Versions (5)
Version DetailsCurrent
Rev: 2 • Mar 24, 2016, 12:00 PMET MALWARE Likely Evil EXE download from WinHttpRequest non-exe extension
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Likely Evil EXE download from WinHttpRequest non-exe extension"; flow:established,to_client; file_data; content:"MZ"; within:2; byte_jump:4,58,relative,little; content:"PE|00 00|"; distance:-64; within:4; flowbits:isset,et.MS.WinHttpRequest.no.exe.request; classtype:trojan-activity; sid:2022653; rev:2; metadata:created_at 2016_03_24, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Mar 24, 2016, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 10, 2025, 8:34 PM
rules/emerging-malware.rules