(YARA) YARA_EasyCrypter
Created the . Updated 3 months, 3 weeks ago.
rule EasyCrypter {
meta:
author = "RussianPanda"
description = "Detects EasyCrypter"
date = "01/05/2024"
hash = "60063c99fda3b6c5c839ec1c310b03e8f9c7c8823f2eb7bf75e22c6d738ffa8f"
strings:
$s1 = {F6 17 [16-20] 80 2F 36 [16-20] 80 07 87}
$s2 = {81 38 50 45 00 00 [20-22] 8B 88 A0 00 00 00 [2-4] 8B 80 A4 00 00 00 [5-7] 8B 40 50 [50-56] 89 0C 24 89 44 24 04 C7 44 24 08 00 30 00 00 C7 44 24 0C 04 00 00 00 FF 15 [3] 00}
condition:
uint16(0) == 0x5A4D
and $s1 and $s2
}
Associated Techniques
| Technique Name | Technique ID's | Has Snippet(s) |
|---|---|---|
| EasyCrypter | U1431 |