Signature Detail
Short Name |
SHELLCODE:MSF:PEXCALL-STC |
|---|---|
Severity |
Medium |
Recommended |
Yes |
Category |
SHELLCODE |
Keywords |
X86 PexCall Encoder Routine Over TCP-STC |
Release Date |
2005/03/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SHELLCODE: X86 PexCall Encoder Routine Over TCP-STC
This signature detects payloads being transferred over network that have been encoded using x86 PexCall Encoder routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Extended Description
PEX-encoded shellcode could enable an attacker to open a command shell on the targeted host to execute arbitrary commands. In some cases the shell could be launched with root privileges, allowing the attacker unrestricted access to the host.
References