ET MOBILE_MALWARE signed-unsigned integer mismatch code-verification bypass

7.0.35.0SID: 2017163Rev: 6Enabled4 views
Sourceet/open
Fileemerging-mobile_malware.rules
CreatedJuly 17, 2013
UpdatedApril 14, 2024
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MOBILE_MALWARE signed-unsigned integer mismatch code-verification bypass"; flow:established,to_client; http.stat_code; content:"200"; file.data; content:"PK"; startswith; content:"|FD FF|"; distance:26; within:2; content:".dex"; fast_pattern; nocase; within:128; reference:url,sophos.com/2013/07/17/anatomy-of-another-android-hole-chinese-researchers-claim-new-code-verification-bypass/; classtype:trojan-activity; sid:2017163; rev:6; metadata:created_at 2013_07_17, signature_severity Major, updated_at 2024_04_14;)

Metadata

created at2013_07_17
signature severityMajor
updated at2024_04_14

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!