Add another simple hex-string pattern

jvoisin · jvoisin · commit dfe0fa93925d · 2017-02-21T17:24:37.000+01:00
diff --git a/php-malware-finder/common.yar b/php-malware-finder/common.yar
@@ -51,6 +51,7 @@ private rule hex
         $system = "\\x73\\x79\\x73\\x74\\x65\\x6d" nocase
         $preg_replace = "\\x70\\x72\\x65\\x67\\x5f\\x72\\x65\\x70\\x6c\\x61\\x63\\x65" nocase
         $http_user_agent = "\\x48\\124\\x54\\120\\x5f\\125\\x53\\105\\x52\\137\\x41\\107\\x45\\116\\x54" nocase
+        $base64_decode = "\\x61\\x73\\x65\\x36\\x34\\x5f\\x64\\x65\\x63\\x6f\\x64\\x65\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6c\\x61\\x74\\x65\\x28" nocase
     
     condition:
         any of them
