id: minidionis-readerview-malware-hash
info:
  name: MiniDionis Malware Hash - Detect
  author: pussycat0x
  severity: info
  description: |
    MiniDionis Malware - file readerView.exe / adobe.exe
  reference:
    - http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3950
    - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Minidionis.yar
  tags: malware,minidionis

file:
  - extensions:
      - all

    matchers:
      - type: dsl
        dsl:
          - "sha256(raw) == 'ee5eb9d57c3611e91a27bb1fc2d0aaa6bbfa6c69ab16e65e7123c7c49d46f145'"
          - "sha256(raw) == 'a713982d04d2048a575912a5fc37c93091619becd5b21e96f049890435940004'"
          - "sha256(raw) == '88a40d5b679bccf9641009514b3d18b09e68b609ffaf414574a6eca6536e8b8f'"
          - "sha256(raw) == '97d8725e39d263ed21856477ed09738755134b5c0d0b9ae86ebb1cdd4cdc18b7'"
          - "sha256(raw) == 'ed7abf93963395ce9c9cba83a864acb4ed5b6e57fd9a6153f0248b8ccc4fdb46'"
          - "sha256(raw) == '56ac764b81eb216ebed5a5ad38e703805ba3e1ca7d63501ba60a1fb52c7ebb6e'"
        condition: or
# digest: 490a00463044022029fa96cb482d568ef5bf8d61cb9dbc4d963eceebc921fde94f9982cb64b935d402202293f5472d0f763fdece65b66eaf4689cbc5d2f5d808519ea4ec296396c593b1:922c64590222798bb761d5b6d8e72950