rule bleedinglife2_java_2010_0842_exploit
{
meta:
	author = "Josh Berry"
	date = "2016-06-26"
	description = "BleedingLife2 Exploit Kit Detection"
	hash0 = "b14ee91a3da82f5acc78abd10078752e"
	sample_filetype = "unknown"
	yaragenerator = "https://github.com/Xen0ph0n/YaraGenerator"
strings:
	$string0 = "META-INF/MANIFEST.MFManifest-Version: 1.0"
	$string1 = "ToolsDemo.classPK"
	$string2 = "META-INF/services/javax.sound.midi.spi.MidiDeviceProvider5"
	$string3 = "Created-By: 1.6.0_22 (Sun Microsystems Inc.)"
	$string4 = "META-INF/PK"
	$string5 = "ToolsDemo.class"
	$string6 = "META-INF/services/PK"
	$string7 = "ToolsDemoSubClass.classPK"
	$string8 = "META-INF/MANIFEST.MFPK"
	$string9 = "ToolsDemoSubClass.classeN"
condition:
	9 of them
}