summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--php-malware-finder/php.yar4
1 files changed, 3 insertions, 1 deletions
diff --git a/php-malware-finder/php.yar b/php-malware-finder/php.yar
index cd31593..c7af3f2 100644
--- a/php-malware-finder/php.yar
+++ b/php-malware-finder/php.yar
@@ -37,9 +37,11 @@ rule HiddenInAFile
37{ 37{
38 strings: 38 strings:
39 $gif = {47 49 46 38 ?? 61} // GIF8[version]a 39 $gif = {47 49 46 38 ?? 61} // GIF8[version]a
40 $png = {89 50 4E 47 0D 0a 1a 0a} // \X89png\X0D\X0A\X1A\X0A
41 $jpeg = {FF D8 FF E0 ?? ?? 4A 46 49 46 } // https://raw.githubusercontent.com/corkami/pics/master/JPG.png
40 42
41 condition: 43 condition:
42 $gif at 0 44 $gif at 0 or $png at 0 or $jpeg at 0
43} 45}
44 46
45rule PasswordProtection 47rule PasswordProtection