rule Backdoor_BAT_Bladabindi_BF{
	meta:
		description = "Backdoor:BAT/Bladabindi.BF,SIGNATURE_TYPE_PEHSTR,03 00 03 00 03 00 00 01 00 "
		
	strings :
		$a_01_0 = {37 00 23 00 43 00 23 00 30 00 23 00 30 00 23 00 32 00 23 00 37 00 23 00 30 00 23 00 30 00 23 00 37 00 23 00 43 00 23 00 30 00 23 00 30 00 23 00 32 00 23 00 37 00 23 00 30 00 23 00 30 00 23 00 37 00 23 00 43 00 23 00 } //01 00  7#C#0#0#2#7#0#0#7#C#0#0#2#7#0#0#7#C#
		$a_01_1 = {35 00 23 00 42 00 23 00 30 00 23 00 30 00 23 00 34 00 23 00 35 00 23 00 30 00 23 00 30 00 23 00 34 00 23 00 45 00 23 00 30 00 23 00 30 00 23 00 35 00 23 00 34 00 23 00 30 00 23 00 30 00 23 00 34 00 23 00 35 00 23 00 30 00 23 00 30 00 23 00 35 00 23 00 32 00 23 00 30 00 23 00 30 00 23 00 35 00 23 00 44 00 23 00 } //01 00  5#B#0#0#4#5#0#0#4#E#0#0#5#4#0#0#4#5#0#0#5#2#0#0#5#D#
		$a_01_2 = {34 00 23 00 34 00 23 00 34 00 23 00 43 00 23 00 35 00 23 00 36 00 23 00 30 00 23 00 30 00 23 00 36 00 23 00 45 00 23 00 30 00 23 00 30 00 23 00 34 00 23 00 37 00 23 00 35 00 23 00 34 00 23 00 35 00 23 00 36 00 23 00 } //00 00  4#4#4#C#5#6#0#0#6#E#0#0#4#7#5#4#5#6#
	condition:
		any of ($a_*)
 
}