1 files changed, 1 insertions, 0 deletions
diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara
index 2384f05..1a4b940 100644
--- a/php-malware-finder/malwares.yara
+++ b/php-malware-finder/malwares.yara
@@ -224,6 +224,7 @@ rule DodgyStrings
        $ = /(reverse|web)\s*shell/ nocase
        $ = /\/bin\/(ba)?sh/ fullword
        $ = /hack(ing|er)/ nocase
+        $ = /xp_(execresultset|regenumkeys|cmdshell|filelist)/
        $vbs = /language\s*=\s*vbscript/ nocase
        $asp = "scripting.filesystemobject" nocase

diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara index 2384f05..1a4b940 100644 --- a/php-malware-finder/malwares.yara +++ b/php-malware-finder/malwares.yara
@@ -224,6 +224,7 @@ rule DodgyStrings
224	$ = /(reverse\|web)\s*shell/ nocase	224	$ = /(reverse\|web)\s*shell/ nocase
225	$ = /\/bin\/(ba)?sh/ fullword	225	$ = /\/bin\/(ba)?sh/ fullword
226	$ = /hack(ing\|er)/ nocase	226	$ = /hack(ing\|er)/ nocase
		227	$ = /xp_(execresultset\|regenumkeys\|cmdshell\|filelist)/
227		228
228	$vbs = /language\s=\svbscript/ nocase	229	$vbs = /language\s=\svbscript/ nocase
229	$asp = "scripting.filesystemobject" nocase	230	$asp = "scripting.filesystemobject" nocase