rule Backdoor_BAT_Bladabindi_AN{
	meta:
		description = "Backdoor:BAT/Bladabindi.AN,SIGNATURE_TYPE_PEHSTR_EXT,15 00 15 00 04 00 00 0a 00 "
		
	strings :
		$a_03_0 = {1f 1d 0f 00 1a 28 90 01 01 00 00 06 26 90 00 } //01 00 
		$a_03_1 = {09 20 a0 00 00 00 90 02 30 09 20 a1 00 00 00 90 02 30 09 20 00 00 01 00 90 02 30 09 1f 10 90 02 30 09 20 00 00 02 00 90 02 30 09 1f 11 90 02 30 09 20 a3 00 00 00 90 00 } //05 00 
		$a_03_2 = {1f 64 14 13 04 12 04 1f 64 28 90 01 01 00 00 06 90 00 } //05 00 
		$a_03_3 = {12 03 14 13 04 12 04 16 12 01 16 13 05 12 05 16 13 06 12 06 14 13 07 12 07 16 28 90 01 01 00 00 06 90 00 } //00 00 
		$a_00_4 = {80 10 00 00 c3 a9 d4 68 80 95 f4 } //fc 86 
	condition:
		any of ($a_*)
 
}