21 lines
939 B
Plaintext
21 lines
939 B
Plaintext
|
|
rule Exploit_BAT_CVE-2013-0074_A{
|
|
meta:
|
|
description = "Exploit:BAT/CVE-2013-0074.A,SIGNATURE_TYPE_PEHSTR_EXT,1f 00 1f 00 0b 00 00 01 00 "
|
|
|
|
strings :
|
|
$a_03_0 = {0a 17 17 28 90 01 01 00 00 0a 90 00 } //01 00
|
|
$a_03_1 = {0a 17 16 28 90 01 01 00 00 0a 90 00 } //01 00
|
|
$a_03_2 = {0a 16 17 28 90 01 01 00 00 0a 90 00 } //01 00
|
|
$a_03_3 = {0a 16 16 28 90 01 01 00 00 0a 90 00 } //01 00
|
|
$a_03_4 = {0a 06 17 17 28 90 01 01 00 00 0a 90 00 } //01 00
|
|
$a_03_5 = {0a 06 17 16 28 90 01 01 00 00 0a 90 00 } //01 00
|
|
$a_03_6 = {0a 06 16 17 28 90 01 01 00 00 0a 90 00 } //01 00
|
|
$a_03_7 = {0a 06 16 16 28 90 01 01 00 00 0a 90 00 } //0a 00
|
|
$a_01_8 = {00 48 74 6d 6c 4f 62 6a 65 63 74 00 } //0a 00 䠀浴佬橢捥t
|
|
$a_01_9 = {00 53 79 73 74 65 6d 2e 57 69 6e 64 6f 77 73 2e 42 72 6f 77 73 65 72 00 } //0a 00
|
|
$a_01_10 = {00 53 63 72 69 70 74 4f 62 6a 65 63 74 00 } //00 00 匀牣灩佴橢捥t
|
|
condition:
|
|
any of ($a_*)
|
|
|
|
} |