You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
desc = "This rule looks for the pe.dll_name harcoded as PPLdumpDLL.dll, which could be indicative of source code used or stolen from the PPLdump project. All hits are suspicious."
reference = "https://github.com/itm4n/PPLdump"
condition:
uint16(0) == 0x5a4d and (pe.dll_name icontains "PPLdumpDLL.dll")