display service notification message box

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: display service notification message box
    namespace: host-interaction/gui
    authors:
      - anushka.virgaonkar@mandiant.com
    scopes:
      static: function
      dynamic: thread
  features:
    - and:
      - number: 0x200000 = service notification
      - api: System.Windows.Forms.MessageBox::Show

last edited: 2023-11-24 10:34:28