Signature Detail

Short Name	SHELLCODE:MSF:FTENV-SMB2
Severity	Critical
Recommended	Yes
Recommended Action	Drop
Category	SHELLCODE
Keywords	Metasploit Shellcode SMB
Release Date	2013/09/25
Update Number	2303
Supported Platforms	idp-4.1.110110609+, isg-3.4.139899+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

SHELLCODE: Windows Execution (x86/fnstenv_mov) Shellcode (SMB-STC2)

This signature detects shell code being sent as part of an exploit payload, specifically the Windows Execution shell, using the variable-length fnstenv/mov dword XOR encoder (x86/fnstenv_mov). This is a strong indication of malicious activity on your network.

References

URL: http://www.metasploit.com/modules/encoder/x86/fnstenv_mov

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

SHELLCODE: Windows Execution (x86/fnstenv_mov) Shellcode (SMB-STC2)

References