SHELLCODE: X86 OS agnostic Dword Additive Feedback Decoder Routine Over HTTP-STC
This signature detects payloads being transferred over network that have been encoded using x86 dword additive feedback decoder routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Short Name
SHELLCODE:X86:DWORD-ADITIVE-80S
Severity
Critical
Recommended
True
Recommended Action
Drop
Category
SHELLCODE
Keywords
Additive Decoder Dword Feedback HTTP-STC OS Over Routine X86 agnostic
Release Date
08/12/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3324
False Positive
Unknown