Advertisement
dissectmalware

Yara rule - xlsm_with_xlm_macro

Apr 15th, 2020
1,152
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.50 KB | None | 0 0
  1. rule xlsm_with_xlm_macro{
  2. meta:
  3. description = "Finding XLSM files containing XLM macros"
  4. Author = "DissectMalware"
  5. Sample = "01558388b33abe05f25afb6e96b0c899221fe75b037c088fa60fe8bbf668f606"
  6. strings:
  7. $zip_marker = "PK"
  8. $xlsx_marker = {5B 43 6F 6E 74 65 6E 74 5F 54 79 70 65 73 5D 2E 78 6D 6C}
  9. $macrosheet_marker = {6D 61 63 72 6F 73 68 65 65 74 73}
  10. condition:
  11. $zip_marker at 0 and $xlsx_marker and $macrosheet_marker
  12. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement