17 lines
1012 B
Plaintext
17 lines
1012 B
Plaintext
|
|
rule Exploit_BAT_CVE-2013-0074_G{
|
|
meta:
|
|
description = "Exploit:BAT/CVE-2013-0074.G,SIGNATURE_TYPE_PEHSTR_EXT,05 00 05 00 06 00 00 01 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {78 3a 43 6c 61 73 73 3d 22 68 73 61 79 74 76 78 77 31 37 2e 41 70 70 22 } //01 00 x:Class="hsaytvxw17.App"
|
|
$a_01_1 = {68 73 61 79 74 76 78 77 31 37 2e 67 2e 72 65 73 6f 75 72 63 65 73 } //01 00 hsaytvxw17.g.resources
|
|
$a_01_2 = {78 6d 6c 6e 73 3a 6c 6f 63 61 6c 3d 22 75 73 69 6e 67 3a 41 6c 61 72 6d 50 72 6f 22 } //01 00 xmlns:local="using:AlarmPro"
|
|
$a_01_3 = {75 00 72 00 69 00 61 00 2e 00 70 00 6f 00 6f 00 68 00 } //01 00 uria.pooh
|
|
$a_01_4 = {70 00 65 00 64 00 65 00 35 00 } //01 00 pede5
|
|
$a_01_5 = {2f 00 68 00 73 00 61 00 79 00 74 00 76 00 78 00 77 00 31 00 37 00 3b 00 63 00 6f 00 6d 00 70 00 6f 00 6e 00 65 00 6e 00 74 00 2f 00 4d 00 61 00 69 00 6e 00 50 00 61 00 67 00 65 00 2e 00 78 00 61 00 6d 00 6c 00 } //00 00 /hsaytvxw17;component/MainPage.xaml
|
|
$a_00_6 = {5d 04 00 00 } //c9 26
|
|
condition:
|
|
any of ($a_*)
|
|
|
|
} |