ET MOBILE_MALWARE signed-unsigned integer mismatch code-verification bypass

SID: 2017163Rev: 30 views
History
Sourceet/open
CreatedJuly 17, 2013
UpdatedApril 24, 2020
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MOBILE_MALWARE signed-unsigned integer mismatch code-verification bypass"; flow:from_server,established; http.stat_code; content:"200"; http.stat_msg; content:"OK"; file.data; content:"PK"; depth:2; content:"|FD FF|"; distance:26; within:2; content:".dex"; nocase; within:128; reference:url,sophos.com/2013/07/17/anatomy-of-another-android-hole-chinese-researchers-claim-new-code-verification-bypass/; classtype:trojan-activity; sid:2017163; rev:3; metadata:created_at 2013_07_17, signature_severity Major, updated_at 2020_04_24;)

References

urlsophos.com/2013/07/17/anatomy-of-another-android-hole-chinese-researchers-claim-new-code-verification-bypass/

Metadata

created at2013_07_17
signature severityMajor
updated at2020_04_24

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!