SHELLCODE: X86 PexCall Encoder Routine Over TCP-STC
This signature detects payloads being transferred over network that have been encoded using x86 PexCall Encoder routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Extended Description
PEX-encoded shellcode could enable an attacker to open a command shell on the targeted host to execute arbitrary commands. In some cases the shell could be launched with root privileges, allowing the attacker unrestricted access to the host.
References
Short Name
SHELLCODE:MSF:PEXCALL-STC
Severity
Minor
Recommended
False
Recommended Action
None
Category
SHELLCODE
Keywords
Encoder Over PexCall Routine TCP-STC X86
Release Date
03/23/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3324
Port
TCP/0-79,81-442,444-3127,3129-7999,8001-8079,8081-65535
False Positive
Unknown