Added x64dbg processes to suspicious_strings.yara.

JusticeRage · May 3, 2017 · 25c2708 · 25c2708
1 parent 339d1a8
commit 25c2708
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/bin/yara_rules/suspicious_strings.yara b/bin/yara_rules/suspicious_strings.yara
@@ -74,6 +74,10 @@ rule RE_Tools
         $a3 = "lordpe.exe" nocase wide ascii
         $a4 = "peid.exe" nocase wide ascii
         $a5 = "windbg.exe" nocase wide ascii
+        // x64dbg (credit goes to @_pusher_0x90)
+        $a6 = "x32dbg.exe" nocase wide ascii
+        $a7 = "x64dbg.exe" nocase wide ascii
+
     condition:
         any of them
 }
@@ -1323,4 +1327,4 @@ rule BITS_CLSID
         $uuid_background_copy_callback =        { C7 99 EA 97 86 01 D4 4A 8D F9 C5 B4 E0 ED 6B 22 }
     condition:
         any of them
-}
+}