100 Days of YARA – Day 12: Neshta

On December 31, 2021December 24, 2021 By DanielIn 100 days of Yara

Neshta is a common virus targeting Windows executables. This rule should find files infected with Neshta.

rule neshta
{
	meta:
		description = "Files impacted by Neshta virus"
		hash = "769e6e12a5443217fd8c5ce510846775b714eb221cc11974969b5ff7442b5484"

	strings:
		$ = "Delphi-the best. Fuck off all the rest. Neshta "
		$ = "Made in Belarus."

	condition:
		all of them
}

YARA Rules Index

2 thoughts on “100 Days of YARA – Day 12: Neshta”

Pingback: YARA Rules Index – DMFR SECURITY
Pingback: Week 01 – 2022 – This Week In 4n6

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

Share this:

Like this:

2 thoughts on “100 Days of YARA – Day 12: Neshta”

Leave a Reply Cancel reply