rule M_Hunting_3CXDesktopApp_Export {
	meta:
		disclaimer = "This rule is meant for hunting and is not tested to run in a production environment"
		description = "Detects an export used in 3CXDesktopApp malware"
		md5 = "7faea2b01796b80d180399040bb69835"
		date = "2023/03/31"
		version = "1"
	strings:
		$str1 = "DllGetClassObject" ascii wide
		$str2 = "3CXDesktopApp" ascii wide
	condition:
		all of ($str*)
}