This is an encoding issue when you try to copy and paste from the hex stream emulator.
If you copy from the ASCII output it will encode to a UTF application without problems.
If you have access to SourceFire's Management Center then you can copy the hex offset stream from there.
You can also click the icon "Launch external payload viewer" in the payload section where Wireshark or another pcap tool can encode the hex streams into a UTF format.
The check box for "Convert Text to Pcap" should be marked for this to work.
And if you haven't set an external payload viewer in your ArcSight console that can be done under Edit > Preferences > Programs > Preferred Payload Viewer.
To copy from Wireshark you can right click the packet and select Follow TCP stream and encode that window with "Hex Dump".
To copy a specific hex string within Wireshark select the desired string from the viewer and then right click the packet to: Copy > Bytes > Offset Hex. This will allow you to paste a UTF readable hex value.
This has been a common question for me in the field so I hope this helps your situation.
When i want to copy payload from SourceFire, I take the event, add it to new case, get into the event, copy the pacload (ctrl-c)
and paste somewhere into any field of the ArcSight case,
From there i can copy and paste it everywhere...
Hope that helps