load NCR ATM library

rule:
  meta:
    name: load NCR ATM library
    namespace: targeting/automated-teller-machine/ncr
    authors:
      - william.ballenthin@mandiant.com
    scopes:
      static: file
      dynamic: file
    references:
      - https://www.pcworld.com/article/2824572/leaked-programming-manual-may-help-criminals-develop-more-atm-malware.html
    examples:
      - 971e599e6e707349eccea2fd4c8e5f67
      - 4bdd67ff852c221112337fecd0681eac
      - 32d1f4b9c0cf2bb9512d88d27ca23c07
      - dc9eb40429d6fa2f15cd34479cb320c8
      - 5b3968b47eb16a1cb88525e3b565eab1
      - dc4dc746d8a14060fb5fc7edd4ef5282
  features:
    - or:
      - import: msxfs.dll
        description: Extension for Financial Services (XFS)
      - string: "MSXFS.dll"
      - string: "msxfs.dll"