We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent b4124a5 commit ba20b04Copy full SHA for ba20b04
analyzer/windows/data/yara/Formbook.yar
@@ -26,7 +26,7 @@ rule FormhookB
26
$new_remap = {8B (86 [2] 00 00|46 ??|06) 5F 5E 5B 8B E5 5D C3}
27
$code = {8B 4E 18 50 6A 00 51 57 56 E8 9A 18 00 00 8B 55 10 8B 45 0C 8B 0F 83 C4 1C 52 50 FF D1 5F 5E 5D C3}
28
condition:
29
- any of them
+ 2 of them
30
}
31
32
rule FormconfA
0 commit comments