rule HackTool_Win32_SmbAgent_J_ibt{
	meta:
		description = "HackTool:Win32/SmbAgent.J!ibt,SIGNATURE_TYPE_PEHSTR_EXT,06 00 06 00 06 00 00 "
		
	strings :
		$a_00_0 = {06 02 20 bd 01 00 00 6f 05 00 00 0a 00 } //1
		$a_00_1 = {06 19 91 06 18 91 20 00 01 00 00 5a 58 06 19 91 20 00 00 01 00 5a 58 0b 07 1a 58 8d 0b 00 00 01 } //1
		$a_02_2 = {3a 5c 57 69 6e 64 6f 77 73 5c 54 65 6d 70 5c ?? ?? ?? ?? ?? ?? ?? ?? 2e 70 64 62 00 } //1
		$a_00_3 = {50 69 6e 67 43 61 73 74 6c 65 2e 53 63 61 6e 6e 65 72 73 } //1 PingCastle.Scanners
		$a_00_4 = {52 65 61 64 53 6d 62 52 65 73 70 6f 6e 73 65 } //1 ReadSmbResponse
		$a_00_5 = {6d 31 37 73 63 } //1 m17sc
	condition:
		((#a_00_0  & 1)*1+(#a_00_1  & 1)*1+(#a_02_2  & 1)*1+(#a_00_3  & 1)*1+(#a_00_4  & 1)*1+(#a_00_5  & 1)*1) >=6
 
}