Skip to content

Commit

Permalink
[BUGFIX] If no other conditions given, mark matches from custom file …
Browse files Browse the repository at this point in the history 
…as suspicious
  • Loading branch information
@hasherezade
hasherezade committed Feb 16, 2024
1 parent f7faf4b commit 00164d0
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion scanners/workingset_scanner.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,9 +143,12 @@ bool pesieve::WorkingSetScanner::checkAreaContent(IN MemPageData& memPage, OUT W
else if (this->args.shellcode == SHELLC_PATTERNS_OR_STATS) {
code = (codeP || codeS);
}

my_report->has_shellcode = code;

if ( (this->args.obfuscated != OBFUSC_NONE && obfuscated) || ((this->args.shellcode != SHELLC_NONE) && code) ){
if ( (obfuscated && this->args.obfuscated != OBFUSC_NONE)
|| (code && (this->args.shellcode != SHELLC_NONE || custom_matched_count) ))
{
my_report->status = SCAN_SUSPICIOUS;
}
if (my_report->status == SCAN_SUSPICIOUS) {
Expand Down

0 comments on commit 00164d0

Please sign in to comment.