""ET INFO WinUpack Modified PE Header Outbound""

SID: 2003615

Revision: 6

Class Type: bad-unknown

Metadata: created_at 2010_07_30, updated_at 2012_09_01

Reference:

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: any

Flow: established

Contents:

• Value: "|4d 5a 4b 45 52 4e 45 4c 33 32 2e 44 4c 4c 00 00|"

Within:

PCRE:

Special Options:

source