12 lines
789 B
Plaintext
12 lines
789 B
Plaintext
|
|
rule Exploit_Win32_Senglot_G{
|
|
meta:
|
|
description = "Exploit:Win32/Senglot.G,SIGNATURE_TYPE_PEHSTR_EXT,02 00 02 00 02 00 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {90 90 90 90 90 90 29 c9 83 e9 db d9 ee d9 74 24 f4 5b 81 73 13 a9 67 4a cc 83 eb fc e2 f4 55 8f 0c cc a9 67 c1 89 95 ec 36 c9 d1 66 a5 47 e6 7f c1 93 89 66 a1 2f 87 2e c1 f8 22 66 a4 fd 69 fe e6 48 69 13 4d 0d 63 6a 4b 0e 42 93 71 98 8d 63 3f 2f 22 38 6e cd 42 01 c1 c0 e2 ec 15 d0 a8 8c } //1
|
|
$a_01_1 = {c1 d0 22 66 a1 45 f5 43 4e 0f 98 a7 2e 47 e9 57 cf 0c d1 68 c1 8c a5 ec 3a d0 04 ec 22 c4 40 6c 4a cc a9 ec 0a f8 ac 1b 4a cc a9 ec 22 f0 f6 56 bc ac ff 8c 47 a4 d7 bf a8 bf c1 ff b4 46 a7 30 b5 2b 41 89 b5 33 56 04 2b a0 ca 49 2f b4 cc 67 4a cc ff d0 90 90 90 90 } //1
|
|
condition:
|
|
((#a_01_0 & 1)*1+(#a_01_1 & 1)*1) >=2
|
|
|
|
} |