DefenderYara/Exploit/WinNT/CVE-2013-2463/Exploit_WinNT_CVE-2013-2463...


rule Exploit_WinNT_CVE-2013-2463_A{
	meta:
		description = "Exploit:WinNT/CVE-2013-2463.A,SIGNATURE_TYPE_JAVAHSTR_EXT,03 00 03 00 04 00 00 "
		
	strings :
		$a_01_0 = {43 4c 0c 0c 4c 5d 7b 7b 7b 7e 73 7b 55 6b 55 7b 76 7b 7b 15 79 5d 78 7b 7b 7f 7f 71 7b 79 49 7b } //3 䱃ఌ嵌筻繻筳歕筕筶ᕻ嵹筸罻煿祻等
		$a_01_1 = {77 4f 56 4e 53 6a 53 42 5f 56 6a 5b 59 51 5f 5e 69 5b 57 4a 56 5f 77 55 5e 5f 56 } //1 wOVNSjSB_Vj[YQ_^i[WJV_wU^_V
		$a_01_2 = {59 48 5f 5b 4e 5f 79 55 54 4e 5f 42 4e } //1 YH_[N_yUTN_BN
		$a_01_3 = {59 48 5f 5b 4e 5f 6d 48 53 4e 5b 58 56 5f 68 5b 49 4e 5f 48 } //1 YH_[N_mHSN[XV_h[IN_H
	condition:
		((#a_01_0  & 1)*3+(#a_01_1  & 1)*1+(#a_01_2  & 1)*1+(#a_01_3  & 1)*1) >=3
 
}
init 2024-02-05 06:12:47 -08:00
			`rule Exploit_WinNT_CVE-2013-2463_A{`
			`meta:`
fix condition 2024-07-06 23:13:08 -07:00			`description = "Exploit:WinNT/CVE-2013-2463.A,SIGNATURE_TYPE_JAVAHSTR_EXT,03 00 03 00 04 00 00 "`
init 2024-02-05 06:12:47 -08:00
			`strings :`
fix condition 2024-07-06 23:13:08 -07:00			`$a_01_0 = {43 4c 0c 0c 4c 5d 7b 7b 7b 7e 73 7b 55 6b 55 7b 76 7b 7b 15 79 5d 78 7b 7b 7f 7f 71 7b 79 49 7b } //3 䱃ఌ嵌筻繻筳歕筕筶ᕻ嵹筸罻煿祻等`
			`$a_01_1 = {77 4f 56 4e 53 6a 53 42 5f 56 6a 5b 59 51 5f 5e 69 5b 57 4a 56 5f 77 55 5e 5f 56 } //1 wOVNSjSB_Vj[YQ_^i[WJV_wU^_V`
			`$a_01_2 = {59 48 5f 5b 4e 5f 79 55 54 4e 5f 42 4e } //1 YH_[N_yUTN_BN`
			`$a_01_3 = {59 48 5f 5b 4e 5f 6d 48 53 4e 5b 58 56 5f 68 5b 49 4e 5f 48 } //1 YH_[N_mHSN[XV_h[IN_H`
init 2024-02-05 06:12:47 -08:00			`condition:`
fix condition 2024-07-06 23:13:08 -07:00			`((#a_01_0 & 1)3+(#a_01_1 & 1)1+(#a_01_2 & 1)1+(#a_01_3 & 1)1) >=3`
init 2024-02-05 06:12:47 -08:00
			`}`