id: passcv-signingcert-malware-hash
info:
  name: PassCV Sabre Malware Signing Cert Hash - Detect
  author: pussycat0x
  severity: info
  description: |
    PassCV Malware mentioned in Cylance Report
  reference:
    - https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies
    - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Passcv.yar
  tags: malware,passcv

file:
  - extensions:
      - all

    matchers:
      - type: dsl
        dsl:
          - "sha256(raw) == '7c32885c258a6d5be37ebe83643f00165da3ebf963471503909781540204752e'"
# digest: 490a0046304402204af796f5fa792d02c6a8bb14ae8eb53f61509ac8c892258295432da49fdbc1480220362b731e34545f2a4bee533332d1a6a3aea6d77212f65e8f828008eb4f292d35:922c64590222798bb761d5b6d8e72950