rule Exploit_BAT_CVE-2013-0074_J{
	meta:
		description = "Exploit:BAT/CVE-2013-0074.J,SIGNATURE_TYPE_PEHSTR_EXT,03 00 03 00 04 00 00 "
		
	strings :
		$a_03_0 = {3b 00 63 00 6f 00 6d 00 70 00 6f 00 6e 00 65 00 6e 00 74 00 2f 00 4d 00 61 00 69 00 6e 00 50 00 61 00 67 00 65 00 2e 00 78 00 61 00 6d 00 6c 00 ?? ?? 4c 00 61 00 79 00 6f 00 75 00 74 00 52 00 6f 00 6f 00 74 00 ?? ?? 50 00 72 00 6f 00 67 00 72 00 65 00 73 00 73 00 ?? ?? 44 00 6f 00 77 00 6e 00 6c 00 6f 00 61 00 64 00 65 00 64 00 } //1
		$a_03_1 = {64 00 73 00 66 00 76 00 62 00 65 00 67 00 72 00 65 00 66 00 67 00 72 00 34 00 33 00 2e 00 64 00 6c 00 6c 00 ?? ?? 64 00 61 00 76 00 73 00 66 00 72 00 77 00 67 00 66 00 33 00 77 00 32 00 32 00 32 00 2e 00 4d 00 61 00 69 00 6e 00 50 00 61 00 67 00 65 00 } //1
		$a_01_2 = {5c 45 58 50 5c 53 49 4c 56 45 52 5f 50 72 65 6c 6f 61 64 65 72 5c 50 72 65 6c 6f 61 64 65 72 5c 6f 62 6a 5c 44 65 62 75 67 5c } //1 \EXP\SILVER_Preloader\Preloader\obj\Debug\
		$a_03_3 = {73 00 61 00 66 00 64 00 66 00 77 00 33 00 71 00 77 00 64 00 73 00 66 00 2e 00 64 00 6c 00 6c 00 ?? ?? 53 00 69 00 6c 00 76 00 65 00 72 00 41 00 70 00 70 00 31 00 2e 00 4d 00 61 00 69 00 6e 00 50 00 61 00 67 00 65 00 } //1
	condition:
		((#a_03_0  & 1)*1+(#a_03_1  & 1)*1+(#a_01_2  & 1)*1+(#a_03_3  & 1)*1) >=3
 
}