Skip to content

Commit

Permalink
Update anti-analysis/anti-av/patch-antimalware-scan-interface-functio…
Browse files Browse the repository at this point in the history 
…n.yml

Co-authored-by: Moritz <[email protected]>
  • Loading branch information
@jtothej @mr-tz
jtothej and mr-tz authored Nov 20, 2023
1 parent 6abb740 commit 9bf276a
Showing 1 changed file with 1 addition and 10 deletions.
11 changes: 1 addition & 10 deletions anti-analysis/anti-av/patch-antimalware-scan-interface-function.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,16 +15,7 @@ rule:
- edb92795c06a2bde47e652639327253a1148ee675ba2f0d1d9ac8690ef1820b1:0x14001126C
features:
- and:
- match: link function at runtime on Windows
- or:
- api: kernel32.VirtualProtect
- api: kernel32.VirtualProtectEx
- api: ntdll.NtProtectVirtualMemory
- api: ZwProtectVirtualMemory
- string: "VirtualProtect"
- string: "VirtualProtectEx"
- string: "NtProtectVirtualMemory"
- string: "ZwProtectVirtualMemory"
- match: change memory protection
- or:
- string: "AmsiScanBuffer"
- string: "AmsiScanString"
Expand Down

0 comments on commit 9bf276a

Please sign in to comment.