16 lines
615 B
Plaintext
16 lines
615 B
Plaintext
|
|
rule Exploit_Win32_Crpexp_gen_A{
|
|
meta:
|
|
description = "Exploit:Win32/Crpexp.gen!A,SIGNATURE_TYPE_PEHSTR_EXT,0a 00 01 00 06 00 00 "
|
|
|
|
strings :
|
|
$a_07_0 = {5b 81 73 13 ?? ?? ?? ?? 83 eb fc e2 f4 } //1
|
|
$a_07_1 = {5e 81 76 0e ?? ?? ?? ?? 83 ee fc e2 f4 } //1
|
|
$a_07_2 = {33 c9 66 b9 ?? ?? 80 34 ?? ?? e2 fa } //1
|
|
$a_07_3 = {31 c9 81 e9 fe fe ff ff ac 34 ?? aa e2 fa } //1
|
|
$a_07_4 = {33 c9 66 b9 ?? ?? 80 33 ?? 43 e2 fa } //1
|
|
$a_07_5 = {33 c9 66 b9 ?? ?? 80 34 0b ?? e2 fa } //1
|
|
condition:
|
|
((#a_07_0 & 1)*1+(#a_07_1 & 1)*1+(#a_07_2 & 1)*1+(#a_07_3 & 1)*1+(#a_07_4 & 1)*1+(#a_07_5 & 1)*1) >=1
|
|
|
|
} |