rule Worm_Win32_Spyonpc_A{
	meta:
		description = "Worm:Win32/Spyonpc.A,SIGNATURE_TYPE_PEHSTR_EXT,05 00 05 00 06 00 00 01 00 "
		
	strings :
		$a_00_0 = {25 30 32 64 25 30 32 64 25 30 32 64 20 25 30 32 64 25 30 32 64 25 30 32 64 20 25 30 32 64 25 30 32 64 25 30 32 64 } //01 00  %02d%02d%02d %02d%02d%02d %02d%02d%02d
		$a_00_1 = {25 33 33 73 25 73 5c 25 73 } //01 00  %33s%s\%s
		$a_00_2 = {3d 7b 36 34 35 46 46 30 34 30 2d 35 30 38 31 2d 31 30 31 42 2d 39 46 30 38 2d 30 30 41 41 30 30 32 46 39 35 34 45 7d } //01 00  ={645FF040-5081-101B-9F08-00AA002F954E}
		$a_00_3 = {74 75 70 33 35 2e 65 78 65 } //02 00  tup35.exe
		$a_00_4 = {74 78 5f 53 70 5f 4f 6e 5f 50 43 5f 31 5f 32 5f 38 } //02 00  tx_Sp_On_PC_1_2_8
		$a_03_5 = {05 c5 4e f1 07 89 04 90 01 01 46 83 fe 04 7c 90 00 } //00 00 
	condition:
		any of ($a_*)
 
}