rule exploit_Silverlight_Toropov_Generic_XAP {
	
	meta:

		author = "Kaspersky Lab"
		filetype = "Win32 EXE"
		date = "2015-07-23"
		version = "1.0"
		Reference = "https://securelist.com/blog/research/73255/the-mysterious-case-of-cve-2016-0034-the-hunt-for-a-microsoft-silverlight-0-day/"

strings:

	$b2="Can't find Payload() address" ascii wide
	$b3="/SilverApp1;compoent/App.xaml" ascii wide
	$b4="Can't allocate ums after buf[]" ascii wide
	$b5="------------  START  ------------"

condition:

	((2 of ($b*)) )
}