Skip to content

Commit

Permalink
Fix DoomedLoader yara metadata
Browse files Browse the repository at this point in the history
  • Loading branch information
@kevoreilly
kevoreilly committed May 9, 2024
1 parent 801f8a0 commit 68622dc
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion analyzer/windows/data/yara/DoomedLoader.yar
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ rule DoomedLoader
meta:
author = "kevoreilly"
cape_options = "clear,bp0=$anti+17,action0=setzeroflag,sysbp=$syscall+7,count=0"
hash = "914b1b3180e7ec1980d0bafe6fa36daade752bb26aec572399d2f59436eaa635"
packed = "914b1b3180e7ec1980d0bafe6fa36daade752bb26aec572399d2f59436eaa635"
strings:
$anti = {48 8B 4C 24 ?? E8 [4] 84 C0 B8 [4] 41 0F 45 C6 EB}
$syscall = {49 89 CA 8B 44 24 08 FF 64 24 10}
Expand Down
2 changes: 1 addition & 1 deletion data/yara/CAPE/DoomedLoader.yar
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ rule DoomedLoader
meta:
author = "kevoreilly"
cape_type = "DoomedLoader Payload"
hash = "914b1b3180e7ec1980d0bafe6fa36daade752bb26aec572399d2f59436eaa635"
packed = "914b1b3180e7ec1980d0bafe6fa36daade752bb26aec572399d2f59436eaa635"
strings:
$anti = {48 8B 4C 24 ?? E8 [4] 84 C0 B8 [4] 41 0F 45 C6 EB}
$syscall = {49 89 CA 8B 44 24 08 FF 64 24 10}
Expand Down

0 comments on commit 68622dc

Please sign in to comment.