(YARA) YARA_CheckName

Download Raw

rule MalwareNameEvasion
{
    strings:
        // Check for the GetModuleFileName() function call
        $get_module_filename = "GetModuleFileName"

        // Check for the find_last_of() method call
        $find_last_of = "find_last_of"

        // Check for the std::string data type
        $string = "std::string"

        // Check for the "\\/" string
        $backslash_slash = "\\\\/"

        // Check for the "sample.exe" string
        $sample_exe = "sample.exe"

        // Check for the "malware.exe" string
        $malware_exe = "malware.exe"

    condition:
        // Check if all the required strings are present in the code
        all of them
}

Associated Techniques

Technique Name Technique ID's Snippet(s) OS
Checking Malware Name U1303 U0401

Created

December 7, 2022

Last Revised

December 7, 2022