rule TrojanSpy_BAT_Siplog_A{
	meta:
		description = "TrojanSpy:BAT/Siplog.A,SIGNATURE_TYPE_PEHSTR_EXT,12 00 12 00 07 00 00 0a 00 "
		
	strings :
		$a_01_0 = {00 4b 69 6c 6c 41 56 00 } //02 00 
		$a_01_1 = {00 46 75 63 6b 46 69 6c 65 4e 61 6d 65 00 } //02 00 
		$a_01_2 = {00 42 6f 74 6b 69 6c 6c 65 72 00 } //01 00 
		$a_01_3 = {00 4b 65 79 4c 6f 67 00 } //02 00 
		$a_01_4 = {69 00 53 00 70 00 79 00 20 00 4b 00 65 00 79 00 6c 00 6f 00 67 00 67 00 65 00 72 00 } //02 00 
		$a_01_5 = {69 00 6e 00 76 00 69 00 73 00 69 00 62 00 6c 00 65 00 73 00 6f 00 66 00 74 00 2e 00 6e 00 65 00 74 00 2f 00 69 00 53 00 70 00 79 00 53 00 6f 00 66 00 74 00 } //01 00 
		$a_01_6 = {00 43 4c 49 50 42 4f 41 52 44 5f 4d 4f 4e 49 54 4f 52 49 4e 47 00 } //00 00 
		$a_00_7 = {80 10 } //00 00 
	condition:
		any of ($a_*)
 
}