Common Information
| Type | Value |
|---|---|
| Value |
rule add {
strings:
$a = "p_remoteIP = 0x"
$b = "p_localIP = 0x"
$c = "p_addrInfo = 0x"
$d = "InetAddr = 0x"
$e = "size of endpoint = 0x"
$f = "FILE pointer = 0x"
$g = " /tcpCon "
$h = "Bytes allocated for fake Proc = "
$i = "EPROC pool pointer = 0x"
$j = "qggya123.exe"
$k = "add.exe" wide
$l = "c:\\add\\add\\sys\\objchk_win7_x86\\i386\\sioctl.pdb"
$m = "sioctl.sys"
$n = "\\private"
condition:
any of them
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |