ab6f6a883c55a8a2e055055063c06359dec503406a0344 { | |
| strings: | |
| $a_2 = { 558bec83c4c0c745c0000000008b5508 } | |
| $a_3 = { 558bec81c48ce3ffffc785ecfeffff00 } | |
| $a_4 = { 558bec83c4e06a0068cc8d40006a00ff } | |
| $a_5 = { 558bec83c4fc6804010000686c104100 } | |
| $a_6 = { 558bec5657fc8b75088b7d0c8b4d10c1 } | |
| $a_7 = { 558bec83c4e06864904000680e8b4000 } | |
| $a_8 = { 558bec83c4e86a00e8d9070000a31c28 } | |
| $a_9 = { 558bec83c4fc6a64e87514000083f805 } | |
| $a_10 = { 558bec81c42cecffff68400d03006a40 } | |
| $a_11 = { 558bec83c4f068a08601006a40e86310 } | |
| $a_12 = { 558beca1308e400033d2b91df30100f7 } | |
| $a_13 = { 558bec83c4e46a00e8dd0600000bc00f } | |
| $a_14 = { 558bec81c490fdffffc78594feffff00 } | |
| $a_15 = { 558bec83c4dcff75148f45e8ff750c8f } | |
| $a_16 = { 558b2402accca43ae074286fe08c42d0 } | |
| $a_17 = { 558bec81c4b0f7ffff60ff7508ff7524 } | |
| $a_18 = { 558bec83c4c0c745c000000000c745f8 } | |
| $a_19 = { 558bec53565733c08b7d108b75088b4d } | |
| $a_20 = { 558bec83c4e8c745e8010000006a00e8 } | |
| $a_21 = { 558becff15c0704000ff75086a0050ff } | |
| $a_22 = { 558bec83c4f8c745fc00000000837d08 } | |
| $a_23 = { 558bec83c4ecc745f400000000c745f0 } | |
| $a_24 = { 558bec83c4f0e89600000068a7304200 } | |
| $a_25 = { 558bec83c4dc8b55088b126a00ff7508 } | |
| $a_26 = { 558b0a3a7151e89648b0a76530fb2808 } | |
| $a_27 = { 558becff450cff750ce8692b00003b55 } | |
| $a_28 = { 558bec83c4f0c745f8000000008b5508 } | |
| $a_29 = { 558bec81c4d4fdffffc785d8fdffff00 } | |
| $a_30 = { 558bec83c4f060c745f4000000008b7d } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanClickerWin32Klik_3797c8ce8f9299eb058d202a57d835e9e63b9ff01be6ea45c8654ffc6246334a { | |
| strings: | |
| $a_2 = { 558b318329396bfc134df053d01eaf0d } | |
| $a_3 = { 558b83fe9fd4112fd3065f5bb0c72afb } | |
| $a_4 = { 558bd726e22ac1a7781fdf4b3665112c } | |
| $a_5 = { 558bdc7d8a1dcb00edecec056bd96d2b } | |
| $a_6 = { 558bbead21debaf75bb7c0f38ea19d22 } | |
| $a_7 = { 558bec83c4c06068aa16400033d88bcf } | |
| condition: | |
| 6 of them | |
| } | |
| rule TrojanClickerWin32Lnkwinkap_5e336a76309f4994878bcd934a3a154e6e659e69114c064a42aa6234d53ed5dd { | |
| strings: | |
| $a_2 = { 558bec515356578945fc833dcc394700 } | |
| $a_3 = { 558bd5e61217827d5fb5ae513b825018 } | |
| $a_4 = { 558bc3e886fffeff50e82820fbff5d5f } | |
| $a_5 = { 558b9be0e1975d6d907d00c121b52a65 } | |
| $a_6 = { 558bec515356578bf28bd8833d903947 } | |
| $a_7 = { 558bec6a006a00538bd833c055680771 } | |
| $a_8 = { 558b1596d3b6987b1496cec00c8a451c } | |
| $a_9 = { 558b6ac1ef763350c183d0431d60be34 } | |
| $a_10 = { 558b06559a29b8447780c736aa485332 } | |
| $a_11 = { 558bec5356578bd885c0743233d25568 } | |
| $a_12 = { 558bec51538955fc8bd88b45fce8fa7f } | |
| $a_13 = { 558b6fe209a200c9fc20be0923eecbc4 } | |
| $a_14 = { 558be86f79f3d346bd546fa6871196d9 } | |
| $a_15 = { 558b1773cf5ef0e9f0e428158c7e9f18 } | |
| $a_16 = { 558bec538bd8a1c4394700e89cfbffff } | |
| $a_17 = { 558bec53568bf18bd80fb705446c4300 } | |
| $a_18 = { 558b6c47d16a656d36a4029eb8c63122 } | |
| $a_19 = { 558be87c51945da300507dc019d60271 } | |
| $a_20 = { 558bec83c4e8538bd88d45e850e8a6c2 } | |
| $a_21 = { 558bfe09fa5ec07ff98b92102e759226 } | |
| $a_22 = { 558b6ec70cbaca82bed530c53d2c3fe6 } | |
| $a_23 = { 558bec6a0033c05568da06410064ff30 } | |
| $a_24 = { 558bba304e40ad52483d3c9b3790ce80 } | |
| $a_25 = { 558bec33c05568f3c6460064ff306489 } | |
| $a_26 = { 558b2a185e92af549e9cde724a24fef0 } | |
| $a_27 = { 558bcac98ee0a11b4e155c983db7f079 } | |
| $a_28 = { 558bec53565733c055688bd2410064ff } | |
| $a_29 = { 558b9851e0b5de4dab27c9c7af4ae098 } | |
| $a_30 = { 558b357fca3bd0523856dc9e645fe6ed } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanClickerWin32Losicoa_df0a9d679c03988b3ce20dcde1d2965596e8a4a599ec2fbede5ec4b16bd3d367 { | |
| strings: | |
| $a_2 = { 558bec81ec0c0300005356578bf1e81f } | |
| $a_3 = { 558be9568d4c24185733c05150894424 } | |
| $a_4 = { 558bec51515333db391db09342005657 } | |
| $a_5 = { 558bec8b4508533b0560914200560f83 } | |
| $a_6 = { 558b6c2428578bf88b0d10254200894c } | |
| $a_7 = { 558bec6aff6818d741006820b0400064 } | |
| $a_8 = { 558bec5153578bd96a10e890f7ffff85 } | |
| $a_9 = { 558bec83ec106853944100b9dc5e4200 } | |
| $a_10 = { 558bec51833d6c7f42000053751d8b45 } | |
| $a_11 = { 558bec83ec0c833d9c91420000535657 } | |
| $a_12 = { 558bec6aff68e0d641006820b0400064 } | |
| $a_13 = { 558bec5151568bf1578b3d3cc041008b } | |
| $a_14 = { 558bec6aff6880d941006820b0400064 } | |
| $a_15 = { 558bec5151568bf1578b3d40c041008b } | |
| $a_16 = { 558bec5657ff75088b3dc8c24100ffd7 } | |
| $a_17 = { 558bec6aff68c8d841006820b0400064 } | |
| $a_18 = { 558bec56ff7514e81f580000ff7514ff } | |
| $a_19 = { 558bec6aff68f0d841006820b0400064 } | |
| $a_20 = { 558bec83ec485356576880040000e87e } | |
| $a_21 = { 558bec83ec148d45ec50ff15c4c04100 } | |
| $a_22 = { 558bec5151568bf1578b3d4cc041008b } | |
| $a_23 = { 558bec5333db391d9c9142005657750f } | |
| $a_24 = { 558bec6aff68f8dd41006820b0400064 } | |
| $a_25 = { 558bec8b4508ff348590514200ff159c } | |
| $a_26 = { 558bec515153568b7508578bcee82424 } | |
| $a_27 = { 558bec518d45fc6888f8410050c745fc } | |
| $a_28 = { 558bec8b450856833c8590514200008d } | |
| $a_29 = { 558bec6aff68f8d641006820b0400064 } | |
| $a_30 = { 558be95657896c24108b44242833f689 } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanClickerWin32NightClick_d1a98bc051d1ef96595f6a453b0cefdd18959158f68866e2596f456cae479565 { | |
| strings: | |
| $a_2 = { 558bec6aff688e99470064a100000000 } | |
| $a_3 = { 558bec568bf10f57c08d460450c70640 } | |
| $a_4 = { 558bec6aff68a07e470064a100000000 } | |
| $a_5 = { 558bec6aff68af8e470064a100000000 } | |
| $a_6 = { 558beca1fcc14900568b35b0ec490033 } | |
| $a_7 = { 558bec8b450850ff7108894118e8a8d7 } | |
| $a_8 = { 558becf6450801568bf1c746f0a83948 } | |
| $a_9 = { 558bec6aff68388e470064a100000000 } | |
| $a_10 = { 558bec6aff68369f470064a100000000 } | |
| $a_11 = { 558bec56e8bb2100008b55088bf06a00 } | |
| $a_12 = { 558bec83ec0cdd7dfcdbe2833d6cf149 } | |
| $a_13 = { 558bec6b4508180580f3490050ff1594 } | |
| $a_14 = { 558becf6450801568bf157c746f0f03b } | |
| $a_15 = { 558becff7508e808f6ffff595dc3cccc } | |
| $a_16 = { 558bec56ff75088bf1e867a5feffc706 } | |
| $a_17 = { 558bec83ec60a1fcc1490033c58945fc } | |
| $a_18 = { 558bec535657556a006a006818914500 } | |
| $a_19 = { 558bec6aff684265470064a100000000 } | |
| $a_20 = { 558bec518b450853568bf1bb00010000 } | |
| $a_21 = { 558becf6450801568bf157c746f00043 } | |
| $a_22 = { 558bec6aff68269b470064a100000000 } | |
| $a_23 = { 558bec6aff68bf73470064a100000000 } | |
| $a_24 = { 558bec8b4d08518b493ce896efffff5d } | |
| $a_25 = { 558bec5156ff75088bf18975fce860ff } | |
| $a_26 = { 558bec6aff689e8d470064a100000000 } | |
| $a_27 = { 558bec81ec64090000a1fcc1490033c5 } | |
| $a_28 = { 558bec8b4d0c6a00518b491ce8da45ff } | |
| $a_29 = { 558bec6aff687ca6470064a100000000 } | |
| $a_30 = { 558bec83ec10ff750c8d4df0e8d5d8ff } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanClickerWin32Qaccel_e2eb22cab2e3e24e3e90eeca10383c448629eb9cc3ddd1d5de564f26d37aa5b6 { | |
| strings: | |
| $a_2 = { 558bec6aff68493b400064a100000000 } | |
| $a_3 = { 558bec56578bf133ff0f88100000000f } | |
| $a_4 = { 558bec0f88190000000f89130000005f } | |
| $a_5 = { 558bec81ec2c0100005356e820ffffff } | |
| $a_6 = { 558bec0f88150000000f890f0000005f } | |
| $a_7 = { 558bec81eca00100005383cbff0f8819 } | |
| $a_8 = { 558bec0f880d0000000f89070000005f } | |
| $a_9 = { 558bec568b7508578bfe83c9ff33c0f2 } | |
| $a_10 = { 558bec6aff687847400068763a400064 } | |
| $a_11 = { 558bec81eca00100005356570f881600 } | |
| $a_12 = { 558bec518339007431c745fc00000000 } | |
| $a_13 = { 558bec51535633f6578975fc0f880d00 } | |
| $a_14 = { 558bec515356578bf90f88130000000f } | |
| $a_15 = { 558bec83ec088b450853565785c00f84 } | |
| $a_16 = { 558bec64a1000000006aff68383c4000 } | |
| $a_17 = { 558bec83ec0c538b1df06240005657b9 } | |
| $a_18 = { 558bec568bf18b86e800000085c0743a } | |
| $a_19 = { 558bec81ec28010000535683cbff0f88 } | |
| $a_20 = { 558bec83ec18568d45e85750ff154c40 } | |
| $a_21 = { 558bec0f880a0000000f89040000005f } | |
| $a_22 = { 558bec81ecd4040000535657e8dffdff } | |
| $a_23 = { 558bec83ec0c535657c745fc48060000 } | |
| $a_24 = { 558bec81ec90010000560f8818000000 } | |
| $a_25 = { 558bec83ec64568bf10f88150000000f } | |
| $a_26 = { 558bec6aff68183c400064a100000000 } | |
| $a_27 = { 558bec81ec040100005356578bf1e8c3 } | |
| $a_28 = { 558becb800100000e843110000570f88 } | |
| $a_29 = { 558becb800100000e8231200005357b9 } | |
| $a_30 = { 558bec81ec0802000056570f88180000 } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanClickerWin32Runae_0917728a487329f12b2fc0ef1a504815d0b408b6b64b1b12a02a8f700ac08ec8 { | |
| strings: | |
| $a_2 = { 558b2ddca00010565733db33f633ff3b } | |
| $a_3 = { 558bec515153568b3578d20010578b56 } | |
| $a_4 = { 558becb82c120000e83afcffff8d8568 } | |
| $a_5 = { 558bec51833df0e300100053751d8b45 } | |
| $a_6 = { 558bec8b450885c075025dc3833df0e3 } | |
| $a_7 = { 558bec6aff6870a10010686041001064 } | |
| $a_8 = { 558bec6aff6888a50010686041001064 } | |
| $a_9 = { 558bec5153568b355cb2001057837e10 } | |
| $a_10 = { 558bec5756538b750c8b7d088d05e8e3 } | |
| $a_11 = { 558bec83ec185356576a19e84cb5ffff } | |
| $a_12 = { 558bec83ec0c53bb10dd001033c983eb } | |
| $a_13 = { 558bec83ec18dd0558a20010dd5df8dd } | |
| $a_14 = { 558bec5356be64e500105756ff15e8a0 } | |
| $a_15 = { 558bec81ec90010000908d8570feffff } | |
| $a_16 = { 558bec6aff68a8a50010686041001064 } | |
| $a_17 = { 558b2d44a000107e40a1d8f800108b3d } | |
| $a_18 = { 558bec83ec18568b7508833d0cd80010 } | |
| $a_19 = { 558bec83ec14a1d4f800108b15d8f800 } | |
| $a_20 = { 558bec51515333db391da8e800105657 } | |
| $a_21 = { 558bec6aff6888a10010686041001064 } | |
| $a_22 = { 558bec515153568b35c4e30010578b7d } | |
| $a_23 = { 558bec6aff6858a10010686041001064 } | |
| $a_24 = { 558bec535657556a006a006880400010 } | |
| $a_25 = { 558bec8b450856833c8580d20010008d } | |
| $a_26 = { 558bec6aff68f0a50010686041001064 } | |
| $a_27 = { 558bec56ff7514e87b2a0000ff7514ff } | |
| $a_28 = { 558bec83ec485356576880040000e8ca } | |
| $a_29 = { 558becb804100000e8e896ffff535633 } | |
| $a_30 = { 558bec8b4508ff348580d20010ff1584 } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanClickerWin32Safbot_410fc587297773d1c4d33764fc6c27e4a01dc52b6d89d1f34727028bb83b127d { | |
| strings: | |
| $a_2 = { 558bb43a3aceb19cd8709758aaec1a06 } | |
| $a_3 = { 558b04476ee681f3047ef2a2641deeef } | |
| $a_4 = { 558baee5b43a25c6f145900b54281eea } | |
| $a_5 = { 558ba6b5ae4391a4ab529665d3a8e7f5 } | |
| $a_6 = { 558b09a81b6cf7153080000592265e7f } | |
| $a_7 = { 558b3133f77e35856aafc6878c3b2f60 } | |
| $a_8 = { 558bb1acd295f2be35c75f802a9d9740 } | |
| $a_9 = { 558b1df10d70bee5aa04926aeeeefdcf } | |
| $a_10 = { 558b05961fbffdf1c2f0f3438bab2480 } | |
| $a_11 = { 558bae43aa87f77ada708615280e8389 } | |
| $a_12 = { 558bcb567c680713ed28713072df67d4 } | |
| $a_13 = { 558bd0862ccae53d8def74c461c5b935 } | |
| $a_14 = { 558b16528899ef8d950a3d5d8d00550b } | |
| $a_15 = { 558bc1dfb5ed03b15bee35b68ef75c6d } | |
| $a_16 = { 558bdf0f7e7d1c79bc337503e39b561f } | |
| $a_17 = { 558b1d97ba30dd1b144b8550c0daaaa8 } | |
| $a_18 = { 558b07de55554a0a806d1111a0297144 } | |
| $a_19 = { 558b16341d05d8301ee5e6a54f4bbe22 } | |
| $a_20 = { 558ba18cdc6c16596594442147b1098e } | |
| $a_21 = { 558b45d954c0505cf16a0beebbb2f73d } | |
| $a_22 = { 558bb1f784462d4562d8157120d0899b } | |
| $a_23 = { 558bb1bf7bffe0d666e8561945e6c43e } | |
| $a_24 = { 558b818ec6baa754ce68e60ba0fdf7ec } | |
| $a_25 = { 558b1c7c04f37733ded81a057a524d99 } | |
| $a_26 = { 558b0feff77c10fd78710cc2f74b92d7 } | |
| $a_27 = { 558bdc67aad86863a5749d2754ea81a1 } | |
| $a_28 = { 558b12045df04777a50b9d48c0301dd5 } | |
| $a_29 = { 558bb1f6d5554b9d68ab368d6eaa202f } | |
| $a_30 = { 558bc7f802db52a800793093996363d2 } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanClickerWin32Small_b702d0be7b4d4eacf79314595752c54db1b482a591cefadd24e17d9a8af72b8a { | |
| strings: | |
| $a_2 = { 5589e583ec14565731c08945ec8945f4 } | |
| $a_3 = { 5589e583ec20565731c08945e08945fc } | |
| $a_4 = { 5589e583ec0c565731c08945fc8d45f4 } | |
| $a_5 = { 5589e5568b75088b463009c0740650e8 } | |
| $a_6 = { 5589e583ec04565731c08945fc8b7508 } | |
| $a_7 = { 5589e583ec24565731c08945f4ff7508 } | |
| $a_8 = { 5589e5a19e10400009c0750fff15a334 } | |
| $a_9 = { 5589e556578b450c09c07509ff7508ff } | |
| $a_10 = { 5589e583ec1456578d45ec5068ca1040 } | |
| $a_11 = { 5589e556578b75080fb73e69ff6d0100 } | |
| $a_12 = { 5589e583ec208d45e0506a286affff15 } | |
| $a_13 = { 5589e583ec0856576800200000e867bf } | |
| $a_14 = { 5589e583ec1456576a0068800000006a } | |
| $a_15 = { 5589e583ec0856575331c08945f88d7d } | |
| $a_16 = { 5589e583ec188d45e88d55ec52506a00 } | |
| $a_17 = { 5589e581ecc8010000565731c0668cc0 } | |
| $a_18 = { 5589e583ec108d45f08d55f452506a00 } | |
| $a_19 = { 5589e556578b75088b7d0cff153f3540 } | |
| $a_20 = { 5589e583ec1c5657c745fcffffffffff } | |
| $a_21 = { 5589e5a19e10400009c07411ff75086a } | |
| $a_22 = { 5589e583ec0c6066c745f44200683f28 } | |
| $a_23 = { 5589e583ec04565731c08945fc8b7d08 } | |
| $a_24 = { 5589e55657538b7d08037f3c8b1781fa } | |
| $a_25 = { 5589e583ec1056576a00ff159f344000 } | |
| $a_26 = { 5589e583ec54565731c08d75ac6a4456 } | |
| $a_27 = { 5589e583ec2c56575331c08945d4ff75 } | |
| $a_28 = { 5589e583ec10565753bbffffffff8b35 } | |
| $a_29 = { 5589e583ec0856576800200000ff3592 } | |
| $a_30 = { 5589e583ec1056578b358e10400009f6 } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanClickerWin32Spackit_f8f40d63dd4d73df55b49913f0d5c31a7fcbd0cc86c62b76976174882f60f785 { | |
| strings: | |
| $a_2 = { 558bec5151538b1d78507700578b7d0c } | |
| $a_3 = { 558bec518b068d4dfc5168945c770056 } | |
| $a_4 = { 558bec83ec105356ff75088bf0e8b1fc } | |
| $a_5 = { 558bec81ec10040000565732c08dbdfc } | |
| $a_6 = { 558bec83ec28568b75086a01ff750c8d } | |
| $a_7 = { 558bec83ec2433c053568b3590517700 } | |
| $a_8 = { 558bec83ec288365fc00833d58bb7700 } | |
| $a_9 = { 558bec51518b08568d55f85233f65046 } | |
| $a_10 = { 558bec81ec08020000833d80a80e0402 } | |
| $a_11 = { 558bec51518b40048365f8008b088d55 } | |
| $a_12 = { 558bec83ec10568d45f050ff15b85077 } | |
| $a_13 = { 558bec83ec205657be308e00108d7de0 } | |
| $a_14 = { 558bec83ec746a6b586a656689458c58 } | |
| $a_15 = { 558bec81ec04010000837d0c01535657 } | |
| $a_16 = { 558bec8b450c83e8100f84b000000083 } | |
| $a_17 = { 558bec518365fc0068f4527700680453 } | |
| $a_18 = { 558bec51803800742c833d743d011000 } | |
| $a_19 = { 558bec515356576a046800300000be00 } | |
| $a_20 = { 558bec51803800742c833d743d780000 } | |
| $a_21 = { 558bec8b450cc1e8106685c07416683c } | |
| $a_22 = { 558bec83ec30a16c02fe7f535633f689 } | |
| $a_23 = { 558bec83e4f883ec645356576a085966 } | |
| $a_24 = { 558b2d80517700bbff0f0000535650c7 } | |
| $a_25 = { 558bec83ec148d45fc506a086affff15 } | |
| $a_26 = { 558bec518b068d4dfc5168945c001056 } | |
| $a_27 = { 558becb800100000e83b02000053ff75 } | |
| $a_28 = { 558b2d80510010bbff0f0000535650c7 } | |
| $a_29 = { 558becff7508e80bfdffff85c07418ff } | |
| $a_30 = { 558bec538b5d18568b7508576a0459bf } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanClickerWin32Vbadult_55d93234fc975427f1b1741bac4d7bc3ebcdf630e629714a2efd4fd21382d635 { | |
| strings: | |
| $a_2 = { 558bb8ff508d85a4feffff508d8594fe } | |
| $a_3 = { 558bec83ec14685616400064a1000000 } | |
| $a_4 = { 558bf5ff8d85c4feffff6a7850e8478b } | |
| $a_5 = { 558bec83ec18685616400064a1000000 } | |
| $a_6 = { 558bceff508d8564f9ffff508d8554f9 } | |
| $a_7 = { 558bec83ec0c685616400064a1000000 } | |
| $a_8 = { 558bec5151685616400064a100000000 } | |
| condition: | |
| 6 of them | |
| } | |
| rule TrojanClickerWin32Webin_1fada243e55b45ae194d62a88797ef66d3ad23ad8ec917407ba75d6b68b43ad9 { | |
| strings: | |
| $a_2 = { 558bec81ec40b37fffdd68098d85c0fe } | |
| $a_3 = { 558b0b25225788042800827c83970ebc } | |
| condition: | |
| 2 of them | |
| } | |
| rule TrojanClickerWin32Yabector_a5f8548351d3ec081e313d6eb103965f266d52a6f12ebf38519d7302e844b055 { | |
| strings: | |
| $a_2 = { 558bec53565783ec6468ed45400031f6 } | |
| $a_3 = { 558bec53565783ec6468e950400031f6 } | |
| $a_4 = { 558bec53565783ec6468b18a400031f6 } | |
| $a_5 = { 558bec53565783ec6468da90400031f6 } | |
| $a_6 = { 558bec53565783ec6468775b400031f6 } | |
| $a_7 = { 558bec53565783ec64684793400031f6 } | |
| $a_8 = { 558bec53565783ec64688289400031f6 } | |
| $a_9 = { 558bec53565783ec64686050400031f6 } | |
| $a_10 = { 558bec53565783ec64683438400031f6 } | |
| $a_11 = { 558bec53565783ec64680919400031f6 } | |
| $a_12 = { 558bec53565783ec64688812400031f6 } | |
| $a_13 = { 558bec53565783ec64686834400031f6 } | |
| $a_14 = { 558bec53565783ec6468dd16400031f6 } | |
| $a_15 = { 558bec53565783ec6468cf10400031f6 } | |
| $a_16 = { 558bec53565783ec64687d3a400031f6 } | |
| $a_17 = { 558bec53565783ec64687980400031f6 } | |
| $a_18 = { 558bec53565783ec6468b751400031f6 } | |
| $a_19 = { 558bec53565783ec64689c92400031f6 } | |
| $a_20 = { 558bec53565783ec6468447a400031f6 } | |
| $a_21 = { 558bec53565783ec64680d20400031f6 } | |
| $a_22 = { 558bec53565783ec64683561400031f6 } | |
| $a_23 = { 558bec53565783ec64682e7e400031f6 } | |
| $a_24 = { 558bec53565783ec6468574d400031f6 } | |
| $a_25 = { 558bec53565783ec64681811400031f6 } | |
| $a_26 = { 558bec53565783ec6468761a400031f6 } | |
| $a_27 = { 558bec53565783ec646873a5400031f6 } | |
| $a_28 = { 558bec53565783ec64686847400031f6 } | |
| $a_29 = { 558bec53565783ec6468f25f400031f6 } | |
| $a_30 = { 558bec53565783ec64684554400031f6 } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanClickerWin32Zeriest_bf80c6920a73185d2027f022b90e26b1c66667e5865271fbc6607fa0a7720272 { | |
| strings: | |
| $a_2 = { 558bec83ec348b45088b480833d24253 } | |
| $a_3 = { 558bec83ec1868461a400064a1000000 } | |
| $a_4 = { 558bec83c4fc535756e8000000005b81 } | |
| $a_5 = { 558bec83c4fc5357568b5d088bf38b4b } | |
| $a_6 = { 558bec83ec0868461a400064a1000000 } | |
| $a_7 = { 558bec83ec0c68461a400064a1000000 } | |
| $a_8 = { 558bec535756e8000000005b81eb851c } | |
| $a_9 = { 558bec83ec10568b75080fb646045799 } | |
| $a_10 = { 558bec83ec0864a10000000068461a40 } | |
| $a_11 = { 558bec83c4e8535756e8000000005b81 } | |
| $a_12 = { 558bec5357568b750c8b5d0833c03946 } | |
| $a_13 = { 558bec5357568b7508668b4d108b550c } | |
| $a_14 = { 558bec83ec1068461a400064a1000000 } | |
| $a_15 = { 558bec83ec1468461a400064a1000000 } | |
| $a_16 = { 558bec535756e8000000005b81eba71c } | |
| condition: | |
| 13 of them | |
| } | |
| rule TrojanClickerWin32Zirit_acf50e37542ba10160b23342cdaabfcb50d9e3b6be87eedf75c59f8f823823c3 { | |
| strings: | |
| $a_2 = { 558bec83c4fc230ecc5e5b81ebe7138b } | |
| $a_3 = { 558b2d34c533e1b4565757532cb21188 } | |
| condition: | |
| 2 of them | |
| } | |
| rule TrojanDOSAlureon_4cec5b36c9e493bc71cdc0a0a4eb2c9707f1af683a96fe87891a0cb5defb4ba9 { | |
| strings: | |
| $a_2 = { 558bec575133cb5956518bcc5953518b } | |
| $a_3 = { 558bec6a416acc6a1ce8791b00005356 } | |
| $a_4 = { 558bec5657bf010000006a8e6a956a1c } | |
| $a_5 = { 558bec53512bca5956578b5d088bcb50 } | |
| $a_6 = { 558bec83c4f4526a18e8980c00005356 } | |
| condition: | |
| 5 of them | |
| } | |
| rule TrojanDOSKillCMOS_a79a4dced2996274bfcc2ff0a6fe3afd1172da5119ca5d06be4f6bf30c99f148 { | |
| strings: | |
| $a_2 = { 558b856be0b626aad49a19fe729e6c5f } | |
| condition: | |
| 2 of them | |
| } | |
| rule TrojanDOSKillmbr_a488528d487df58b6cd928ab3b7fc20e006560f3cc24080e8db8d065ac91f157 { | |
| strings: | |
| $a_2 = { 558bec83ec44568d45ec5733ff508b41 } | |
| $a_3 = { 558bec51538bd956578d7310568975fc } | |
| $a_4 = { 558bec6aff68d096011064a100000000 } | |
| $a_5 = { 558bd153c1e902f3a58bca83e103f3a4 } | |
| $a_6 = { 558b6c2410568bf1578b46108b4e448b } | |
| $a_7 = { 558bec6aff685b9a011064a100000000 } | |
| $a_8 = { 558bec81ec0405000053568b750c576a } | |
| $a_9 = { 558b2d301100105657c7442410000000 } | |
| $a_10 = { 558b6c2410565785c9750c8bfd83c9ff } | |
| $a_11 = { 558bec81ec080100008b4d0856578d85 } | |
| $a_12 = { 558bcee885f1ffff85ed740955e8d135 } | |
| $a_13 = { 558bec83ec2c5356578bf1e830ffffff } | |
| $a_14 = { 558bec6aff686897011064a100000000 } | |
| $a_15 = { 558b6c240c56578b3da812001033db8b } | |
| $a_16 = { 558be956578b550433ff85d2897c2410 } | |
| $a_17 = { 558bec6aff68b896011064a100000000 } | |
| $a_18 = { 558bac241002000056578a4500c64424 } | |
| $a_19 = { 558bd9e814ffffff8b4c24143bc8730a } | |
| $a_20 = { 558bec56578b7d0885ff74728b350012 } | |
| $a_21 = { 558bec6aff68209a011064a100000000 } | |
| $a_22 = { 558bec51909090909090909090909090 } | |
| $a_23 = { 558bec81ec04050000535657b9410000 } | |
| $a_24 = { 558bec81ec10020000b8000100008945 } | |
| $a_25 = { 558be95657896c24148d5d548bcbe879 } | |
| $a_26 = { 558b6c2410578b44ae0485c0740950e8 } | |
| $a_27 = { 558bec81ec7c04000053568bf1576a00 } | |
| $a_28 = { 558be96a2de8b55f00008bd883c40485 } | |
| $a_29 = { 558bec6aff684035001068b890011064 } | |
| $a_30 = { 558bcb89542420e8f2f1ffff8d442418 } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanDOSScache_0345543299b01d2c601c6ac29c1c71c6476a54ba048e08e44b703e0951345e68 { | |
| strings: | |
| $a_2 = { 5589e581ec0403c68600f17bff00fbff } | |
| $a_3 = { 558bec52260ffc8b55044a4afa6026c4 } | |
| condition: | |
| 2 of them | |
| } | |
| rule TrojanDownloaderBATFtper_00adef0b82d89b3fca957eeaa8b52bf2504f9eb12a5eeff9f901fc70f930a66d { | |
| strings: | |
| $a_2 = { 558bec539431d026750683f800008e05 } | |
| $a_3 = { 558bec83c4fc8d38b07c5b81eb06158b } | |
| $a_4 = { 558b6e18f2553b0e2eacb412c214133d } | |
| $a_5 = { 558be8c2d40569d3e50bc55d95ac3bfc } | |
| condition: | |
| 4 of them | |
| } | |
| rule TrojanDownloaderBATLinkeldor_c4dc58507c7a64640d13572edd6ab0774d4e342dfe357297987e8fd43b2a8a7e { | |
| strings: | |
| $a_2 = { 558becb800100000e8dddf000056be00 } | |
| $a_3 = { 558bec807d0800752756be50d7450083 } | |
| $a_4 = { 558bec83ec38a1a8d0420033c58945fc } | |
| $a_5 = { 558b6c24148d5e1083f910751c33c080 } | |
| $a_6 = { 558bec8b4d0c568b7508890ee8882900 } | |
| $a_7 = { 558bec56e86c2900008b75083b702475 } | |
| $a_8 = { 558bec51a1a8d0420033c58945fc568b } | |
| $a_9 = { 558bec56e87a0a00008b55088bf06a00 } | |
| $a_10 = { 558bec51515668045042008bf1e83683 } | |
| $a_11 = { 558bec81ec240300006a17e803130100 } | |
| $a_12 = { 558bec51f70540564200001000007422 } | |
| $a_13 = { 558becf6450801568bf1c706e4554200 } | |
| $a_14 = { 558bec5356576a0052683265410051e8 } | |
| $a_15 = { 558bec83ec0c8d4df4e87bffffff684c } | |
| $a_16 = { 558bec5657ff7508e875fa00008b7510 } | |
| $a_17 = { 558bf7e87a4e0100595985c0753c83c7 } | |
| $a_18 = { 558bec83ec10ff75088d4df0e801aeff } | |
| $a_19 = { 558bec81ec20070000a1a8d0420033c5 } | |
| $a_20 = { 558bec568b750c8b063b0504d4450074 } | |
| $a_21 = { 558bec8b45088b003b05b4d345007407 } | |
| $a_22 = { 558bec83ec1c8d4de453ff7510e85ded } | |
| $a_23 = { 558b4508813863736de07537833dcc56 } | |
| $a_24 = { 558becb800100000e8baed000053ff75 } | |
| $a_25 = { 558becb800140000e8810c0000ff750c } | |
| $a_26 = { 558bec837d0c307459817d0c10010000 } | |
| $a_27 = { 558bec8b450c83ec205685c07516e8d9 } | |
| $a_28 = { 558bec83ec30a1a8d0420033c58945fc } | |
| $a_29 = { 558bec83ec0c8d4df4e891ffffff68a0 } | |
| $a_30 = { 558bec81ec84040000a1a8d0420033c5 } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanDownloaderJSBanload_fd1e825b1f7ca5b1ea4905e644428f64c4ce5156d281df76d84cafe9454a55d3 { | |
| strings: | |
| $a_2 = { 558bec6a00538bd833c05568b4a64400 } | |
| $a_3 = { 558bec51535684d2740883c4f0e84290 } | |
| $a_4 = { 558be8a100735200e85c9000008bf04e } | |
| $a_5 = { 558bec6a005356578bf833c055682eb6 } | |
| $a_6 = { 558bec83c4f4a148085200e8e491fdff } | |
| $a_7 = { 558bec538b55088b52fce87150f1ff85 } | |
| $a_8 = { 558bec535657833dfc72520000743c33 } | |
| $a_9 = { 558bec33c0556808584f0064ff306489 } | |
| $a_10 = { 558b5304428b0340e850feffff59e876 } | |
| $a_11 = { 558bec33c95151515133c05568bbb951 } | |
| $a_12 = { 558bec51538945fc8b45fce868deffff } | |
| $a_13 = { 558bec33c05568812e430064ff306489 } | |
| $a_14 = { 558bec33c05568fa334a0064ff306489 } | |
| $a_15 = { 558bec83c4f0df6d08d81d600b42009b } | |
| $a_16 = { 558bec5356be746f5200a1786f520083 } | |
| $a_17 = { 558bec33c0556826ea450064ff306489 } | |
| $a_18 = { 558bd78b86e4010000e822a1fbffe885 } | |
| $a_19 = { 558bec83c4d85356576a0ee88426f0ff } | |
| $a_20 = { 558bec6a006a006a005333c05568b1ed } | |
| $a_21 = { 558bc7b9010000008b1588874100e8d0 } | |
| $a_22 = { 558bec6a00538bd833c0556887c24900 } | |
| $a_23 = { 558bec51535684d2740883c4f0e8a274 } | |
| $a_24 = { 558bec83c4f4a1cc715200e81822fcff } | |
| $a_25 = { 558bec6a00538bda33c05568e5944200 } | |
| $a_26 = { 558b45f88b40048bd6e84ca0f8ffe817 } | |
| $a_27 = { 558bec6a005356578bf033c055687ee6 } | |
| $a_28 = { 558bec53565784d2740883c4f0e85e52 } | |
| $a_29 = { 558b45fce8c74effff8bf833c055684f } | |
| $a_30 = { 558b45e4e8ab75feff83caffe86ff5ff } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanDownloaderMSILBalamid_49b47e6229eac67e223cb7eb00c50b983b0264b84f0f05471b2c255c6fe17361 { | |
| strings: | |
| $a_2 = { 558bec6a0a6a00ff7508e89515000083 } | |
| $a_3 = { 558bec81ec28030000a1b428420033c5 } | |
| $a_4 = { 558bec535657556a006a0068548b4100 } | |
| $a_5 = { 558bec568b750856e8923000005983f8 } | |
| $a_6 = { 558bec83ec10ff75088d4df0e84c8aff } | |
| $a_7 = { 558bec68b8f04100ff1564b0410085c0 } | |
| $a_8 = { 558bec83ec105333db538d4df0e83eb8 } | |
| $a_9 = { 558bec8bc18b4d08c70098f641008b09 } | |
| $a_10 = { 558bec8b4508565785c07c593b059042 } | |
| $a_11 = { 558bec81ec78020000a1b428420033c5 } | |
| $a_12 = { 558bec51535657ff35d0534200e8f919 } | |
| $a_13 = { 558bec565733f6ff7508e87592ffff8b } | |
| $a_14 = { 558bec56ff75088bf1e86e310000c706 } | |
| $a_15 = { 558bec568bf1c7065cf04100e8ef3100 } | |
| $a_16 = { 558bec5de9ac0800008bff51c70154f0 } | |
| $a_17 = { 558becb8e41a0000e8cdcfffffa1b428 } | |
| $a_18 = { 558bec8b450883f8fe7518e82978ffff } | |
| $a_19 = { 558bec57bfe803000057ff1598b04100 } | |
| $a_20 = { 558bec83ec20a1b428420033c58945fc } | |
| $a_21 = { 558bec8b4508b9302442003bc1721f3d } | |
| $a_22 = { 558bec8b450833c93b04cdc020420074 } | |
| $a_23 = { 558b6c240c8bd985ed7507892b5d5bc2 } | |
| $a_24 = { 558bec56ff35b42742008b35ccb04100 } | |
| $a_25 = { 558bec833dd853420000741968d85342 } | |
| $a_26 = { 558bec568b7508b8302442003bf07222 } | |
| $a_27 = { 558bec568b750885f67c09e889540000 } | |
| $a_28 = { 558bec83ec2ca1b428420033c58945fc } | |
| $a_29 = { 558bec538b5d08568bf1c70698f64100 } | |
| $a_30 = { 558bc6e8e8ebffff4d83c40483fd017d } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanDownloaderMSILFleadew_3e354dc8cde15c2204deb2137590bcd0c0f334fba8b5c40e5654d4b6281f4644 { | |
| strings: | |
| $a_2 = { 558bca4c03de88c0a45c9bd2e58c84ce } | |
| $a_3 = { 558bfaa25cf4ad848e4da4e3d2612d12 } | |
| condition: | |
| 2 of them | |
| } | |
| rule TrojanDownloaderMSILGuplof_ed50483147c8df54e31afe9001696f0dff03f0bf907302a5719d1f24e8701507 { | |
| strings: | |
| $a_2 = { 558bc46f59acce34a022eb8e9131267b } | |
| $a_3 = { 558b0497802f579facdb193b3592d987 } | |
| condition: | |
| 2 of them | |
| } | |
| rule TrojanDownloaderMSILPrardrukat_502659ddd8864973ce82f410f926e84a4108be216a187f0bf96e533d2daa39d4 { | |
| strings: | |
| $a_2 = { 558bfff9a402e05fa2081a7630fc287f } | |
| $a_3 = { 558b57139dec67915ae6bf8948003bb6 } | |
| $a_4 = { 558b86ee426da42588c4c22e40eff020 } | |
| $a_5 = { 558bd536614c0ec6608070583251ff60 } | |
| $a_6 = { 558b00981b79f70eedbf18c02dd1c25f } | |
| $a_7 = { 558ba4a69daf34948959c05e1e1f57d6 } | |
| $a_8 = { 558b8c5675cfa6d04bd19712aca26b85 } | |
| $a_9 = { 558b8da646a75a4521d548e234516b59 } | |
| $a_10 = { 558ba0c5d0920caadb4ba1655446b9bd } | |
| $a_11 = { 558b7f81e84d7e45295b3e17d7a29267 } | |
| $a_12 = { 558bba33c153be904154b2891a70ed6c } | |
| condition: | |
| 10 of them | |
| } | |
| rule TrojanDownloaderMSILPstinb_ddf64420b0b44abdf22127db7ba58bb5e789c5fe01ce74b2c99d1fc197e3d7f6 { | |
| strings: | |
| $a_2 = { 558b6694eb3595c2dc279864538daa3e } | |
| $a_3 = { 558b2c38c64e4feb5721dc211be4f349 } | |
| $a_4 = { 558b7b85e808cd78b8bced34e1451f5f } | |
| $a_5 = { 558b32c47e848a7618718a9da178db0e } | |
| $a_6 = { 558b677497a1e2b6f54f0f4f24f07908 } | |
| $a_7 = { 558b4ee36903a0aab292cdcf4a7bb76e } | |
| $a_8 = { 558b58597019727bd5dd36749861c0c8 } | |
| $a_9 = { 558bb45551705bda9f14859b19cd2e56 } | |
| $a_10 = { 558b6b968db0e73db356992d33b192db } | |
| $a_11 = { 558b51fad05b9e0f14d1ea78a1c81cf6 } | |
| $a_12 = { 558bc9c96523231f9d6d039ea290189e } | |
| $a_13 = { 558b2a39c8242938f4e9d3a56bdbca27 } | |
| $a_14 = { 558b4d9db1fdd5cd52acfa1a2a1192d4 } | |
| condition: | |
| 11 of them | |
| } | |
| rule TrojanDownloaderMSILSmall_87df6f78d57e6b2ecaf80c126242ca8eb4808ca85a35016ce84a0578c0bca573 { | |
| strings: | |
| $a_2 = { 558b3ff36ff875b6d27f6bf4fdbfe717 } | |
| $a_3 = { 558b3ffde5affddffc918ffebc7f25ff } | |
| condition: | |
| 2 of them | |
| } | |
| rule TrojanDownloaderMSILTaily_f1768ddf05112bf8d2aabd479167534f6ef0028704c4bb2f956c2b3e364061d9 { | |
| strings: | |
| $a_2 = { 558bec33c95100531af2c919c5a374c2 } | |
| $a_3 = { 558bec5178f6829201c4e388a07fa467 } | |
| $a_4 = { 558be7fedf9928233203ce518b7a048b } | |
| $a_5 = { 558bed22f01c0bc589db86c76637fc76 } | |
| $a_6 = { 558bec83c486e945c5f853cd13ba386d } | |
| $a_7 = { 558b3fab1f9e01f82dab0f8efa1f88b4 } | |
| $a_8 = { 558b40f4500648fcd7c01bf80540f8d0 } | |
| $a_9 = { 558bcbd1f9790383d1008bc7f67477b0 } | |
| $a_10 = { 558b7dd95c48b12ddf1461b6b9cb46aa } | |
| $a_11 = { 558b68f9e4ce1121aae2b78718ebaba1 } | |
| $a_12 = { 558b6652c1d8324318e860ffffffffdc } | |
| $a_13 = { 558b40e01e80a6dc2831f6ff634fff05 } | |
| $a_14 = { 558bda8be88b7b08411b701585ad450f } | |
| $a_15 = { 558b0cd573c018c0b2ffffffff6822e9 } | |
| $a_16 = { 558b0f4e9664706e42d64e80a7364758 } | |
| $a_17 = { 558bf60f95c0561000ffb922051508ff } | |
| $a_18 = { 558bec538b55088b52ec205255ce88a9 } | |
| $a_19 = { 558bd618d0ff078b956c598b55fc8942 } | |
| $a_20 = { 558b049f9bd05a9c5984c0bb3fd8ae71 } | |
| $a_21 = { 558bec6a00f0e283443bbbe8b69c33db } | |
| $a_22 = { 558b3a9615e71d5c5effffffff35ad2a } | |
| $a_23 = { 558b8a9c24c2ab3259fcffffffff811e } | |
| $a_24 = { 558b1595e09afd06e82c89b38b40088b } | |
| $a_25 = { 558bec8f8bf8c645ff01b140fc003503 } | |
| $a_26 = { 558b58303a52510fde61f5330075e192 } | |
| $a_27 = { 5589e5505351568b75088b4d0cc1e902 } | |
| $a_28 = { 558b5bd9190f7397fdf0535753566a38 } | |
| $a_29 = { 558bec53df44802bbdcf048b008b5d00 } | |
| $a_30 = { 558bec8b45108d04828b4d0c6c88aaff } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanDownloaderO97MDamatak_846fe7d28d9134a06a3de32d7a102e481824cca8155549c889fb6809aedcbc2c { | |
| strings: | |
| $a_2 = { 558bacb715d6d6b74d3c94b911e23c82 } | |
| $a_3 = { 558b79a2208080825010101010101015 } | |
| $a_4 = { 558b7082501010101010101011054140 } | |
| condition: | |
| 3 of them | |
| } | |
| rule TrojanDownloaderO97MMacrobe_8ba791b9611d5d6dfd40e08e43ad851675faea24c2f5bc4f541e475871999ad3 { | |
| strings: | |
| $a_2 = { 558b673ef4f03db9570d1d1a29d59f5a } | |
| condition: | |
| 2 of them | |
| } | |
| rule TrojanDownloaderO97MMoljec_0fac83312aaca0ae14fffd0bd125f48d2b72a51638e0b5e5ee24a98ede7312c9 { | |
| strings: | |
| $a_2 = { 558b7af09e21f664f899bec70e782bbd } | |
| condition: | |
| 2 of them | |
| } | |
| rule TrojanDownloaderO97MShelmock_e56b6e19e17616f4a55168c1aabd1e69a0126bb56641760bb2e2fb12f3bc0970 { | |
| strings: | |
| $a_2 = { 558bc1051a018368f3e8af00697b7844 } | |
| condition: | |
| 2 of them | |
| } | |
| rule TrojanDownloaderPowerShellHipoele_cc226f804f664741d6a5c0ea2cee36d87803e1cfc38ee49913c8e37022965817 { | |
| strings: | |
| $a_2 = { 5589e557565383ec3c8b1d9c53400085 } | |
| $a_3 = { 5589e55de927eeffff90909090909090 } | |
| $a_4 = { 5589e583e4f083ec10e882010000c704 } | |
| $a_5 = { 5589e583ec18c7042420154000e80e01 } | |
| $a_6 = { 5589e583ec28c70520534000090400c0 } | |
| condition: | |
| 5 of them | |
| } | |
| rule TrojanDownloaderPowerShellHipolel_2204e1d13d57d706bb0dc13399ad28bb1fd69a6f9cf73ed2318b44c418757734 { | |
| strings: | |
| $a_2 = { 5589e583e4f083ec10e822050000c704 } | |
| $a_3 = { 5589e583ec18a10040400085c07409c7 } | |
| $a_4 = { 5589e55383ec14a1cc50400085c0741c } | |
| $a_5 = { 5589e557565389c383ec6c8955d080e6 } | |
| $a_6 = { 5589e55de9e7d7ffff90909090909090 } | |
| $a_7 = { 5589e5565383ec10c7042400504000e8 } | |
| $a_8 = { 5589e557565383ec4cf6050440400002 } | |
| condition: | |
| 6 of them | |
| } | |
| rule TrojanDownloaderSWFEsaprof_8d9b87cbba4761186f756c334f79c58a56c3d8555bf4d36ca7eb199b5f711f81 { | |
| strings: | |
| $a_2 = { 558bbbf8bb8aa1568b70048a4e2d61e8 } | |
| $a_3 = { 558b86e8ee77ff770b8bd12bd083fa04 } | |
| $a_4 = { 558b40186a8a1837bc7bc303c6641850 } | |
| $a_5 = { 558bf357cd056f148b4a088b7008fb6f } | |
| $a_6 = { 558b6804807d2d6a040f8574fc77a692 } | |
| $a_7 = { 558bec5153d7837e137884ff34008bd8 } | |
| $a_8 = { 558bfd2bf88e4c5557538946bb8e22fa } | |
| $a_9 = { 558be98b8c24d0f8cdbb7709898424b4 } | |
| $a_10 = { 558be98a481584c956744c6a1b81cc20 } | |
| $a_11 = { 558bd5a7c5e66fee4d6a8bc4bd730520 } | |
| $a_12 = { 558baccd7e0f30317293b4e0c6560812 } | |
| $a_13 = { 558b45b818fce8f42f006e32005fe60d } | |
| $a_14 = { 558bd98bfae910d03158d019571c0a0e } | |
| $a_15 = { 558b0449e9c58c3322065d6100fbc4b5 } | |
| $a_16 = { 558bd9b866e5feff7f348b4e043b4f04 } | |
| $a_17 = { 558bec83e4f083ec488b45088d0cc548 } | |
| $a_18 = { 558b69041d208b5f0433c03b16f7ff8e } | |
| $a_19 = { 558ba3f43a70fd538bcfe87ae6b50487 } | |
| $a_20 = { 558b6c24a3ff7f53648b464032c93be8 } | |
| $a_21 = { 558bd18beb810c8d4d018a45002ea0ff } | |
| $a_22 = { 558bd9fffffeffbf8b70048a4e2d84c9 } | |
| $a_23 = { 558bac9b4adb6aff538977c1a12e77be } | |
| $a_24 = { 558b9f820d459e33ff1e740ae180c7ff } | |
| $a_25 = { 558bcfe878a7640675490b85a7ffff66 } | |
| $a_26 = { 558be9568bc881eaffff83e1f85733ff } | |
| $a_27 = { 558b2e3b2c33750b4a83ee04187ff0eb } | |
| $a_28 = { 558b0a1857b711c0ba274100102b50db } | |
| $a_29 = { 558b2ef34c14358c6c6138f88626addc } | |
| $a_30 = { 558bd9568b3333742e578bc09f44dd3d } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanDownloaderVBSBanload_c3ea990ea42a0cc36459fa78b5c92a0531eb3cb0141de4a37a1a8c1ebca21335 { | |
| strings: | |
| $a_2 = { 558bec568b750856e899ffffff56e88d } | |
| $a_3 = { 558bec53568b7510578bf9e820520000 } | |
| $a_4 = { 558bec568b750856e8cfffffff56e8fa } | |
| $a_5 = { 558bec8b450c8b550850526a0651e8b9 } | |
| $a_6 = { 558bec8b4508568bf15056e87073ffff } | |
| $a_7 = { 558bec8b4508568bf18b48048b09e84c } | |
| $a_8 = { 558bec8b45086a0150e83438ffff5dc2 } | |
| $a_9 = { 558bec51e8fe3cfcff84c074215de969 } | |
| $a_10 = { 558bec568b750856e8097dffff8d4608 } | |
| $a_11 = { 558bec8b45086a0450e86a38ffff5dc2 } | |
| $a_12 = { 558bec8b45088b48048b09e8c31efcff } | |
| $a_13 = { 558bec8b450c8b550850526a0451e801 } | |
| $a_14 = { 558bec8b450853568bf15056e8ad2fff } | |
| $a_15 = { 558bec568bf1e8e60dfafff645080174 } | |
| $a_16 = { 558bec568b750856e87a39ffff84c074 } | |
| $a_17 = { 558bec8b410883ec0883f8010f85db9a } | |
| $a_18 = { 558bec51568b750c56e81311ffff8945 } | |
| $a_19 = { 558bec568b75088d4e08e8c314fcff8d } | |
| $a_20 = { 558bec8b45088b48048b1152e8b686ff } | |
| $a_21 = { 558bec568b750856e8ddffffff56e8b2 } | |
| $a_22 = { 558bec568b750856e81f8affff56e895 } | |
| $a_23 = { 558bec6afe68f8d1480068d06c410064 } | |
| $a_24 = { 558bec518b410453565785c00f843971 } | |
| $a_25 = { 558bec538b5d1056576a24e8bffdfbff } | |
| $a_26 = { 558bec8b45088b48048b1152e8d2a7fe } | |
| $a_27 = { 558bec568b75088d4e04e8c4f9fbff8b } | |
| $a_28 = { 558bec56e8893b0000e87e3b000050e8 } | |
| $a_29 = { 558bec568b750856e8c5ffffff56e86b } | |
| $a_30 = { 558becb858200000e8fc3afcff803de2 } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanDownloaderVBSGendwnurl_bbf3674ebe1948bfccb4de3b604b0bd052c1340e754ee7b81df697e16cdefd7a { | |
| strings: | |
| $a_2 = { 558bec8b4508a3d4d345005dc38bff55 } | |
| $a_3 = { 558bec8b4d0c568b7508890ee8882900 } | |
| $a_4 = { 558bec807d0800752756be50d7450083 } | |
| $a_5 = { 558bec83ec38a1a8d0420033c58945fc } | |
| $a_6 = { 558becb800100000e8dded000053ff75 } | |
| $a_7 = { 558becb800100000e830f9000053568b } | |
| $a_8 = { 558bec56e86c2900008b75083b702475 } | |
| $a_9 = { 558bec51a100d8420083f8fe750ae80e } | |
| $a_10 = { 558bec56e87a0a00008b55088bf06a00 } | |
| $a_11 = { 558bec83ec1c8d4d0c5357e83af1ffff } | |
| $a_12 = { 558becb800100000e8fae10000578b7d } | |
| $a_13 = { 558bec51f70540564200001000007422 } | |
| $a_14 = { 558bec8b4d0883f9fe7515e863cdffff } | |
| $a_15 = { 558becf6450801568bf1c706e4554200 } | |
| $a_16 = { 558bec8b450883f80b7719ff24852773 } | |
| $a_17 = { 558bec83ec10ff750c8d4df0e897c6ff } | |
| $a_18 = { 558bec8b450883c02050ff1554414200 } | |
| $a_19 = { 558bec83ec10ff750c8d4df0e855b1ff } | |
| $a_20 = { 558bec6afe6830ba420068504f410064 } | |
| $a_21 = { 558bec81ec20070000a1a8d0420033c5 } | |
| $a_22 = { 558becff7508e85d0c0100598b4d102b } | |
| $a_23 = { 558becb800140000e8270c0000807d14 } | |
| $a_24 = { 558b4508813863736de07537833dcc56 } | |
| $a_25 = { 558bec83ec28ff7508e8b7ffffff8b55 } | |
| $a_26 = { 558becb820100000e88c390000680008 } | |
| $a_27 = { 558bec83ec0c8d4df4e86affffff684c } | |
| $a_28 = { 558bec51568b750856e8baf1ffff5985 } | |
| $a_29 = { 558bec64a1000000006aff68a13b4200 } | |
| $a_30 = { 558bec56fc8b750c8b4e0833cee8dbf4 } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanDownloaderVBSSchopets_b8675899dc5bfcd92e11b00a9ead81df44626b81d450ada0ed2ed6cb6cd8e86f { | |
| strings: | |
| $a_2 = { 558b870581d03107fc5dbf7a5c5a93f7 } | |
| condition: | |
| 2 of them | |
| } | |
| rule TrojanDownloaderW97MUrsnif_92865b454dab765edcdcf01e9281751a1dc274c80b11ffba1f0e73233d3dd05f { | |
| strings: | |
| $a_2 = { 558b9e100008840800ff030300676b66 } | |
| $a_3 = { 558bb710000a840800ff030300664849 } | |
| condition: | |
| 2 of them | |
| } | |
| rule TrojanDownloaderWin32Almanahe_bdfe81a2e76b527f107b954e328db69dadd6015d71a0331c9ecba8d00f56328e { | |
| strings: | |
| $a_2 = { 558bec81ec780200006800100010ff15 } | |
| $a_3 = { 558bec837d0c0075088b4508a3403100 } | |
| $a_4 = { 558bec81ec400100006890300010ff15 } | |
| $a_5 = { 558bec6aff6880200010688017001064 } | |
| $a_6 = { 558bec516a006a008b450c508b4d0851 } | |
| $a_7 = { 558bec81ec14040000c785f0fbffff00 } | |
| condition: | |
| 6 of them | |
| } | |
| rule TrojanDownloaderWin32Aningik_ba979350c191a4f979328ab2834475bcd458e42e2e77378bfd618acc2e19d33d { | |
| strings: | |
| $a_2 = { 558bec81ece80100005657c68566ffff } | |
| $a_3 = { 558bec83ec18c745f002000000c705b8 } | |
| $a_4 = { 558bec81eca8010000568b45088945fc } | |
| $a_5 = { 558bec81ec88000000535657c745fc40 } | |
| $a_6 = { 558bec81ec800400005357a104304000 } | |
| $a_7 = { 558bec81ecd8050000568b45088945fc } | |
| $a_8 = { 558bec81ec900100005657c745f80000 } | |
| $a_9 = { 558bec81ec40010000568b450c8945fc } | |
| $a_10 = { 558b31b742d9bcf8650d0d0d0d0d0d0d } | |
| $a_11 = { 558becb8690000008b0d2cb640006689 } | |
| $a_12 = { 558bec81ece80000005356c68554ffff } | |
| $a_13 = { 558becb868420000e853fdffff535657 } | |
| $a_14 = { 558b560f51531703f8500d0d0d0d0d0d } | |
| condition: | |
| 11 of them | |
| } | |
| rule TrojanDownloaderWin32Apcrewnod_81214327578022b555ff9c8ebdd892a4391e99235ac25dbf288f66ebacd23c87 { | |
| strings: | |
| $a_2 = { 558bec8b4d0ca19cd441008b55082355 } | |
| $a_3 = { 558bec51568bf057b801000000c745fc } | |
| $a_4 = { 558bec8b45088b0dc07241008b15c472 } | |
| $a_5 = { 558bec803da1e44100007512685b6340 } | |
| $a_6 = { 558bec53568b357c704100578b7d0857 } | |
| $a_7 = { 558bec568bf1c7068c734100e825ffff } | |
| $a_8 = { 558bec568bf156c706c0a14100e82b37 } | |
| $a_9 = { 558bec56578b7d088bf1e8810e00008b } | |
| $a_10 = { 558bec8b450856508bf1e8b34c0000c7 } | |
| $a_11 = { 558bec837d08007515e87dd4ffffc700 } | |
| $a_12 = { 558bec568b75085756e8186500005983 } | |
| $a_13 = { 558bec535657e8c739000083b80c0200 } | |
| $a_14 = { 558bec51568bf16a008d4dfce8004100 } | |
| $a_15 = { 558b46508b1d8070410085c0741050ff } | |
| $a_16 = { 558bec6aff68a869410064a100000000 } | |
| $a_17 = { 558bec516a008d4dfce846030000687c } | |
| $a_18 = { 558bec51578bf8c745fc00000000e80d } | |
| $a_19 = { 558bec535657e8edd5ffff8db89c0000 } | |
| $a_20 = { 558bec53568bf133db3bf37516e8b03f } | |
| $a_21 = { 558bec83ec10eb0dff7508e878430000 } | |
| $a_22 = { 558bec83ec105333db538d4df0e843a9 } | |
| $a_23 = { 558becf6450801568bf1c70614724100 } | |
| $a_24 = { 558bec6aff68f466410064a100000000 } | |
| $a_25 = { 558bec6aff689b67410064a100000000 } | |
| $a_26 = { 558bec837d08007515e8a93e0000c700 } | |
| $a_27 = { 558bec81ec28030000a388e64100890d } | |
| $a_28 = { 558bec5153568b358870410057ff354c } | |
| $a_29 = { 558bec5de9c4f3ffff8bff558bec568b } | |
| $a_30 = { 558bec6aff684b68410064a100000000 } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanDownloaderWin32Asnep_5eb37e93c42407406951e538f1e954140875dbef33bc7d7cebd27c81cc07cae2 { | |
| strings: | |
| $a_2 = { 558bec8b450885c075025dc3833d7c0a } | |
| $a_3 = { 558b0da42b56000fb6c3f64441018074 } | |
| $a_4 = { 558bec518d45fc687013d40050c745fc } | |
| $a_5 = { 558bec6aff68606a460064a100000000 } | |
| $a_6 = { 558bec6aff6858f9580064a100000000 } | |
| $a_7 = { 558bec81ec24000000833d55f6001000 } | |
| $a_8 = { 558bec6aff68a8d9580064a100000000 } | |
| $a_9 = { 558becdd450cd9fedd5d0c8b450c8b55 } | |
| $a_10 = { 558b6c240c56576aff8b45008bb59c01 } | |
| $a_11 = { 558bec515153568b7508578bcee8ae24 } | |
| $a_12 = { 558bec6aff688875460064a100000000 } | |
| $a_13 = { 558bec81ec280000008b5d088b0385c0 } | |
| $a_14 = { 558b6c247456578b45008b5d088b7504 } | |
| $a_15 = { 558bece8f21900008b400485c07415ff } | |
| $a_16 = { 558bcee821d7ffff3b4424407f0b478b } | |
| $a_17 = { 558bec6a0068000000006aff6a0668bd } | |
| $a_18 = { 558bec8b450850b9b0185700e82f7dff } | |
| $a_19 = { 558bec51515657e82085000033ff3978 } | |
| $a_20 = { 558bcee86d9c060083f8010f855dfeff } | |
| $a_21 = { 558bec83ec6053568bf1578975f8e853 } | |
| $a_22 = { 558bec6aff68189c54006854f1460064 } | |
| $a_23 = { 558bce8944242ce80a7503008d9424b4 } | |
| $a_24 = { 558bcee8b097070083f8010f855dfeff } | |
| $a_25 = { 558bec81ec240000006808000000e88e } | |
| $a_26 = { 558bcfe8a26902008b4e50b8fdffffff } | |
| $a_27 = { 558bec83ec14a1c43d58008b15c83d58 } | |
| $a_28 = { 558bec6aff680809b300682035570064 } | |
| $a_29 = { 558bec83ec2053568b750c57e80d3a00 } | |
| $a_30 = { 558bec51515657e81b85000033ff3978 } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanDownloaderWin32Atalo_6c049609cd400e08835fec75250f445347362820ee36483bf465f61a328a7361 { | |
| strings: | |
| $a_2 = { 558bec81c468feffff535657c7053887 } | |
| $a_3 = { 558bec33c05568dff7bb0064ff306489 } | |
| $a_4 = { 558bec6a0033c0556886d8bb0064ff30 } | |
| $a_5 = { 558becff750cff750833d2e80e008880 } | |
| $a_6 = { 558bec5333db8a5d088b1c9d4074bc00 } | |
| $a_7 = { 558bec518b4d089187d1e80e0071085d } | |
| $a_8 = { 558bec6a00538bd833c055682112bc00 } | |
| $a_9 = { 558bec51e80e005040668945fe8a45fe } | |
| $a_10 = { 558bec6a005633c0556817a6bb0064ff } | |
| $a_11 = { 558bec6a005333c055689acabb0064ff } | |
| $a_12 = { 558bec515356578bf28bd8833d2488bc } | |
| $a_13 = { 558bec33c0556869d0bb0064ff306489 } | |
| $a_14 = { 558bec5153568bda8945fc8bc38b1524 } | |
| $a_15 = { 558bece80e00e63c5dc2040053565751 } | |
| $a_16 = { 558bec535657a15888bc00e80e00fb20 } | |
| $a_17 = { 558bea8bf88bc7e80e0035888bf0bb01 } | |
| $a_18 = { 558bec538bd88b4508508bc3e80e0035 } | |
| $a_19 = { 558b9df0fcffff4b8bc3e80e00cb7459 } | |
| $a_20 = { 558bec33c05568dc45bc0064ff306489 } | |
| $a_21 = { 558bec33c0556875c8bb0064ff306489 } | |
| $a_22 = { 558bec6a00535633c055686da5bb0064 } | |
| $a_23 = { 558bec33c05568e5c7bb0064ff306489 } | |
| $a_24 = { 558bec5331db89c1dd4508d88b9c71bc } | |
| $a_25 = { 558bec33c05568f5f9bb0064ff306489 } | |
| $a_26 = { 558bec518945fc33d25568ac57bb0064 } | |
| $a_27 = { 558bec51568bf06a208bcaa15402bc00 } | |
| $a_28 = { 558bec33c055683c35bc0064ff306489 } | |
| $a_29 = { 558bc3e80e00cba45984c075b58b85fc } | |
| $a_30 = { 558becff7508e80e003e285dc2040090 } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanDownloaderWin32AutoHK_0f9595c2d7a22f5bb7c22aef2d793cd2e3c77d7721de2b32f78ca82a54314ab6 { | |
| strings: | |
| $a_2 = { 558b6c24445657508b442460e843e200 } | |
| $a_3 = { 558b6c241456578b3d5c644c0066833f } | |
| $a_4 = { 558bec83ec7ca1701d4c0033c58945fc } | |
| $a_5 = { 558bec83ec74a1701d4c0033c58945fc } | |
| $a_6 = { 558bec83e4f8b88c800000e860450600 } | |
| $a_7 = { 558bec83e4f883ec2ca100644c008904 } | |
| $a_8 = { 558bac243402000080bd750200000056 } | |
| $a_9 = { 558b2d2ce149006a006a006aff536a00 } | |
| $a_10 = { 558bec83ec10a1701d4c008365f80083 } | |
| $a_11 = { 558b2dc86e4c00578d7c0aff8bc799f7 } | |
| $a_12 = { 558b6c243c3905b4284c000f84c80000 } | |
| $a_13 = { 558b6c240c85c975126800200000e83d } | |
| $a_14 = { 558bec5151a1701d4c0033c58945fc53 } | |
| $a_15 = { 558bec56578b7d0857ff1524e1490083 } | |
| $a_16 = { 558bec5356576a005268b648490051e8 } | |
| $a_17 = { 558bec83e4f851a1ec284c008b4d0856 } | |
| $a_18 = { 558bec83ec2ca1701d4c0033c58945fc } | |
| $a_19 = { 558bec83e4f864a1000000006aff686b } | |
| $a_20 = { 558bc6e85204000083c404eb378b15ec } | |
| $a_21 = { 558b6c2408568bc5578d50028d642400 } | |
| $a_22 = { 558becff750c6a00ff7508689b1b4900 } | |
| $a_23 = { 558bac2488800000568b35ec284c0057 } | |
| $a_24 = { 558bec83ec34a1701d4c0033c58945fc } | |
| $a_25 = { 558b2d0ce04900565733ff8d44241450 } | |
| $a_26 = { 558bec833d44424c000075468b450885 } | |
| $a_27 = { 558bfee8260700008bf8897c241485ff } | |
| $a_28 = { 558bc6e8bd04000083c404eb36a1ec28 } | |
| $a_29 = { 558bc6e8e98bfeffeb1033f6556a0155 } | |
| $a_30 = { 558bec83ec38a1701d4c0033c58945fc } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanDownloaderWin32Axent_3ea4867eb8e7da909f75a81894e44c5fb38f01733e875dd3a8e4acb4c5f95859 { | |
| strings: | |
| $a_2 = { 558bec81ec28010000535733ff576a02 } | |
| $a_3 = { 558bec518365fc00568d45fc50683521 } | |
| $a_4 = { 558bec83ec1c68e8200010c645e449c6 } | |
| $a_5 = { 558bec51538b5d0c565733ff393b897d } | |
| $a_6 = { 558bec83ec1c53566a045833db535353 } | |
| $a_7 = { 558bec81ec2001000053b80301000033 } | |
| $a_8 = { 558bec83ec30837d0c28535657c645d0 } | |
| $a_9 = { 558bec83ec24568b7508576a0833c083 } | |
| $a_10 = { 558bec5151568b35442000105733c08d } | |
| $a_11 = { 558bec81ec0401000053565768040100 } | |
| $a_12 = { 558bec83ec545368cc200010ff150c20 } | |
| $a_13 = { 558bec81ec04010000b80301000048c6 } | |
| $a_14 = { 558bec68b4200010ff150c20001085c0 } | |
| $a_15 = { 558bec51e85cf9ffffe817fbffff6a01 } | |
| $a_16 = { 558b6c240856578b3d002000105533f6 } | |
| $a_17 = { 558bec836508fe750c8b45108b00a310 } | |
| $a_18 = { 558bec83ec0c568d45f4506a016a00c6 } | |
| condition: | |
| 14 of them | |
| } | |
| rule TrojanDownloaderWin32Axload_a9f67941128d2d991084bab41c3439c36338946391b93e98cc3d9426c986dee7 { | |
| strings: | |
| $a_2 = { 558bce2872dbf524a48c75c5e5cf199f } | |
| $a_3 = { 558bb296c41e1ff82a4d74bb4f6db423 } | |
| $a_4 = { 558b8ecb3eef4536b24fe3cfbe636ef1 } | |
| $a_5 = { 558bec68bba067d58f45045deb02ba5b } | |
| $a_6 = { 558b8aa6660e104d8cb41ba4ca3f8799 } | |
| condition: | |
| 5 of them | |
| } | |
| rule TrojanDownloaderWin32Badiehi_bf9655494b22ba6ab06652c612d1af7423e1c930c662738e2fa02b2f5437a4ef { | |
| strings: | |
| $a_2 = { 558bec6aff6808754000682c44400064 } | |
| $a_3 = { 558bec83ec14a158ce40008b155cce40 } | |
| $a_4 = { 558bec6aff6890714000682c44400064 } | |
| $a_5 = { 558b2da4704000565733db33f633ff3b } | |
| $a_6 = { 558bec51833d74ca40000053751d8b45 } | |
| $a_7 = { 558bec51515333db391d88cf40005657 } | |
| $a_8 = { 558b6c240c56575353536affbf000100 } | |
| $a_9 = { 558bec6aff6820754000682c44400064 } | |
| $a_10 = { 558bec51568b750885f6745aa168ce40 } | |
| $a_11 = { 558becb82c120000e8841400008d8568 } | |
| $a_12 = { 558b2d6471400056578b3d687140006a } | |
| $a_13 = { 558bec535657556a006a00684c434000 } | |
| $a_14 = { 558bec6aff6878714000682c44400064 } | |
| $a_15 = { 558bec5153568b3514a7400057837e10 } | |
| $a_16 = { 558bec6aff6830754000682c44400064 } | |
| $a_17 = { 558b451c3bc77505a174ca40008b4d10 } | |
| $a_18 = { 558b2d687140005668d492400068b492 } | |
| $a_19 = { 558bec515153568b3530c74000578b56 } | |
| $a_20 = { 558bf86828a540005557897c243cffd6 } | |
| condition: | |
| 16 of them | |
| } | |
| rule TrojanDownloaderWin32Banavkill_569e646980ed003482047ea64e98d6b79e83029e563ebfd1a441d1284f5ca436 { | |
| strings: | |
| $a_2 = { 558b2c8e18e72076839caefea3d93133 } | |
| $a_3 = { 558b7bf282f79c3ab8031fdba9822d8c } | |
| $a_4 = { 558bbf19ed82a0fcf2462e897268525d } | |
| $a_5 = { 558b7f133cdeacc07afe9aaa98db8242 } | |
| $a_6 = { 558be1ebf5a5ca2fd889635ba2897676 } | |
| $a_7 = { 558b63751a2270d48c6627550d0201ba } | |
| $a_8 = { 558bcd73c6e2830e2c0358b81c081e63 } | |
| $a_9 = { 558b007aecae858e57ca0aa47080eba9 } | |
| $a_10 = { 558b2fffe7be07e9b67441f854d6f64f } | |
| $a_11 = { 558b473a8e0ffec070426289fa0b320e } | |
| $a_12 = { 558b5391fdabf8718ad90a664669d2a2 } | |
| $a_13 = { 558b44149d1d600d54337d9232045782 } | |
| $a_14 = { 558bd8d1c96e2afbb68b7ed43605083e } | |
| $a_15 = { 558b1f0b4b8f78269232941dce909bb6 } | |
| $a_16 = { 558b5680c4c22a13302657dbcbf32062 } | |
| $a_17 = { 558be4825e95b1ae447d6be505213c07 } | |
| $a_18 = { 558bd78e9be10e1f35e9841266dfa619 } | |
| $a_19 = { 558bf0e4b64adad353164ada212c19d3 } | |
| $a_20 = { 558b36352f730f6079ae91543b5b96cb } | |
| $a_21 = { 558b82cd13758eaf58b3e57d5ec95f25 } | |
| $a_22 = { 558b5ce3a1267e630719cbb92613c8b9 } | |
| $a_23 = { 558bf88a9b62fdc086532bc09a635e8e } | |
| $a_24 = { 558b34b193540302528f21d5e660ca5e } | |
| $a_25 = { 558b6b82dd4cd57dd382fd3bdae8b883 } | |
| $a_26 = { 558bda3c375b057b021d298fa6dc969a } | |
| $a_27 = { 558b8fdf564b2f5bedbde800d4cb9632 } | |
| $a_28 = { 558bd3b774fd2968246c488903dcc8bc } | |
| $a_29 = { 558ba67977f14f553afd78c856fbf34a } | |
| $a_30 = { 558b028eef1825828f73e90050a8c864 } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanDownloaderWin32Bancos_90e4b8b8c6deee890436a0d70a8193f6a12dd9ccdfdb925497f759c4daf6df54 { | |
| strings: | |
| $a_2 = { 558bec6a005333c055685ed8400064ff } | |
| $a_3 = { 558bec33c05568c968420064ff306489 } | |
| $a_4 = { 558bec33c055687859420064ff306489 } | |
| $a_5 = { 558bd38b869c010000e8bb35feffe802 } | |
| $a_6 = { 558bec33c055682b67420064ff306489 } | |
| $a_7 = { 558bec6a00538bd833c05568afb44200 } | |
| $a_8 = { 558bf0bf14064500bd180645008b1d0c } | |
| $a_9 = { 558bec6a0053568bd833c05568eb5342 } | |
| $a_10 = { 558bec83c4d45756538945fca0870645 } | |
| $a_11 = { 558bec6a0033c05568dee5400064ff30 } | |
| $a_12 = { 558bec538b5d14b201a18c254400e8a9 } | |
| $a_13 = { 558bec83c4f4a1600b4500e8d08efeff } | |
| $a_14 = { 558bec51535657894dfc8bfa8bf0e895 } | |
| $a_15 = { 558bec83c4d853a164064500a324e444 } | |
| $a_16 = { 558bec6a00538bd833c055685d8b4100 } | |
| $a_17 = { 558bec51535684d2740883c4f0e8bea7 } | |
| $a_18 = { 558bec33c05568fd6e400064ff306489 } | |
| $a_19 = { 558bec83c4f85356578bd8803dc00545 } | |
| $a_20 = { 558bec83c4d85356576a0ea194ee4400 } | |
| $a_21 = { 558bec6a0053565733c0556864ce4300 } | |
| $a_22 = { 558bec6a0033c05568eee4400064ff30 } | |
| $a_23 = { 558bec5356a1300b4500837804000f95 } | |
| $a_24 = { 558bec81c49cfaffff53565733c9898d } | |
| $a_25 = { 558bec5356578b7d0c8b5d08803d2209 } | |
| $a_26 = { 558b45f88b40048bd6e8b4cafeffe81b } | |
| $a_27 = { 558bec6a00535633c0556851b1400064 } | |
| $a_28 = { 558beca188ed4400e8bbbeffff5dc204 } | |
| $a_29 = { 558bec33c055680d5b420064ff306489 } | |
| $a_30 = { 558bec33c0556805a9410064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanDownloaderWin32Bangkgrob_39b8458634714d52c2e7d25cb1f311bb3c320bdd4de84f4887c12e0a3a01d1f8 { | |
| strings: | |
| $a_2 = { 558bec83c4f48955f88945fca1441845 } | |
| $a_3 = { 558bec53568bf033dbe89eb9feff8b15 } | |
| $a_4 = { 558bec535657833dac1b450000743c33 } | |
| $a_5 = { 558bec33c05568a145420064ff306489 } | |
| $a_6 = { 558bec84d2740883c4f0e81d02ffff89 } | |
| $a_7 = { 558bec515356578bf28bd8803dbc1545 } | |
| $a_8 = { 558bec51568bf06a208bcaa1301b4100 } | |
| $a_9 = { 558bec5153bb341a4500a13c1a4500e8 } | |
| $a_10 = { 558bec33c05568fe0d410064ff306489 } | |
| $a_11 = { 558bec6a006a0033c055688e7b410064 } | |
| $a_12 = { 558bec6a005333c05568dad4400064ff } | |
| $a_13 = { 558bec33c05568fd25420064ff306489 } | |
| $a_14 = { 558bec33c05568f146420064ff306489 } | |
| $a_15 = { 558b4334e8a1bcffff50e85f66fcff59 } | |
| $a_16 = { 558bec51538bd8a158184500e87ffcff } | |
| $a_17 = { 558bec33c05568c855420064ff306489 } | |
| $a_18 = { 558bf28bd88bc6e84dbeffff8bf88bc3 } | |
| $a_19 = { 558bec33c05568e671420064ff306489 } | |
| $a_20 = { 558bec6a0033d25568d94b440064ff32 } | |
| $a_21 = { 558bec83c4d85356578b450ce8e3b7fe } | |
| $a_22 = { 558bec33c055680de5440064ff306489 } | |
| $a_23 = { 558bec538b55088b52fce899dcfcff85 } | |
| $a_24 = { 558beca13c1a4500e8abffffff33c055 } | |
| $a_25 = { 558b43045081c700bc00005755e80563 } | |
| $a_26 = { 558bec83c4f40fb70524f044008945f8 } | |
| $a_27 = { 558bec538bd8a158184500e850fbffff } | |
| $a_28 = { 558bec33c0556877c8440064ff306489 } | |
| $a_29 = { 558bec33c055686954420064ff306489 } | |
| $a_30 = { 558bec33c055684946420064ff306489 } | |
| condition: | |
| 24 of them | |
| } | |
| rule TrojanDownloaderWin32Banker_f874b941c0bbb02135eed79088db2c6b35f0692fb96cce07195fc307d1f57fbe { | |
| strings: | |
| $a_2 = { 558bc6e89895f8ff506a0053e807b9f8 } | |
| $a_3 = { 558bec51535684d2740883c4f0e87aae } | |
| $a_4 = { 558bec518945fc68b4144c00e8037df7 } | |
| $a_5 = { 558bec83c4ec535657bec8e84b00c706 } | |
| $a_6 = { 558becb9100000006a006a004975f933 } | |
| $a_7 = { 558b45fce812a7feffe8f1feffff5988 } | |
| $a_8 = { 558bec83c4f4a1880c4c00e81874fdff } | |
| $a_9 = { 558bec83c4e833c9894df0894df46689 } | |
| $a_10 = { 558bec83c4f88945fc8d45fce8cfcff7 } | |
| $a_11 = { 558becb91d0000006a006a004975f933 } | |
| $a_12 = { 558bec53565784d2740883c4f0e832c4 } | |
| $a_13 = { 558bec83c4dc5333db895ddc895dec89 } | |
| $a_14 = { 558b45e0e8d3dfffff59ff45e08b45fc } | |
| $a_15 = { 558bec33c0556884d0420064ff306489 } | |
| $a_16 = { 558bec5356578b7d10803d230a4c0000 } | |
| $a_17 = { 558bec518945fc8b45fce84d4affff8b } | |
| $a_18 = { 558bec538bd8833dcce84b0012753a83 } | |
| $a_19 = { 558bec33c0556840324b0064ff306489 } | |
| $a_20 = { 558bec33c05568af314b0064ff306489 } | |
| $a_21 = { 558becb92c0000006a006a004975f951 } | |
| $a_22 = { 558bec83c4ec8955f88945fc8b45f8c7 } | |
| $a_23 = { 558bec535657a1c0094c00e83c93ffff } | |
| $a_ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment