diff options
| -rw-r--r-- | php-malware-finder/common.yar | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/php-malware-finder/common.yar b/php-malware-finder/common.yar index bde83c7..184e5ce 100644 --- a/php-malware-finder/common.yar +++ b/php-malware-finder/common.yar | |||
| @@ -51,6 +51,7 @@ private rule hex | |||
| 51 | $system = "\\x73\\x79\\x73\\x74\\x65\\x6d" nocase | 51 | $system = "\\x73\\x79\\x73\\x74\\x65\\x6d" nocase |
| 52 | $preg_replace = "\\x70\\x72\\x65\\x67\\x5f\\x72\\x65\\x70\\x6c\\x61\\x63\\x65" nocase | 52 | $preg_replace = "\\x70\\x72\\x65\\x67\\x5f\\x72\\x65\\x70\\x6c\\x61\\x63\\x65" nocase |
| 53 | $http_user_agent = "\\x48\\124\\x54\\120\\x5f\\125\\x53\\105\\x52\\137\\x41\\107\\x45\\116\\x54" nocase | 53 | $http_user_agent = "\\x48\\124\\x54\\120\\x5f\\125\\x53\\105\\x52\\137\\x41\\107\\x45\\116\\x54" nocase |
| 54 | $base64_decode = "\\x61\\x73\\x65\\x36\\x34\\x5f\\x64\\x65\\x63\\x6f\\x64\\x65\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6c\\x61\\x74\\x65\\x28" nocase | ||
| 54 | 55 | ||
| 55 | condition: | 56 | condition: |
| 56 | any of them | 57 | any of them |
