Mister Spy Say ="Hello Kids ... :D"
 
 
     ___  ____     _              _____
    |  \/  (_)   | |            /  ___|
               | .  . |_ ___| |_ ___ _ __  \ `--. _ __  _   _
                | |\/| | / __| __/ _ \ '__|  `--. \ '_ \| | | |
                | |  | | \__ \ ||  __/ |    /\__/ / |_) | |_| |
                \_|  |_/_|___/\__\___|_|    \____/| .__/ \__, |
                                                 | |     __/ |
                                                 |_|    |___/
                                       Bot Mister Spy V3
Mister Spy

Mister Spy

Current Path : /var/imunify360/files/sigs/v1/heuristic/
Upload File :
Current File : //var/imunify360/files/sigs/v1/heuristic/main.yara

// import "math"
include "webshells.yara"

/*private  global rule size_limit
{
    condition:
        filesize < 1MB
        
}

private rule is_php
{
    strings:
        $str = /<\?(php|\s)/

    condition:
        (filesize < 1MB) and $str
}

private rule php_keywords_rate {
    strings:
        $keyword = /\b(this|if|return|function|else|array|false|true)\b/
        
    condition:
        is_php and math.divide(#keyword, filesize) > 0.001
}

rule php_packed
{
    strings:
        $func1 = /base64_decode\s*\(/
        $func2 = /eval\s*\(/
        $func3 = /\$[a-zA-Z0-9_]+\(/
        
    condition:
        is_php and (($func1 and $func2) or $func3) and (math.entropy(0, filesize) >= 5.00)  and not php_keywords_rate //5.81
}
*./

Mr. DellatioNx196 GaLers xh3LL Backd00r 1.0, Coded By Mr. DellatioNx196 - Bogor BlackHat