MalwareBazaar Database
This page shows some basic information the YARA rule SUSP_Two_Byte_XOR_PE_And_MZ including corresponding malware samples.
Database Entry
| YARA Rule: | SUSP_Two_Byte_XOR_PE_And_MZ |
|---|---|
| Author: | Wesley Shields |
| Description: | Look for 2 byte xor of a PE starting at offset 0 |
| Firstseen: | 2022-05-25 11:39:54 UTC |
| Lastseen: | 2026-02-17 21:45:00 UTC |
| Sightings: | 8 |
Malware Samples
The table below shows all malware samples that matching this particular YARA rule (max 1000).
| Firstseen (UTC) | SHA256 hash | Tags | Signature | Reporter |
|---|