JohnGalt14

Neurevt Malware Yara Rule

Jun 21st, 2013
198
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. rule Neurevt {
  2.     meta:
  3.         author = "Venom23"
  4.         date = "2013-06-21"
  5.         description = "Neurevt Malware Sig"
  6.         hash0 = "db9a816d58899f1ba92bc338e89f856a"
  7.         hash1 = "d7b427ce3175fa7704da6b19a464938e"
  8.         hash2 = "13027beb8aa5e891e8e641c05ccffde3"
  9.         hash3 = "d1004b63d6d3cb90e6012c68e19ab453"
  10.         hash4 = "a1286fd94984fd2de857f7b846062b5e"
  11.         yaragenerator = "https://github.com/Xen0ph0n/YaraGenerator"
  12.     strings:
  13.         $string0 = "BullGuard" wide
  14.         $string1 = "cmd.exe" wide
  15.         $string4 = "eUSERPROFILE" wide
  16.         $string5 = "%c:\\%s.lnk" wide
  17.         $string6 = "services.exe" wide
  18.         $string9 = "Multiples archivos corruptos han sido encontrados en la carpeta \"Mis Documentos\". Para evitar perder" wide
  19.         $string10 = "F-PROT Antivirus Tray application" wide
  20.         $string12 = "-k NetworkService" wide
  21.         $string13 = "firefox.exe"
  22.         $string14 = "uWinMgr.exe" wide
  23.         $string15 = "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.13) Gecko/20060410 Firefox/1.0.8"
  24.         $string16 = "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11"
  25.         $string18 = "Data Path" wide
  26.     condition:
  27.         10 of them
  28. }
RAW Paste Data