PWS:Win32/Frethog.AB ID: 2147597356 Category:3 Severity: Critical (PWS Win32 Frethog AB [])
rule PWS_Win32_Frethog_AB_2147597356_0
{
meta:
author = "defender2yara"
detection_name = "PWS:Win32/Frethog.AB"
threat_id = "2147597356"
type = "PWS"
platform = "Win32: Windows 32-bit platform"
family = "Frethog"
severity = "Critical"
signature_type = "SIGNATURE_TYPE_PEHSTR_EXT"
threshold = "52"
strings_accuracy = "High"
strings:
$x_10_1 = "CreateToolhelp32Snapshot" ascii //weight: 10
$x_10_2 = "08E909A4-48DD-8BCC-B236-90A604B93E68" ascii //weight: 10
$x_10_3 = "RavMon.exe" ascii //weight: 10
$x_10_4 = "AVP.AlertDialog" ascii //weight: 10
$x_10_5 = "#32770" ascii //weight: 10
$x_1_6 = "Forthgoer" ascii //weight: 1
$x_1_7 = "tldoor%d.dll" ascii //weight: 1
$x_1_8 = "FilMsg.exe" ascii //weight: 1
$x_1_9 = "Twister.exe" ascii //weight: 1
condition:
(filesize < 20MB) and
(
((5 of ($x_10_*) and 2 of ($x_1_*))) or
(all of ($x*))
)
}
No Lua scripts found for this threat.
No revoked certificates found for this threat.
No further sigs found for this threat.