Malware / file
YARA rules
5,941 rules indexed · pattern-based malware identification
YARA rules identify and classify malware families through binary patterns, strings, and metadata. Rules below come from multiple open repositories. Expand any rule to see its raw signature.
Using these YARA rules
Deploy. Load them into any YARA-capable scanner: your EDR if it supports YARA, the yara CLI against files or a memory image, VirusTotal Retrohunt, or a host scanner like Loki or THOR.
Adapt. Tighten or loosen the string and condition matches for your false-positive tolerance; a rule written for one campaign can over-match on benign files in a different environment.
Scope. These are for hunting known malware families in files and memory and for triaging samples - not for network traffic or log-based detection, which the IDS and Sigma rules cover.
◈
Rules
50 shown of 5,941PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_A209
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - viragt.sys
view YARA rule
rule PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_A209 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - viragt.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "a2096b460e31451659b0dde752264c362f47254c8191930bc921ff16a4311641"
date = "2024-08-07"
score = 40
id = "e38fec7b-bc36-5fa5-a32e-fd82aa05dd19"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005600690072004900540020004100670065006e0074002000530079007300740065006d } /* FileDescription VirITAgentSystem */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]0054004700200053006f0066007400200053002e0061002e0073002e } /* CompanyName TGSoftSas */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0031002c00200030002c00200030002c00200035 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0031002c00200030002c00200030002c00200035 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]007600690072006100670074002e007300790073 } /* InternalName viragtsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005600690072004900540020004100670065006e0074002000530079007300740065006d } /* ProductName VirITAgentSystem */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]00760069007200610067007400360034002e007300790073 } /* OriginalFilename viragtsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000280043002900200054004700200053006f0066007400200053002e0061002e0073002e00200032003000310031002c002000320030003100330020002d0020007700770077002e007400670073006f00660074002e00690074 } /* LegalCopyright CopyrightCTGSoftSaswwwtgsoftit */
condition:
uint16(0) == 0x5a4d and filesize < 100KB and all of them
}
PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_D0E2
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - viragt64.sys
view YARA rule
rule PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_D0E2 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - viragt64.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "d0e25b879d830e4f867b09d6540a664b6f88bad353cd14494c33b31a8091f605"
date = "2024-08-07"
score = 40
id = "1ee0136e-73bc-5b88-ae0b-74f3f53fe93f"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005600690072004900540020004100670065006e0074002000530079007300740065006d } /* FileDescription VirITAgentSystem */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]0054004700200053006f0066007400200053002e0061002e0073002e } /* CompanyName TGSoftSas */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0031002c002000360030002c00200030002c00200030 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0031002c002000360030002c00200030002c00200030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]007600690072006100670074002e007300790073 } /* InternalName viragtsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005600690072004900540020004100670065006e0074002000530079007300740065006d } /* ProductName VirITAgentSystem */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]007600690072006100670074002e007300790073 } /* OriginalFilename viragtsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000280043002900200054004700200053006f0066007400200053002e0061002e0073002e00200032003000300036002c002000320030003100310020002d0020007700770077002e007400670073006f00660074002e00690074 } /* LegalCopyright CopyrightCTGSoftSaswwwtgsoftit */
condition:
uint16(0) == 0x5a4d and filesize < 100KB and all of them
}
PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_E05E
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - viragt.sys
view YARA rule
rule PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_E05E {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - viragt.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "e05eeb2b8c18ad2cb2d1038c043d770a0d51b96b748bc34be3e7fc6f3790ce53"
date = "2024-08-07"
score = 40
id = "71c7a688-d20a-57c3-b4c5-b8344e936900"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005600690072004900540020004100670065006e0074002000530079007300740065006d } /* FileDescription VirITAgentSystem */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]0054004700200053006f0066007400200053002e0061002e0073002e } /* CompanyName TGSoftSas */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0031002c002000370032002c00200030002c00200030 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0031002c002000370032002c00200030002c00200030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]007600690072006100670074002e007300790073 } /* InternalName viragtsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005600690072004900540020004100670065006e0074002000530079007300740065006d } /* ProductName VirITAgentSystem */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]007600690072006100670074002e007300790073 } /* OriginalFilename viragtsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000280043002900200054004700200053006f0066007400200053002e0061002e0073002e00200032003000300036002c002000320030003100330020002d0020007700770077002e007400670073006f00660074002e00690074 } /* LegalCopyright CopyrightCTGSoftSaswwwtgsoftit */
condition:
uint16(0) == 0x5a4d and filesize < 100KB and all of them
}
PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_E4EC
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - viragt64.sys
view YARA rule
rule PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_E4EC {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - viragt64.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "e4eca7db365929ff7c5c785e2eab04ef8ec67ea9edcf7392f2b74eccd9449148"
date = "2024-08-07"
score = 40
id = "888a2b05-46c1-54b2-a996-14fb9fae5779"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005600690072004900540020004100670065006e0074002000530079007300740065006d } /* FileDescription VirITAgentSystem */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]0054004700200053006f0066007400200053002e0061002e0073002e } /* CompanyName TGSoftSas */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0031002c002000330038002c00200030002c00200030 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0031002c002000330038002c00200030002c00200030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]007600690072006100670074002e007300790073 } /* InternalName viragtsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005600690072004900540020004100670065006e0074002000530079007300740065006d } /* ProductName VirITAgentSystem */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]007600690072006100670074002e007300790073 } /* OriginalFilename viragtsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000280043002900200054004700200053006f0066007400200053002e0061002e0073002e00200032003000300036002c002000320030003100310020002d0020007700770077002e007400670073006f00660074002e00690074 } /* LegalCopyright CopyrightCTGSoftSaswwwtgsoftit */
condition:
uint16(0) == 0x5a4d and filesize < 100KB and all of them
}
PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_EF6D
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - viragt64.sys
view YARA rule
rule PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_EF6D {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - viragt64.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "ef6d3c00f9d0aa31a218094480299ef73fc85146adf62fd0c2f4f88972c5c850"
date = "2024-08-07"
score = 40
id = "28e934c7-1705-5dd7-967f-ac259af3809e"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005600690072004900540020004100670065006e0074002000530079007300740065006d } /* FileDescription VirITAgentSystem */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]0054004700200053006f0066007400200053002e0061002e0073002e } /* CompanyName TGSoftSas */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0031002c002000380030002c00200030002c00200030 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0031002c002000380030002c00200030002c00200030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]007600690072006100670074002e007300790073 } /* InternalName viragtsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005600690072004900540020004100670065006e0074002000530079007300740065006d } /* ProductName VirITAgentSystem */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]007600690072006100670074002e007300790073 } /* OriginalFilename viragtsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000280043002900200054004700200053006f0066007400200053002e0061002e0073002e00200032003000300036002c002000320030003100360020002d0020007700770077002e007400670073006f00660074002e00690074 } /* LegalCopyright CopyrightCTGSoftSaswwwtgsoftit */
condition:
uint16(0) == 0x5a4d and filesize < 200KB and all of them
}
PUA_VULN_Driver_Toshibacorporation_Nchgbiosxsys_Toshibabiospackage_3143
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NCHGBIOS2x64.SYS
view YARA rule
rule PUA_VULN_Driver_Toshibacorporation_Nchgbiosxsys_Toshibabiospackage_3143 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NCHGBIOS2x64.SYS"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "314384b40626800b1cde6fbc51ebc7d13e91398be2688c2a58354aa08d00b073"
date = "2024-08-07"
score = 40
id = "c0a7d14e-65aa-51e1-a2c1-88a7c56dce57"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]00420049004f00530020005500700064006100740065002000440072006900760065007200200046006f0072002000570069006e0064006f007700730020007800360034002000450064006900740069006f006e } /* FileDescription BIOSUpdateDriverForWindowsxEdition */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]0054004f0053004800490042004100200043006f00720070006f0072006100740069006f006e } /* CompanyName TOSHIBACorporation */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0034002e0032002e0034002e00300020006200750069006c0074002000620079003a002000570069006e00440044004b } /* FileVersion builtbyWinDDK */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0034002e0032002e0034002e0030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]004e00430048004700420049004f00530032007800360034002e005300590053 } /* InternalName NCHGBIOSxSYS */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]0054004f00530048004900420041002000420049004f00530020005000610063006b006100670065 } /* ProductName TOSHIBABIOSPackage */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]004e00430048004700420049004f00530032007800360034002e005300590053 } /* OriginalFilename NCHGBIOSxSYS */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000280043002900200031003900390039002d003200300031003200200054004f0053004800490042004100200043006f00720070006f0072006100740069006f006e002e00200041006c006c0020005200690067006800740073002000520065007300650072007600650064002e } /* LegalCopyright CopyrightCTOSHIBACorporationAllRightsReserved */
condition:
uint16(0) == 0x5a4d and filesize < 100KB and all of them
}
PUA_VULN_Driver_Toshibacorporation_Nchgbiosxsys_Toshibabiospackage_7D4C
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NCHGBIOS2x64.SYS
view YARA rule
rule PUA_VULN_Driver_Toshibacorporation_Nchgbiosxsys_Toshibabiospackage_7D4C {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NCHGBIOS2x64.SYS"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "7d4ca5760b6ad2e4152080e115f040f9d42608d2c7d7f074a579f911d06c8cf8"
date = "2024-08-07"
score = 40
id = "f3c02bcb-2c9e-5319-a0ac-3773a81d68f6"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]00420049004f00530020005500700064006100740065002000440072006900760065007200200046006f0072002000570069006e0064006f007700730020007800360034002000450064006900740069006f006e } /* FileDescription BIOSUpdateDriverForWindowsxEdition */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]0054004f0053004800490042004100200043006f00720070006f0072006100740069006f006e } /* CompanyName TOSHIBACorporation */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0034002e0031002e0030002e00300020006200750069006c0074002000620079003a002000570069006e00440044004b } /* FileVersion builtbyWinDDK */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0034002e0031002e0030002e0030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]004e00430048004700420049004f00530032007800360034002e005300590053 } /* InternalName NCHGBIOSxSYS */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]0054004f00530048004900420041002000420049004f00530020005000610063006b006100670065 } /* ProductName TOSHIBABIOSPackage */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]004e00430048004700420049004f00530032007800360034002e005300590053 } /* OriginalFilename NCHGBIOSxSYS */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000280043002900200031003900390039002d003200300031003000200054004f0053004800490042004100200043006f00720070006f0072006100740069006f006e002e00200041006c006c0020005200690067006800740073002000520065007300650072007600650064002e } /* LegalCopyright CopyrightCTOSHIBACorporationAllRightsReserved */
condition:
uint16(0) == 0x5a4d and filesize < 100KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Activeclean_A903
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Activeclean_A903 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "a903f329b70f0078197cb7683aae1bb432eaf58572fe572f7cb4bc2080042d7e"
date = "2024-08-07"
score = 40
id = "3142d323-869f-5e25-b860-da2c34f659ce"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0031002e0036002e0030002e0031003000350032 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0031002e0036 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]0041006300740069007600650043006c00650061006e } /* ProductName ActiveClean */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000280043002900200032003000300035002d00320030003000370020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 200KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Aegis_61BE
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Aegis_61BE {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "61befeef14783eb0fed679fca179d2f5c33eb2dcbd40980669ca2ebeb3bf11cf"
date = "2024-08-07"
score = 40
id = "8242879f-ce39-5f05-b43e-ec2c6b185e82"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0032002e0035002e0030002e0031003100300036 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0032002e0035 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]00410045004700490053 } /* ProductName AEGIS */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000280043002900200032003000300035002d00320030003000380020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 200KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Aegis_A802
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Aegis_A802 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "a8027daa6facf1ff81405daf6763249e9acf232a1a191b6bf106711630e6188e"
date = "2024-08-07"
score = 40
id = "9cb0be23-e1d9-5698-bde2-81a870f81f83"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0032002e0035002e0030002e0031003100320031 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0032002e0035 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]00410045004700490053 } /* ProductName AEGIS */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000280043002900200032003000300035002d00320030003000380020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 200KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Aegis_ADC1
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Aegis_ADC1 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "adc10de960f40fa9f6e28449748250fa9ddfd331115b77a79809a50c606753ee"
date = "2024-08-07"
score = 40
id = "77819373-6f49-56bc-8636-d25cd75491b7"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0032002e0032002e0030002e0031003000310036 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0032002e0032 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]00410045004700490053 } /* ProductName AEGIS */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000280043002900200032003000300035002d00320030003000380020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 200KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Aegis_C901
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Aegis_C901 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "c9014b03866bf37faa8fdb16b6af7cfec976aaef179fd5797d0c0bf8079d3a8c"
date = "2024-08-07"
score = 40
id = "a1c33a78-bef9-59fc-8976-876c1fe68aff"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0032002e0030002e0030002e0031003100310038 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0032002e0030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]00410045004700490053 } /* ProductName AEGIS */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000280043002900200032003000300035002d00320030003000370020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 200KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroaegis_3FA6
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroaegis_3FA6 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "3fa6379951f08ed3cb87eeba9cf0c5f5e1d0317dcfcf003b810df9d795eeb73e"
date = "2024-08-07"
score = 40
id = "25f27f08-3aab-5b8f-bf59-37a40de4fb44"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0032002e00380030002e0030002e0031003000370037 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0032002e00380030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f002000410045004700490053 } /* ProductName TrendMicroAEGIS */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000280043002900200032003000300035002d00320030003000390020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 200KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroaegis_4BC0
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroaegis_4BC0 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "4bc0921ffd4acc865525d3faf98961e8decc5aec4974552cbbf2ae8d5a569de4"
date = "2024-08-07"
score = 40
id = "da911735-e7b3-5721-8254-958f25b0efa1"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0033002e00320030002e0030002e0031003000310032 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0033002e00320030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f002000410045004700490053 } /* ProductName TrendMicroAEGIS */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000280043002900200032003000300035002d00320030003100300020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 200KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroaegis_ED2F
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroaegis_ED2F {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "ed2f33452ec32830ffef2d5dc832985db9600c306ed890c47f3f33ccbb335c39"
date = "2024-08-07"
score = 40
id = "288ce092-a3f2-57d0-9d28-a0c4b6faa52f"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0032002e00380030002e0030002e0031003000360033 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0032002e00380030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f002000410045004700490053 } /* ProductName TrendMicroAEGIS */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000280043002900200032003000300035002d00320030003000390020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 200KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_0909
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_0909 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "0909005d625866ef8ccd8ae8af5745a469f4f70561b644d6e38b80bccb53eb06"
date = "2024-08-07"
score = 40
id = "e1be6d99-bee6-5208-976b-04a2fde0602b"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0036002e00370030002e0030002e0031003100300036 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0036002e00370030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000200028004300290020002000320030003100370020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 400KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_12ED
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_12ED {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "12eda8b65ed8c1d80464a0c535ea099dffdb4981c134294cb0fa424efc85ee56"
date = "2024-08-07"
score = 40
id = "d8599978-d388-5b67-99ff-d4bde156b433"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0036002e00370030002e0030002e0031003100320031 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0036002e00370030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000200028004300290020002000320030003100390020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 400KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_1C12
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_1C12 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "1c1251784e6f61525d0082882a969cb8a0c5d5359be22f5a73e3b0cd38b51687"
date = "2024-08-07"
score = 40
id = "14390895-6fae-5e00-9d0d-76347782873c"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0035002e00350030002e0030002e0031003100320034 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0035002e00350030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f00700079007200690067006800740020002800430029002000320030003100350020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 300KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_2AFD
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_2AFD {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "2afdb3278a7b57466a103024aef9ff7f41c73a19bab843a8ebf3d3c4d4e82b30"
date = "2024-08-07"
score = 40
id = "4dc89f62-c0e0-5abf-9774-3ca21f8a1d8e"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0036002e00370030002e0030002e0031003000390038 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0036002e00370030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f00700079007200690067006800740020002800430029002000320030003100360020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 400KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_3854
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_3854 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "385485e643aa611e97ceae6590c6a8c47155886123dbb9de1e704d0d1624d039"
hash = "b773511fdb2e370dec042530910a905472fcc2558eb108b246fd3200171b04d3"
date = "2024-08-07"
score = 40
id = "2c945052-bb7b-52be-9c11-18eedac5a28e"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0037002e00330030002e0030002e0031003000360035 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0037002e00330030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000200028004300290020002000320030003100370020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 500KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_3C42
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_3C42 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "3c4207c90c97733fae2a08679d63fbbe94dfcf96fdfdf88406aa7ab3f80ea78f"
date = "2024-08-07"
score = 40
id = "e4c649d8-941e-57d8-9193-a7e5c3de4671"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0036002e00370030002e0030002e0031003100320038 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0036002e00370030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000200028004300290020002000320030003200300020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 400KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_3E1D
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_3E1D {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "3e1d47a497babbfd1c83905777b517ec87c65742bee7eb57a2273eca825d2272"
date = "2024-08-07"
score = 40
id = "d8d61d0b-d859-5e7e-9ef6-b232ab499560"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0035002e0030002e0030002e0031003100310033 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0035002e0030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000280043002900200032003000300035002d00320030003100310020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 300KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_478D
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_478D {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "478d855b648ef4501d3b08b3b10e94076ac67546b0ce86b454324f1bf9a78aa0"
date = "2024-08-07"
score = 40
id = "13ee4d76-b778-593e-85e6-8402d01352e8"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0036002e00360030002e0030002e0031003000380032 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0036002e00360030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000200028004300290020002000320030003100390020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 400KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_4E37
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_4E37 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "4e37592a2a415f520438330c32cfbdbd6af594deef5290b2fa4b9722b898ff69"
date = "2024-08-07"
score = 40
id = "c827a2fc-e533-5113-a7e5-8ae4f5718d63"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0036002e00370030002e0030002e0031003100340030 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0036002e00370030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000200028004300290020002000320030003200310020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 300KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_5027
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_5027 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "5027fce41ed60906a0e76b97c95c2a5a83d57a2d1cd42de232a21f26c0d58e48"
date = "2024-08-07"
score = 40
id = "e46d3ca0-a605-503d-86ac-67ac7ac8c7cc"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0035002e00350030002e0030002e0031003000340037 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0035002e00350030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f00700079007200690067006800740020002800430029002000320030003000320020002d002000320030003100320020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 300KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_5192
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_5192 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "5192ec4501d0fe0b1c8f7bf9b778f7524a7a70a26bbbb66e5dab8480f6fdbb8b"
date = "2024-08-07"
score = 40
id = "63cc2959-9cfa-575d-894f-fbb63349a4e7"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0036002e00370030002e0030002e0031003000370033 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0036002e00370030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f00700079007200690067006800740020002800430029002000320030003100350020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 400KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_62F5
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_62F5 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "62f5e13b2edc00128716cb93e6a9eddffea67ce83d2bb426f18f5be08ead89e0"
hash = "ee3ff12943ced401e2b6df9e66e8a0be8e449fa9326cab241f471b2d8ffefdd7"
date = "2024-08-07"
score = 40
id = "e66960f5-d39e-5b0b-b573-77ffeb276925"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0037002e0030002e0030002e0031003000390039 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0037002e0030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000200028004300290020002000320030003100360020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 500KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_654C
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_654C {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "654c5ba47f74008c8f49cbb97988017eec8c898adc3bb851bc6e1fdf9dcf54ad"
date = "2024-08-07"
score = 40
id = "c2883a08-8832-514d-a472-e53370fe9a88"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0036002e0030002e0030002e0031003000370032 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0036002e0030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f00700079007200690067006800740020002800430029002000320030003100330020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 300KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_6FFD
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_6FFD {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "6ffdde6bc6784c13c601442e47157062941c47015891e7139c2aaba676ab59cc"
date = "2024-08-07"
score = 40
id = "b0799b63-2938-586a-8a10-c3d9916b3d01"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c00650020004e006f00540072006100700020004200750069006c0064 } /* FileDescription TrendMicroCommonModuleNoTrapBuild */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0035002e0030002e0030002e0031003100300034 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0035002e0030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000280043002900200032003000300035002d00320030003100310020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 200KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_76E8
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_76E8 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "76e807b6c0214e66455f09a8de8faad40b738982ca84470f0043de0290449524"
date = "2024-08-07"
score = 40
id = "2d26b107-7fcb-5acd-94e4-ed18c399ad66"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0036002e00320030002e0030002e0031003000300038 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0036002e00320030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f00700079007200690067006800740020002800430029002000320030003100330020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 300KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_7837
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_7837 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "7837cb350338c4958968d06b105466da6518f5bb522a6e70e87c0cad85128408"
date = "2024-08-07"
score = 40
id = "47963173-d9a8-5a16-9959-d99e6e8920f3"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0036002e00360030002e0030002e0031003000350036 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0036002e00360030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f00700079007200690067006800740020002800430029002000320030003100360020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 400KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_7C73
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_7C73 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "7c731c0ea7f28671ab7787800db69739ea5cd6be16ea21045b4580cf95cbf73b"
hash = "fca10cde7d331b7f614118682d834d46125a65888e97bd9fda2df3f15797166c"
date = "2024-08-07"
score = 40
id = "ab7574a5-acba-5e3d-9259-e5833d43d195"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0036002e00370030002e0030002e0031003100320039 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0036002e00370030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000200028004300290020002000320030003200300020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 400KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_80A5
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_80A5 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "80a59ca71fc20961ccafc0686051e86ae4afbbd4578cb26ad4570b9207651085"
date = "2024-08-07"
score = 40
id = "80e3827b-44e7-5b59-a7db-c7daf0e38664"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0035002e00350030002e0030002e0031003000390031 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0035002e00350030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f00700079007200690067006800740020002800430029002000320030003100330020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 300KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_818E
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_818E {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "818e396595d08d724666803cd29dac566dc7db23bf50e9919d04b33afa988c01"
date = "2024-08-07"
score = 40
id = "534b26bd-7298-5e16-ba49-f48b1bc405d7"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0037002e00330030002e0030002e0031003000370038 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0037002e00330030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000200028004300290020002000320030003100370020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 500KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_97B3
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_97B3 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "97b32ddf83f75637e3ba934df117081dd6a1c57d47a4c9700d35e736da11d5bd"
hash = "89108a15f009b285db4ef94250b889d5b11b96b4aa7b190784a6d1396e893e10"
date = "2024-08-07"
score = 40
id = "ef15eec0-caf8-58e9-9c63-cfee3275253d"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0035002e00350030002e0030002e0031003000370030 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0035002e00350030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f00700079007200690067006800740020002800430029002000320030003000320020002d002000320030003100320020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 300KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_BCFC
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_BCFC {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "bcfc2c9883e6c1b8429be44cc4db988a9eecb544988fbd756d18cfca6201876f"
date = "2024-08-07"
score = 40
id = "aabd529a-516f-5e7f-85e2-b7fa207b89cd"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0037002e00330030002e0030002e0031003000340039 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0037002e00330030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000200028004300290020002000320030003100370020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 500KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_C082
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_C082 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "c082514317bf80a2f5129d84a5a55e411a95e32d03a4df1274537704c80e41dd"
date = "2024-08-07"
score = 40
id = "36d4d011-edf0-53e8-9665-b75520140df3"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0036002e00360030002e0030002e0031003000380034 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0036002e00360030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000200028004300290020002000320030003200300020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 400KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_CC68
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_CC68 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "cc687fe3741bbde1dd142eac0ef59fd1d4457daee43cdde23bb162ef28d04e64"
date = "2024-08-07"
score = 40
id = "14971376-05dc-59c2-bce7-498eabb52678"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0037002e00330030002e0030002e0031003000390039 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0037002e00330030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000200028004300290020002000320030003100380020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 500KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_D783
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_D783 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "d783ace822f8fe4e25d5387e5dd249cb72e62f62079023216dc436f1853a150f"
date = "2024-08-07"
score = 40
id = "12d08eab-49f0-5d40-bd2d-1a4834deaef1"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0035002e00350030002e0030002e0031003000330033 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0035002e00350030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f00700079007200690067006800740020002800430029002000320030003000320020002d002000320030003100320020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 300KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_DBC6
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_DBC6 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "dbc604b4e01362a3e51357af4a87686834fe913852a4e0a8c0d4c1a0f7d076ed"
date = "2024-08-07"
score = 40
id = "9a004873-765d-5db7-87e1-8796286635e3"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0036002e00350030002e0030002e0031003000340031 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0036002e00350030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f00700079007200690067006800740020002800430029002000320030003100340020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 300KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_E3EF
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_E3EF {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "e3eff841ea0f2786e5e0fed2744c0829719ad711fc9258eeaf81ed65a52a8918"
date = "2024-08-07"
score = 40
id = "3778fe25-a5d5-5cb0-8f03-9ceed5d71aa9"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0037002e0030002e0030002e0031003100300031 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0037002e0030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000200028004300290020002000320030003100360020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 500KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_E4D9
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_E4D9 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "e4d9f037411284e996a002b15b49bc227d085ee869ae1cd91ba54ff7c244f036"
date = "2024-08-07"
score = 40
id = "b0ef62c7-b223-5d70-883d-1a6a3d28dc0d"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0036002e00350030002e0030002e0031003000350038 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0036002e00350030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f00700079007200690067006800740020002800430029002000320030003100350020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 300KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_EC5F
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_EC5F {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "ec5fac0b6bb267a2bd10fc80c8cca6718439d56e82e053d3ff799ce5f3475db5"
date = "2024-08-07"
score = 40
id = "1d73baba-017c-527d-9eb8-0eb9865656b6"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0036002e00370030002e0030002e0031003000370038 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0036002e00370030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f00700079007200690067006800740020002800430029002000320030003100350020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 400KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_ECD0
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_ECD0 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "ecd07df7ad6fee9269a9e9429eb199bf3e24cf672aa1d013b7e8d90d75324566"
date = "2024-08-07"
score = 40
id = "f683f7c5-15cb-5e1b-9d6e-4261c85a581a"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0037002e0030002e0030002e0031003100370036 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0037002e0030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000200028004300290020002000320030003100390020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 400KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_FDA9
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_FDA9 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "fda93c6e41212e86af07f57ca95db841161f00b08dae6304a51b467056e56280"
date = "2024-08-07"
score = 40
id = "d405ca94-8b2c-57cd-b6da-8dbfd5f8d858"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200043006f006d006d006f006e0020004d006f00640075006c0065 } /* FileDescription TrendMicroCommonModule */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0036002e00370030002e0030002e0031003100310037 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0036002e00370030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* InternalName TmCommsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200045007900650073 } /* ProductName TrendMicroEyes */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0043006f006d006d002e007300790073 } /* OriginalFilename TmCommsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000200028004300290020002000320030003100390020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 400KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmelsys_Trendmicroearlylaunchantimalwaredriver_D0EB
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - Tmel.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmelsys_Trendmicroearlylaunchantimalwaredriver_D0EB {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - Tmel.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "d0eb3ba0aff471d19260192784bf9f056d669b779b6eaff84e732b7124ce1d11"
date = "2024-08-07"
score = 40
id = "f5251fdb-8e6e-5ea7-abdd-3a85dfbda449"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200045004c0041004d00200044007200690076006500720020002800360034002d0042006900740029 } /* FileDescription TrendMicroELAMDriverBit */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0031002e0036002e0030002e0031003000300032 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0031002e0036 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0065006c002e007300790073 } /* InternalName Tmelsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f0020004500610072006c00790020004c00610075006e0063006800200041006e00740069002d004d0061006c00770061007200650020004400720069007600650072 } /* ProductName TrendMicroEarlyLaunchAntiMalwareDriver */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0065006c002e007300790073 } /* OriginalFilename Tmelsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f00700079007200690067006800740020002800430029002000320030003100350020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 100KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmelsys_Trendmicroearlylaunchantimalwaredriver_DD62
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - Tmel.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmelsys_Trendmicroearlylaunchantimalwaredriver_DD62 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - Tmel.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "dd628061d6e53f3f0b44f409ad914b3494c5d7b5ff6ff0e8fc3161aacec93e96"
date = "2024-08-07"
score = 40
id = "31dc7b9b-b8bd-5af5-be43-ad3bfdc2a5b3"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200045004c0041004d0020004400720069007600650072 } /* FileDescription TrendMicroELAMDriver */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0031002e0036002e0030002e0031003000300032 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0031002e0036 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0065006c002e007300790073 } /* InternalName Tmelsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f0020004500610072006c00790020004c00610075006e0063006800200041006e00740069002d004d0061006c00770061007200650020004400720069007600650072 } /* ProductName TrendMicroEarlyLaunchAntiMalwareDriver */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0065006c002e007300790073 } /* OriginalFilename Tmelsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f00700079007200690067006800740020002800430029002000320030003100350020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 100KB and all of them
}
PUA_VULN_Driver_Trendmicroinc_Tmelsys_Trendmicroearlylaunchantimalwaredriver_E505
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - Tmel.sys
view YARA rule
rule PUA_VULN_Driver_Trendmicroinc_Tmelsys_Trendmicroearlylaunchantimalwaredriver_E505 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - Tmel.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "e505569892551b2ba79d8792badff0a41faea033e8d8f85c3afea33463c70bd9"
date = "2024-08-07"
score = 40
id = "03f8b653-0ecc-5161-935e-5f670fd54bb1"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005400720065006e0064004d006900630072006f00200045004c0041004d00200044007200690076006500720020002800360034002d0042006900740029 } /* FileDescription TrendMicroELAMDriverBit */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f00200049006e0063002e } /* CompanyName TrendMicroInc */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0031002e0036002e0030002e0031003000300034 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0031002e0036 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0054006d0065006c002e007300790073 } /* InternalName Tmelsys */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]005400720065006e00640020004d006900630072006f0020004500610072006c00790020004c00610075006e0063006800200041006e00740069002d004d0061006c00770061007200650020004400720069007600650072 } /* ProductName TrendMicroEarlyLaunchAntiMalwareDriver */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0054006d0065006c002e007300790073 } /* OriginalFilename Tmelsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f00700079007200690067006800740020002800430029002000320030003100350020005400720065006e00640020004d006900630072006f00200049006e0063006f00720070006f00720061007400650064002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e } /* LegalCopyright CopyrightCTrendMicroIncorporatedAllrightsreserved */
condition:
uint16(0) == 0x5a4d and filesize < 100KB and all of them
}
PUA_VULN_Driver_Vektortsecurityservice_Vboxdrv_Antidetectpublic_3724
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - VBoxDrv.sys
view YARA rule
rule PUA_VULN_Driver_Vektortsecurityservice_Vboxdrv_Antidetectpublic_3724 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - VBoxDrv.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "3724b39e97936bb20ada51c6119aded04530ed86f6b8d6b45fbfb2f3b9a4114b"
date = "2024-08-07"
score = 40
id = "1305b627-146c-5ec6-9e27-abac84f5a2f4"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005600690072007400750061006c0042006f007800200053007500700070006f007200740020004400720069007600650072 } /* FileDescription VirtualBoxSupportDriver */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]00560065006b0074006f0072002000540031003300200053006500630075007200690074007900200053006500720076006900630065 } /* CompanyName VektorTSecurityService */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0031002e0034002e0032002e003100310039003200330030 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0031002e0034002e0032002e003100310039003200330030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]00560042006f0078004400720076 } /* InternalName VBoxDrv */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]0041006e00740069006400650074006500630074002000320030003100390020005000750062006c00690063 } /* ProductName AntidetectPublic */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]00560042006f0078004400720076002e007300790073 } /* OriginalFilename VBoxDrvsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000280043002900200032003000300039002d00320030003100390020004f007200610063006c006500200043006f00720070006f0072006100740069006f006e } /* LegalCopyright CopyrightCOracleCorporation */
condition:
uint16(0) == 0x5a4d and filesize < 400KB and all of them
}
PUA_VULN_Driver_Vektortsecurityservice_Vboxdrv_Antidetectpublic_CFB7
Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - VBoxDrv.sys
view YARA rule
rule PUA_VULN_Driver_Vektortsecurityservice_Vboxdrv_Antidetectpublic_CFB7 {
meta:
description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - VBoxDrv.sys"
author = "Florian Roth"
reference = "https://github.com/magicsword-io/LOLDrivers"
hash = "cfb7af8ac67a379e7869289aeee21837c448ea6f8ab6c93988e7aa423653bd40"
date = "2024-08-07"
score = 40
id = "e80a43d2-d96f-5fed-a5e1-3e1ea617542a"
strings:
$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005600690072007400750061006c0042006f007800200053007500700070006f007200740020004400720069007600650072 } /* FileDescription VirtualBoxSupportDriver */
$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]00560065006b0074006f0072002000540031003300200053006500630075007200690074007900200053006500720076006900630065 } /* CompanyName VektorTSecurityService */
$ = { 00460069006c006500560065007200730069006f006e[1-8]0031002e0034002e0030002e003100310039003200330030 } /* FileVersion */
$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0031002e0034002e0030002e003100310039003200330030 } /* ProductVersion */
$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]00560042006f0078004400720076 } /* InternalName VBoxDrv */
$ = { 00500072006f0064007500630074004e0061006d0065[1-8]0041006e00740069006400650074006500630074002000320030003100390020005000750062006c00690063 } /* ProductName AntidetectPublic */
$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]00560042006f0078004400720076002e007300790073 } /* OriginalFilename VBoxDrvsys */
$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000280043002900200032003000300039002d00320030003100390020004f007200610063006c006500200043006f00720070006f0072006100740069006f006e } /* LegalCopyright CopyrightCOracleCorporation */
condition:
uint16(0) == 0x5a4d and filesize < 400KB and all of them
}
Showing 1301-1350 of 5,941