rule HackTool_Win32_Binder_B{
	meta:
		description = "HackTool:Win32/Binder.B,SIGNATURE_TYPE_PEHSTR,03 00 03 00 03 00 00 "
		
	strings :
		$a_01_0 = {53 65 74 74 69 6e 67 73 20 2d 20 42 69 6e 64 65 72 20 7c 62 79 20 50 65 72 6d 61 62 61 74 74 } //1 Settings - Binder |by Permabatt
		$a_01_1 = {5c 00 53 00 74 00 75 00 62 00 5c 00 53 00 74 00 75 00 62 00 2e 00 65 00 78 00 65 00 } //1 \Stub\Stub.exe
		$a_01_2 = {49 00 66 00 20 00 79 00 6f 00 75 00 20 00 77 00 61 00 6e 00 74 00 20 00 74 00 68 00 65 00 20 00 62 00 69 00 6e 00 64 00 65 00 72 00 20 00 74 00 6f 00 20 00 75 00 73 00 65 00 20 00 61 00 6e 00 6f 00 74 00 68 00 65 00 72 00 20 00 73 00 74 00 75 00 62 00 2d 00 66 00 69 00 6c 00 65 00 20 00 74 00 68 00 61 00 6e 00 20 00 74 00 68 00 65 00 20 00 75 00 73 00 75 00 61 00 6c 00 20 00 6f 00 6e 00 65 00 2c 00 20 00 63 00 68 00 6f 00 6f 00 73 00 65 00 20 00 79 00 6f 00 75 00 72 00 20 00 73 00 74 00 75 00 62 00 2d 00 66 00 69 00 6c 00 65 00 20 00 68 00 65 00 72 00 65 00 20 00 21 00 } //1 If you want the binder to use another stub-file than the usual one, choose your stub-file here !
	condition:
		((#a_01_0  & 1)*1+(#a_01_1  & 1)*1+(#a_01_2  & 1)*1) >=3
 
}