Skip to content

Commit

Permalink
Update BroEx.yar
Browse files Browse the repository at this point in the history
  • Loading branch information
bartblaze authored Aug 13, 2024
1 parent dfb0488 commit 9d4ef0b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion rules/crimeware/BroEx.yar
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ strings:
if (*(short *)param_2 != 0) {
pvVar1 = (void *)0xffffffffffffffff;
*/
$str_decode = { 4? 53 4? 83 ec 20 4? 33 c0 4? c7 41 18 07 00 00 00 4? 8b d9 4? 89 41 10 66 4? 89 01 66 4? 39 02 74 11 4? 83 c8 ff }
$str_decode = {4? 53 4? 83 ec 20 4? 33 c0 4? c7 41 18 07 00 00 00 4? 8b d9 4? 89 41 10 66 4? 89 01 66 4? 39 02 74 11 4? 83 c8 ff}
condition:
uint16(0) == 0x5a4d and ($pdb or 2 of ($mut*) or all of ($browser*)
Expand Down

0 comments on commit 9d4ef0b

Please sign in to comment.