Skip to content

Commit

Permalink
FP: svchost.exe size
Browse files Browse the repository at this point in the history
  • Loading branch information
Florian Roth committed Feb 19, 2019
1 parent 8f7335c commit 0448d97
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion yara/generic_anomalies.yar
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ rule Suspicious_Size_svchost_exe {
condition:
uint16(0) == 0x5a4d
and filename == "svchost.exe"
and ( filesize < 14KB or filesize > 75KB )
and ( filesize < 14KB or filesize > 100KB )
}

rule Suspicious_Size_winlogon_exe {
Expand Down

0 comments on commit 0448d97

Please sign in to comment.