JiaguK - packer (#375)

* JiaguK - packer * Update packers.yara * Revert "Update packers.yara" This reverts commit 57d5f34, reversing changes made to fec7ed1. * Revert "Update packers.yara" This reverts commit fec7ed1. * Update packers.yara * Update packers.yara * Update packers.yara * Update packers.yara * Update packers.yara * Update packers.yara * Update packers.yara * Update packers.yara Replaced "$classNameString" to "all of them"
rednaga · Nov 8, 2023 · df2c48b · df2c48b
1 parent 0546b06
commit df2c48b
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/apkid/rules/dex/packers.yara b/apkid/rules/dex/packers.yara
@@ -604,3 +604,18 @@ rule custom_flutter : packer
   condition:
     is_dex and all of them
 }
+
+rule jiagu_k : packer
+{
+  meta:
+    description = "Jiagu K"
+    sample1     = "aa666b75ffb3588dd41c8e546d53e353cda67cf278b167c7737b1169262856bb"
+    sample2     = "d9baf66e7ac116a8c68599ef16fae5397ac4fd0847e2fcfe3ee2c155ecf4f850"
+    author      = "ReBensk"
+
+  strings:
+    $classNameString = { 00 10 4C 76 69 72 62 6F 78 2F 53 74 75 62 41 70 70 3B 00 } // Lvirbox/StubApp;
+   
+  condition:
+    is_dex and all of them and (dex.header.data_size + dex.header.data_offset) < dex.header.file_size
+}