18 lines
1.1 KiB
Plaintext
18 lines
1.1 KiB
Plaintext
|
|
rule Exploit_Win32_CVE-2015-1671{
|
|
meta:
|
|
description = "Exploit:Win32/CVE-2015-1671,SIGNATURE_TYPE_PEHSTR_EXT,04 00 04 00 08 00 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {65 61 65 36 61 66 36 63 2e 67 2e 72 65 73 6f 75 72 63 65 73 00 } //1
|
|
$a_01_1 = {6b 32 68 66 50 65 6c 6b 74 2e 67 2e 72 65 73 6f 75 72 63 65 73 00 } //1
|
|
$a_01_2 = {78 3a 43 6c 61 73 73 3d 22 65 61 65 36 61 66 36 63 2e 4d 61 69 6e 50 61 67 65 22 } //1 x:Class="eae6af6c.MainPage"
|
|
$a_01_3 = {78 3a 43 6c 61 73 73 3d 22 6b 32 68 66 50 65 6c 6b 74 2e 4d 61 69 6e 50 61 67 65 22 } //1 x:Class="k2hfPelkt.MainPage"
|
|
$a_01_4 = {63 65 34 44 6d 66 73 6d 53 72 4f 54 38 35 36 74 44 67 66 72 6b 4d 62 00 } //1 散䐴晭浳牓呏㔸琶杄牦䵫b
|
|
$a_01_5 = {74 00 78 00 72 00 68 00 69 00 00 00 } //1
|
|
$a_01_6 = {65 00 61 00 65 00 36 00 61 00 66 00 36 00 63 00 2e 00 64 00 6c 00 6c 00 00 00 } //1
|
|
$a_01_7 = {6b 00 32 00 68 00 66 00 50 00 65 00 6c 00 6b 00 74 00 2e 00 64 00 6c 00 6c 00 00 00 } //1
|
|
condition:
|
|
((#a_01_0 & 1)*1+(#a_01_1 & 1)*1+(#a_01_2 & 1)*1+(#a_01_3 & 1)*1+(#a_01_4 & 1)*1+(#a_01_5 & 1)*1+(#a_01_6 & 1)*1+(#a_01_7 & 1)*1) >=4
|
|
|
|
} |