Rename yara emmenhtal to yara emmenhtalv1

2026-06-08 14:45:26 +00:00 · 2025-03-14 10:13:45 +01:00
parent 6d1c7d8400
commit bbf344d112
1 changed files with 0 additions and 0 deletions
@@ -0,0 +1,10 @@
+rule EmmenHTAl : malware {
+    strings:
+        $s1 = " = String.fromCharCode("
+        $s2 = ";var "
+        $s3 = "eval("
+        $s4 = "</script>"
+        $s5 = "<HTA:APPLICATION CAPTION = \"no\" WINDOWSTATE = \"minimize\" SHOWINTASKBAR = \"no\" >"
+    condition:
+        all of them
+}