Use sigtool --findsigs
to dump the rule data
sigtool --find-sigs Win.Malware.Generic-10008460-0
[daily.ldb] Win.Malware.Generic-10008460-0;Engine:81-255,Target:1;0&1&2&3&4;5c47686f737442726f777365725c5573657220446174615c44656661756c745c4c6f67696e2044617461::w;5c46656e72697220496e635c536c6569706e6972355c73657474696e675c6d6f64756c65735c4368726f6d69756d5669657765725c44656661756c745c4c6f67696e2044617461::w;5c436f6d6f646f5c447261676f6e5c5573657220446174615c44656661756c745c4c6f67696e2044617461::w;4243727970742e424372797074536574416c676f726974686d50726f7065727479284243727970742e4243525950545f434841494e494e475f4d4f44452c204243727970742e4243525950545f434841494e5f4d4f44455f47434d29206661696c656420776974682073746174757320636f64653a7b307d::w;5c4272617665536f6674776172655c42726176652d42726f777365725c5573657220446174615c44656661756c745c4c6f67696e2044617461::w
To get a readable format pipe the rule contents to sigtool --decode
echo 'Win.Malware.Generic-10008460-0;Engine:81-255,Target:1;0&1&2&3&4;5c47686f737442726f777365725c5573657220446174615c44656661756c745c4c6f67696e2044617461::w;5c46656e72697220496e635c536c6569706e6972355c73657474696e675c6d6f64756c65735c4368726f6d69756d5669657765725c44656661756c745c4c6f67696e2044617461::w;5c436f6d6f646f5c447261676f6e5c5573657220446174615c44656661756c745c4c6f67696e2044617461::w;4243727970742e424372797074536574416c676f726974686d50726f7065727479284243727970742e4243525950545f434841494e494e475f4d4f44452c204243727970742e4243525950545f434841494e5f4d4f44455f47434d29206661696c656420776974682073746174757320636f64653a7b307d::w;5c4272617665536f6674776172655c42726176652d42726f777365725c5573657220446174615c44656661756c745c4c6f67696e2044617461::w' | sigtool --decode
VIRUS NAME: Win.Malware.Generic-10008460-0
TDB: Engine:81-255,Target:1
LOGICAL EXPRESSION: 0&1&2&3&4
* SUBSIG ID 0
+-> OFFSET: ANY
+-> SIGMOD: WIDE
+-> DECODED SUBSIGNATURE:
\GhostBrowser\User Data\Default\Login Data
* SUBSIG ID 1
+-> OFFSET: ANY
+-> SIGMOD: WIDE
+-> DECODED SUBSIGNATURE:
\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer\Default\Login Data
* SUBSIG ID 2
+-> OFFSET: ANY
+-> SIGMOD: WIDE
+-> DECODED SUBSIGNATURE:
\Comodo\Dragon\User Data\Default\Login Data
* SUBSIG ID 3
+-> OFFSET: ANY
+-> SIGMOD: WIDE
+-> DECODED SUBSIGNATURE:
BCrypt.BCryptSetAlgorithmProperty(BCrypt.BCRYPT_CHAINING_MODE, BCrypt.BCRYPT_CHAIN_MODE_GCM) failed with status code:{0}
* SUBSIG ID 4
+-> OFFSET: ANY
+-> SIGMOD: WIDE
+-> DECODED SUBSIGNATURE:
\BraveSoftware\Brave-Browser\User Data\Default\Login Data