Fabian, please if possible share rules, Thanks.
Code: Select all
rule AccdfisaDropper
{
strings:
$a = "sfxrar.pdb" nocase
$b = "nsf.exe" nocase
$c = "NoSafeMode.dll" nocase
condition:
$a and $b and $c
}
rule AccdfisaCrypter
{
strings:
$a = ".xml" nocase
$b = ".txt" nocase
$c = ".png" nocase
$d = " -dh -ep2 -hp" nocase
condition:
$a and $b and $c and $d
}
