14 lines
882 B
Plaintext
14 lines
882 B
Plaintext
|
|
rule Exploit_BAT_CVE-2013-0074_I{
|
|
meta:
|
|
description = "Exploit:BAT/CVE-2013-0074.I,SIGNATURE_TYPE_PEHSTR_EXT,04 00 04 00 04 00 00 01 00 "
|
|
|
|
strings :
|
|
$a_03_0 = {46 00 72 00 6f 00 6d 00 42 00 61 00 73 00 65 00 36 00 34 00 53 00 74 00 72 00 69 00 6e 00 67 00 90 01 02 74 00 75 00 74 00 69 00 90 00 } //01 00
|
|
$a_03_1 = {3b 00 63 00 6f 00 6d 00 70 00 6f 00 6e 00 65 00 6e 00 74 00 2f 00 4d 00 61 00 69 00 6e 00 50 00 61 00 67 00 65 00 2e 00 78 00 61 00 6d 00 6c 00 90 01 02 4c 00 61 00 79 00 6f 00 75 00 74 00 52 00 6f 00 6f 00 74 00 90 00 } //01 00
|
|
$a_01_2 = {5c 45 58 50 5c 53 69 6c 76 65 72 41 70 70 31 5c 53 69 6c 76 65 72 41 70 70 31 5c 6f 62 6a 5c 44 65 62 75 67 5c } //01 00 \EXP\SilverApp1\SilverApp1\obj\Debug\
|
|
$a_01_3 = {44 44 44 44 61 10 01 03 20 33 33 33 33 60 10 01 03 20 22 22 22 22 58 10 01 03 16 fe 01 0b 07 2d } //00 00
|
|
condition:
|
|
any of ($a_*)
|
|
|
|
} |