rule Exploit_Win64_CVE-2023-28252_A{
	meta:
		description = "Exploit:Win64/CVE-2023-28252.A,SIGNATURE_TYPE_PEHSTR_EXT,02 00 02 00 03 00 00 "
		
	strings :
		$a_03_0 = {48 89 15 bc 9b 06 00 e8 90 01 04 48 8b ce e8 90 01 04 00 33 d2 90 00 } //1
		$a_03_1 = {48 2b d3 48 2b c3 48 89 15 2a 9c 04 00 48 89 05 2b 9c 04 00 e8 90 01 04 48 8b 15 1f 9c 04 90 00 } //1
		$a_03_2 = {48 89 15 bb 7c 04 00 e8 90 01 04 8b 0d 08 7b 06 00 48 8b 05 89 7c 04 00 4c 39 3c 01 90 00 } //1
	condition:
		((#a_03_0  & 1)*1+(#a_03_1  & 1)*1+(#a_03_2  & 1)*1) >=2
 
}