1 files changed, 1 insertions, 0 deletions
diff --git a/malwares.yara b/malwares.yara
index 1263b39..c901d06 100644
--- a/malwares.yara
+++ b/malwares.yara
@@ -85,6 +85,7 @@ private rule hex
      $exec = "\\x65\\x78\\x65\\x63" nocase
      $system = "\\x73\\x79\\x73\\x74\\x65\\x6d" nocase
      $preg_replace = "\\x70\\x72\\x65\\x67\\x5f\\x72\\x65\\x70\\x6c\\x61\\x63\\x65" nocase
+      $http_user_agent = "\\x48\\124\\x54\\120\\x5f\\125\\x53\\105\\x52\\137\\x41\\107\\x45\\116\\x54" nocase
    
    condition:
        any of them

diff --git a/malwares.yara b/malwares.yara index 1263b39..c901d06 100644 --- a/malwares.yara +++ b/malwares.yara
@@ -85,6 +85,7 @@ private rule hex
85	$exec = "\\x65\\x78\\x65\\x63" nocase	85	$exec = "\\x65\\x78\\x65\\x63" nocase
86	$system = "\\x73\\x79\\x73\\x74\\x65\\x6d" nocase	86	$system = "\\x73\\x79\\x73\\x74\\x65\\x6d" nocase
87	$preg_replace = "\\x70\\x72\\x65\\x67\\x5f\\x72\\x65\\x70\\x6c\\x61\\x63\\x65" nocase	87	$preg_replace = "\\x70\\x72\\x65\\x67\\x5f\\x72\\x65\\x70\\x6c\\x61\\x63\\x65" nocase
		88	$http_user_agent = "\\x48\\124\\x54\\120\\x5f\\125\\x53\\105\\x52\\137\\x41\\107\\x45\\116\\x54" nocase
88		89
89	condition:	90	condition:
90	any of them	91	any of them