qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Exploit/BAT/CVE-2013-0074/Exploit_BAT_CVE-2013-0074_F...

18 lines
1.1 KiB
Plaintext
Raw Permalink Blame History

rule Exploit_BAT_CVE-2013-0074_F{
meta:
description = "Exploit:BAT/CVE-2013-0074.F,SIGNATURE_TYPE_PEHSTR_EXT,07 00 07 00 07 00 00 01 00 "
strings :
$a_01_0 = {3a 43 6c 61 73 73 3d 22 61 73 64 67 73 64 2e 6d 69 72 79 22 } //01 00 :Class="asdgsd.miry"
$a_03_1 = {31 00 38 00 36 00 90 01 02 38 00 38 00 90 01 02 74 00 75 00 74 00 69 00 90 00 } //01 00
$a_03_2 = {32 00 33 00 35 00 90 01 02 32 00 34 00 35 00 90 01 02 32 00 35 00 32 00 90 01 02 31 00 38 00 32 00 90 01 02 31 00 37 00 37 00 90 00 } //01 00
$a_03_3 = {32 00 31 00 38 00 90 01 02 31 00 34 00 37 00 90 01 02 31 00 35 00 38 00 90 01 02 31 00 35 00 35 00 90 01 02 31 00 34 00 32 00 90 00 } //01 00
$a_01_4 = {2f 00 61 00 73 00 64 00 67 00 73 00 64 00 3b 00 63 00 6f 00 6d 00 70 00 6f 00 6e 00 65 00 6e 00 74 00 2f 00 41 00 70 00 70 00 2e 00 78 00 61 00 6d 00 6c 00 } //01 00 /asdgsd;component/App.xaml
$a_01_5 = {61 00 73 00 64 00 67 00 73 00 64 00 2e 00 63 00 68 00 61 00 69 00 6b 00 69 00 } //01 00 asdgsd.chaiki
$a_03_6 = {04 4c 6f 6f 70 90 02 10 24 39 36 46 34 41 30 35 30 90 00 } //00 00
$a_00_7 = {5d 04 00 00 } //08 26
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink