Skip to content
Permalink
Browse files

cleanup

  • Loading branch information...
brian
brian committed Mar 4, 2019
1 parent 06f53ea commit 73f414615d65ad12df2a6338631846b5f02787f6
Showing with 1 addition and 1 deletion.
  1. +1 −1 includes/emotet-dropper.yar
@@ -79,7 +79,7 @@ rule emotet_dropper1 {
$s1 = "6576616c28677a696e666c617465286261736536345f6465636f64652822" ascii /* hex encoded string 'eval(gzinflate(base64_decode("' */
$s2 = "222929293b" ascii /* hex encoded string '")));' */
$s3 = "$n5c62c1bcb81d1 = fn5c62c1bcb819b('6576616c28677a696e666c617465286261736536345f6465636f64652822');" fullword ascii
$s4 = "eval($n5c62c1bcb81d1 . '[omitted due to size]' . $n5c62c1bcb8206);" fullword ascii
$s4 = "eval($n5c62c1bcb81d1" fullword ascii
condition:
( uint16(0) == 0x3f3c and
filesize < 1KB and

0 comments on commit 73f4146

Please sign in to comment.
You can’t perform that action at this time.