Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- rule Android_Malware : iBanking
- {
- meta:
- author = "Xylitol [email protected]"
- date = "2014-02-14"
- description = "Match first two bytes, files and string present in iBanking"
- reference = "http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3166"
- yaraexchange = "do what the fuck you want"
- strings:
- // Generic android
- $pk = {50 4B}
- $file1 = "AndroidManifest.xml"
- // iBanking related
- $file2 = "res/drawable-xxhdpi/ok_btn.jpg"
- $string1 = "bot_id"
- $string2 = "type_password2"
- condition:
- ($pk at 0 and 2 of ($file*) and ($string1 or $string2))
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
