rule Worm_Win32_Catchdens_A{
	meta:
		description = "Worm:Win32/Catchdens.A,SIGNATURE_TYPE_PEHSTR_EXT,03 00 03 00 07 00 00 01 00 "
		
	strings :
		$a_01_0 = {80 38 2f 75 10 80 78 01 62 75 0a } //01 00 
		$a_01_1 = {80 38 2f 75 22 8a 48 01 80 f9 62 75 1a 80 78 02 69 } //01 00 
		$a_01_2 = {0f 00 45 f4 38 5d f4 74 09 38 5d f5 0f 85 } //01 00 
		$a_03_3 = {30 0c 30 fe c1 40 3b 90 02 02 72 90 00 } //01 00 
		$a_03_4 = {33 c9 a8 01 75 90 01 01 d1 e8 41 83 f9 1a 7c f4 8b 90 02 06 eb 06 83 c1 41 90 00 } //01 00 
		$a_03_5 = {0f b7 c8 a1 90 01 04 33 d2 05 f8 00 00 00 66 39 08 74 12 42 40 40 83 fa 08 7c f3 90 00 } //01 00 
		$a_03_6 = {6a 61 58 6a 75 66 89 45 90 01 01 58 6a 74 66 89 45 90 01 01 58 6a 6f 66 89 45 90 01 01 58 6a 72 90 00 } //00 00 
	condition:
		any of ($a_*)
 
}