156 lines
13 KiB
Plaintext
156 lines
13 KiB
Plaintext
|
|
rule Misleading_Win32_PerfectOptimizer{
|
|
meta:
|
|
description = "Misleading:Win32/PerfectOptimizer,SIGNATURE_TYPE_PEHSTR_EXT,05 00 05 00 09 00 00 "
|
|
|
|
strings :
|
|
$a_00_0 = {2e 70 6f 78 00 } //2
|
|
$a_00_1 = {70 6f 66 69 6c 65 00 } //2
|
|
$a_00_2 = {50 65 72 66 65 63 74 20 4f 70 74 69 6d 69 7a 65 72 20 4c 69 63 65 6e 73 65 00 } //2
|
|
$a_00_3 = {50 65 72 66 65 63 74 4f 70 74 69 6d 69 7a 65 72 2e 69 6e 69 00 } //2
|
|
$a_00_4 = {54 53 50 59 57 41 52 45 53 43 41 4e 46 52 4d } //1 TSPYWARESCANFRM
|
|
$a_00_5 = {54 46 4f 52 4d 57 4f 52 4d 53 } //1 TFORMWORMS
|
|
$a_01_6 = {54 46 72 6d 53 70 79 57 61 72 65 53 63 61 6e } //1 TFrmSpyWareScan
|
|
$a_00_7 = {52 65 67 69 73 74 65 72 2d 3e 49 6e 76 61 6c 69 64 20 53 4e 20 43 6f 64 65 3a } //1 Register->Invalid SN Code:
|
|
$a_00_8 = {62 74 6e 5f 46 75 6c 6c 53 63 61 6e 5f 4e 6f 72 6d 61 6c } //1 btn_FullScan_Normal
|
|
condition:
|
|
((#a_00_0 & 1)*2+(#a_00_1 & 1)*2+(#a_00_2 & 1)*2+(#a_00_3 & 1)*2+(#a_00_4 & 1)*1+(#a_00_5 & 1)*1+(#a_01_6 & 1)*1+(#a_00_7 & 1)*1+(#a_00_8 & 1)*1) >=5
|
|
|
|
}
|
|
rule Misleading_Win32_PerfectOptimizer_2{
|
|
meta:
|
|
description = "Misleading:Win32/PerfectOptimizer,SIGNATURE_TYPE_PEHSTR,05 00 05 00 05 00 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {4d 00 69 00 72 00 61 00 63 00 6c 00 65 00 20 00 54 00 65 00 63 00 68 00 6e 00 6f 00 6c 00 6f 00 67 00 69 00 65 00 73 00 } //1 Miracle Technologies
|
|
$a_01_1 = {68 74 74 70 3a 2f 2f 36 37 2e 31 38 2e 31 31 31 2e 38 32 3a 38 30 38 38 } //1 http://67.18.111.82:8088
|
|
$a_01_2 = {5c 57 65 73 6b 79 73 6f 66 74 5c } //1 \Weskysoft\
|
|
$a_01_3 = {4c 69 63 65 6e 73 65 2e 44 4c 4c } //1 License.DLL
|
|
$a_01_4 = {49 73 56 61 6c 69 64 53 4e } //1 IsValidSN
|
|
condition:
|
|
((#a_01_0 & 1)*1+(#a_01_1 & 1)*1+(#a_01_2 & 1)*1+(#a_01_3 & 1)*1+(#a_01_4 & 1)*1) >=5
|
|
|
|
}
|
|
rule Misleading_Win32_PerfectOptimizer_3{
|
|
meta:
|
|
description = "Misleading:Win32/PerfectOptimizer,SIGNATURE_TYPE_PEHSTR,05 00 05 00 05 00 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {5c 00 57 00 65 00 73 00 6b 00 79 00 73 00 6f 00 66 00 74 00 5c 00 } //1 \Weskysoft\
|
|
$a_01_1 = {46 43 6f 6e 66 69 67 45 76 69 64 65 6e 63 65 53 63 61 6e 49 74 65 6d 73 } //1 FConfigEvidenceScanItems
|
|
$a_01_2 = {46 43 6f 6e 66 69 67 52 65 67 53 63 61 6e 49 74 65 6d 73 } //1 FConfigRegScanItems
|
|
$a_01_3 = {46 43 6f 6e 66 69 67 51 75 69 63 6b 53 63 61 6e 49 74 65 6d 73 } //1 FConfigQuickScanItems
|
|
$a_01_4 = {46 43 6f 6e 66 69 67 46 75 6c 6c 53 63 61 6e 49 74 65 6d 73 } //1 FConfigFullScanItems
|
|
condition:
|
|
((#a_01_0 & 1)*1+(#a_01_1 & 1)*1+(#a_01_2 & 1)*1+(#a_01_3 & 1)*1+(#a_01_4 & 1)*1) >=5
|
|
|
|
}
|
|
rule Misleading_Win32_PerfectOptimizer_4{
|
|
meta:
|
|
description = "Misleading:Win32/PerfectOptimizer,SIGNATURE_TYPE_PEHSTR,03 00 03 00 03 00 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {50 00 65 00 72 00 66 00 65 00 63 00 74 00 20 00 4f 00 70 00 74 00 69 00 6d 00 69 00 7a 00 65 00 72 00 } //1 Perfect Optimizer
|
|
$a_01_1 = {44 00 65 00 63 00 72 00 79 00 70 00 74 00 20 00 74 00 68 00 65 00 20 00 73 00 65 00 72 00 69 00 61 00 6c 00 20 00 6e 00 75 00 6d 00 62 00 65 00 72 00 } //1 Decrypt the serial number
|
|
$a_01_2 = {4d 00 69 00 72 00 61 00 63 00 6c 00 65 00 20 00 54 00 65 00 63 00 68 00 6e 00 6f 00 6c 00 6f 00 67 00 69 00 65 00 73 00 } //1 Miracle Technologies
|
|
condition:
|
|
((#a_01_0 & 1)*1+(#a_01_1 & 1)*1+(#a_01_2 & 1)*1) >=3
|
|
|
|
}
|
|
rule Misleading_Win32_PerfectOptimizer_5{
|
|
meta:
|
|
description = "Misleading:Win32/PerfectOptimizer,SIGNATURE_TYPE_PEHSTR,04 00 04 00 04 00 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {57 00 65 00 73 00 6b 00 79 00 53 00 6f 00 66 00 74 00 } //1 WeskySoft
|
|
$a_01_1 = {44 00 6f 00 77 00 6e 00 6c 00 6f 00 61 00 64 00 20 00 4d 00 61 00 6e 00 61 00 67 00 65 00 72 00 } //1 Download Manager
|
|
$a_01_2 = {54 00 44 00 4f 00 57 00 4e 00 4c 00 4f 00 41 00 44 00 4d 00 41 00 49 00 4e 00 } //1 TDOWNLOADMAIN
|
|
$a_01_3 = {53 00 75 00 72 00 65 00 20 00 79 00 6f 00 75 00 20 00 77 00 61 00 6e 00 74 00 20 00 74 00 6f 00 20 00 63 00 61 00 6e 00 63 00 65 00 6c 00 20 00 44 00 6f 00 77 00 6e 00 6c 00 6f 00 61 00 64 00 69 00 6e 00 67 00 3f 00 } //1 Sure you want to cancel Downloading?
|
|
condition:
|
|
((#a_01_0 & 1)*1+(#a_01_1 & 1)*1+(#a_01_2 & 1)*1+(#a_01_3 & 1)*1) >=4
|
|
|
|
}
|
|
rule Misleading_Win32_PerfectOptimizer_6{
|
|
meta:
|
|
description = "Misleading:Win32/PerfectOptimizer,SIGNATURE_TYPE_PEHSTR,1e 00 1e 00 13 00 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {4d 00 69 00 72 00 61 00 63 00 6c 00 65 00 20 00 54 00 65 00 63 00 68 00 6e 00 6f 00 6c 00 6f 00 67 00 69 00 65 00 73 00 } //20 Miracle Technologies
|
|
$a_01_1 = {48 69 73 74 6f 72 79 43 6c 65 61 6e 65 72 2e 64 6c 6c } //5 HistoryCleaner.dll
|
|
$a_01_2 = {3f 5f 5f 43 6c 65 61 6e 41 75 74 6f 43 6f 6d 70 6c 65 74 65 } //1 ?__CleanAutoComplete
|
|
$a_01_3 = {3f 5f 5f 43 6c 65 61 6e 44 6f 63 75 6d 65 6e 74 } //1 ?__CleanDocument
|
|
$a_01_4 = {3f 5f 5f 43 6c 65 61 6e 46 69 6e 64 43 6f 6d 70 75 74 65 72 4d 52 55 } //1 ?__CleanFindComputerMRU
|
|
$a_01_5 = {3f 5f 5f 43 6c 65 61 6e 49 45 43 6f 6f 6b 69 65 } //1 ?__CleanIECookie
|
|
$a_01_6 = {3f 5f 5f 43 6c 65 61 6e 49 45 46 61 76 6f 72 69 74 65 } //1 ?__CleanIEFavorite
|
|
$a_01_7 = {3f 5f 5f 43 6c 65 61 6e 49 45 54 65 6d 70 } //1 ?__CleanIETemp
|
|
$a_01_8 = {3f 5f 5f 43 6c 65 61 6e 49 45 55 52 4c } //1 ?__CleanIEURL
|
|
$a_01_9 = {3f 5f 5f 43 6c 65 61 6e 49 45 57 65 62 73 69 74 65 } //1 ?__CleanIEWebsite
|
|
$a_01_10 = {3f 5f 5f 43 6c 65 61 6e 4c 6f 67 6f 6e 4d 52 55 } //1 ?__CleanLogonMRU
|
|
$a_01_11 = {3f 5f 5f 43 6c 65 61 6e 4e 65 74 77 6f 72 6b 44 72 69 76 65 73 } //1 ?__CleanNetworkDrives
|
|
$a_01_12 = {3f 5f 5f 43 6c 65 61 6e 52 41 53 } //1 ?__CleanRAS
|
|
$a_01_13 = {3f 5f 5f 43 6c 65 61 6e 52 65 63 79 63 6c 65 42 69 6e } //1 ?__CleanRecycleBin
|
|
$a_01_14 = {3f 5f 5f 43 6c 65 61 6e 52 75 6e 4d 52 55 } //1 ?__CleanRunMRU
|
|
$a_01_15 = {3f 5f 5f 43 6c 65 61 6e 53 61 76 65 50 61 73 73 77 6f 72 64 } //1 ?__CleanSavePassword
|
|
$a_01_16 = {3f 5f 5f 43 6c 65 61 6e 53 65 61 72 63 68 46 69 6c 65 73 } //1 ?__CleanSearchFiles
|
|
$a_01_17 = {3f 5f 5f 43 6c 65 61 6e 54 65 6c 6e 65 74 4d 52 55 } //1 ?__CleanTelnetMRU
|
|
$a_01_18 = {3f 5f 5f 43 6c 65 61 6e 57 69 6e 54 65 6d 70 } //1 ?__CleanWinTemp
|
|
condition:
|
|
((#a_01_0 & 1)*20+(#a_01_1 & 1)*5+(#a_01_2 & 1)*1+(#a_01_3 & 1)*1+(#a_01_4 & 1)*1+(#a_01_5 & 1)*1+(#a_01_6 & 1)*1+(#a_01_7 & 1)*1+(#a_01_8 & 1)*1+(#a_01_9 & 1)*1+(#a_01_10 & 1)*1+(#a_01_11 & 1)*1+(#a_01_12 & 1)*1+(#a_01_13 & 1)*1+(#a_01_14 & 1)*1+(#a_01_15 & 1)*1+(#a_01_16 & 1)*1+(#a_01_17 & 1)*1+(#a_01_18 & 1)*1) >=30
|
|
|
|
}
|
|
rule Misleading_Win32_PerfectOptimizer_7{
|
|
meta:
|
|
description = "Misleading:Win32/PerfectOptimizer,SIGNATURE_TYPE_PEHSTR,28 00 28 00 2f 00 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {49 00 43 00 4f 00 5f 00 41 00 43 00 54 00 49 00 56 00 45 00 58 00 42 00 4c 00 4f 00 43 00 4b 00 } //1 ICO_ACTIVEXBLOCK
|
|
$a_01_1 = {49 00 43 00 4f 00 5f 00 44 00 49 00 53 00 4b 00 44 00 45 00 46 00 52 00 41 00 47 00 } //1 ICO_DISKDEFRAG
|
|
$a_01_2 = {49 00 43 00 4f 00 5f 00 44 00 52 00 49 00 56 00 45 00 52 00 42 00 41 00 4b 00 } //1 ICO_DRIVERBAK
|
|
$a_01_3 = {49 00 43 00 4f 00 5f 00 44 00 55 00 50 00 4c 00 49 00 46 00 49 00 4c 00 45 00 43 00 4c 00 45 00 41 00 52 00 } //1 ICO_DUPLIFILECLEAR
|
|
$a_01_4 = {49 00 43 00 4f 00 5f 00 45 00 56 00 49 00 44 00 45 00 4e 00 43 00 45 00 43 00 4c 00 45 00 41 00 4e 00 45 00 52 00 } //1 ICO_EVIDENCECLEANER
|
|
$a_01_5 = {49 00 43 00 4f 00 5f 00 46 00 41 00 56 00 4f 00 52 00 49 00 54 00 45 00 53 00 42 00 41 00 4b 00 } //1 ICO_FAVORITESBAK
|
|
$a_01_6 = {49 00 43 00 4f 00 5f 00 46 00 49 00 4c 00 45 00 41 00 53 00 53 00 4f 00 43 00 52 00 45 00 50 00 41 00 49 00 52 00 } //1 ICO_FILEASSOCREPAIR
|
|
$a_01_7 = {49 00 43 00 4f 00 5f 00 46 00 49 00 4c 00 45 00 53 00 48 00 52 00 45 00 44 00 } //1 ICO_FILESHRED
|
|
$a_01_8 = {49 00 43 00 4f 00 5f 00 49 00 45 00 52 00 45 00 50 00 41 00 49 00 52 00 } //1 ICO_IEREPAIR
|
|
$a_01_9 = {49 00 43 00 4f 00 5f 00 4a 00 55 00 4e 00 4b 00 46 00 49 00 4c 00 45 00 43 00 4c 00 45 00 41 00 4e 00 } //1 ICO_JUNKFILECLEAN
|
|
$a_01_10 = {49 00 43 00 4f 00 5f 00 52 00 45 00 47 00 43 00 4c 00 45 00 41 00 4e 00 45 00 52 00 } //1 ICO_REGCLEANER
|
|
$a_01_11 = {49 00 43 00 4f 00 5f 00 52 00 45 00 47 00 44 00 45 00 46 00 52 00 41 00 47 00 } //1 ICO_REGDEFRAG
|
|
$a_01_12 = {49 00 43 00 4f 00 5f 00 52 00 45 00 47 00 49 00 53 00 54 00 52 00 59 00 42 00 41 00 4b 00 } //1 ICO_REGISTRYBAK
|
|
$a_01_13 = {49 00 43 00 4f 00 5f 00 53 00 48 00 4f 00 52 00 54 00 43 00 55 00 54 00 43 00 4c 00 45 00 41 00 52 00 } //1 ICO_SHORTCUTCLEAR
|
|
$a_01_14 = {49 00 43 00 4f 00 5f 00 53 00 48 00 4f 00 52 00 54 00 43 00 55 00 54 00 52 00 45 00 50 00 41 00 49 00 52 00 } //1 ICO_SHORTCUTREPAIR
|
|
$a_01_15 = {49 00 43 00 4f 00 5f 00 53 00 4f 00 46 00 54 00 57 00 41 00 52 00 45 00 55 00 50 00 44 00 41 00 54 00 45 00 } //1 ICO_SOFTWAREUPDATE
|
|
$a_01_16 = {49 00 43 00 4f 00 5f 00 53 00 50 00 45 00 45 00 44 00 55 00 50 00 4d 00 45 00 4d 00 } //1 ICO_SPEEDUPMEM
|
|
$a_01_17 = {49 00 43 00 4f 00 5f 00 53 00 50 00 45 00 45 00 44 00 55 00 50 00 4e 00 45 00 54 00 } //1 ICO_SPEEDUPNET
|
|
$a_01_18 = {49 00 43 00 4f 00 5f 00 53 00 50 00 45 00 45 00 44 00 55 00 50 00 52 00 55 00 4e 00 } //1 ICO_SPEEDUPRUN
|
|
$a_01_19 = {49 00 43 00 4f 00 5f 00 53 00 50 00 45 00 45 00 44 00 55 00 50 00 53 00 59 00 53 00 } //1 ICO_SPEEDUPSYS
|
|
$a_01_20 = {49 00 43 00 4f 00 5f 00 53 00 50 00 59 00 57 00 41 00 52 00 45 00 43 00 4c 00 45 00 41 00 52 00 } //1 ICO_SPYWARECLEAR
|
|
$a_01_21 = {49 00 43 00 4f 00 5f 00 53 00 59 00 53 00 4d 00 41 00 49 00 4e 00 54 00 45 00 4e 00 41 00 43 00 4e 00 45 00 } //1 ICO_SYSMAINTENACNE
|
|
$a_01_22 = {49 00 43 00 4f 00 5f 00 53 00 59 00 53 00 4f 00 50 00 54 00 49 00 4d 00 49 00 5a 00 45 00 52 00 } //1 ICO_SYSOPTIMIZER
|
|
$a_01_23 = {49 00 43 00 4f 00 5f 00 53 00 59 00 53 00 52 00 45 00 50 00 41 00 49 00 52 00 } //1 ICO_SYSREPAIR
|
|
$a_01_24 = {49 00 43 00 4f 00 5f 00 53 00 59 00 53 00 52 00 45 00 53 00 54 00 4f 00 52 00 45 00 } //1 ICO_SYSRESTORE
|
|
$a_01_25 = {49 00 43 00 4f 00 5f 00 55 00 4e 00 49 00 4e 00 53 00 54 00 41 00 4c 00 4c 00 4d 00 41 00 4e 00 41 00 47 00 45 00 52 00 } //1 ICO_UNINSTALLMANAGER
|
|
$a_01_26 = {49 00 43 00 4f 00 5f 00 57 00 49 00 4e 00 44 00 52 00 45 00 50 00 41 00 49 00 52 00 } //1 ICO_WINDREPAIR
|
|
$a_01_27 = {49 00 43 00 4f 00 5f 00 57 00 49 00 4e 00 55 00 50 00 44 00 41 00 54 00 45 00 } //1 ICO_WINUPDATE
|
|
$a_01_28 = {49 00 43 00 4f 00 5f 00 57 00 4f 00 52 00 4d 00 42 00 4c 00 4f 00 43 00 4b 00 } //1 ICO_WORMBLOCK
|
|
$a_01_29 = {4a 00 55 00 4e 00 4b 00 5f 00 46 00 49 00 4c 00 45 00 5f 00 43 00 4c 00 45 00 41 00 4e 00 } //1 JUNK_FILE_CLEAN
|
|
$a_01_30 = {4d 00 4d 00 49 00 5f 00 42 00 4c 00 4f 00 43 00 4b 00 41 00 43 00 54 00 49 00 56 00 45 00 58 00 } //1 MMI_BLOCKACTIVEX
|
|
$a_01_31 = {4d 00 4d 00 49 00 5f 00 42 00 4c 00 4f 00 43 00 4b 00 50 00 4f 00 50 00 55 00 50 00 53 00 } //1 MMI_BLOCKPOPUPS
|
|
$a_01_32 = {4d 00 4d 00 49 00 5f 00 42 00 4c 00 4f 00 43 00 4b 00 50 00 52 00 4f 00 47 00 52 00 41 00 4d 00 5f 00 44 00 4f 00 57 00 4e 00 } //1 MMI_BLOCKPROGRAM_DOWN
|
|
$a_01_33 = {4d 00 4d 00 49 00 5f 00 42 00 4c 00 4f 00 43 00 4b 00 57 00 4f 00 52 00 4d 00 53 00 } //1 MMI_BLOCKWORMS
|
|
$a_01_34 = {4d 00 4d 00 49 00 5f 00 44 00 52 00 49 00 56 00 45 00 52 00 42 00 41 00 43 00 4b 00 55 00 50 00 } //1 MMI_DRIVERBACKUP
|
|
$a_01_35 = {4d 00 4d 00 49 00 5f 00 44 00 52 00 49 00 56 00 45 00 52 00 55 00 50 00 44 00 41 00 54 00 45 00 } //1 MMI_DRIVERUPDATE
|
|
$a_01_36 = {4d 00 4d 00 49 00 5f 00 44 00 55 00 50 00 4c 00 49 00 43 00 41 00 54 00 45 00 46 00 49 00 4c 00 45 00 43 00 4c 00 45 00 41 00 4e 00 } //1 MMI_DUPLICATEFILECLEAN
|
|
$a_01_37 = {4d 00 4d 00 49 00 5f 00 45 00 56 00 49 00 44 00 45 00 4e 00 43 00 45 00 43 00 4c 00 45 00 41 00 4e 00 } //1 MMI_EVIDENCECLEAN
|
|
$a_01_38 = {4d 00 4d 00 49 00 5f 00 46 00 41 00 56 00 4f 00 52 00 49 00 54 00 45 00 42 00 41 00 43 00 4b 00 55 00 50 00 } //1 MMI_FAVORITEBACKUP
|
|
$a_01_39 = {4d 00 4d 00 49 00 5f 00 46 00 49 00 4c 00 45 00 41 00 4e 00 41 00 4c 00 59 00 5a 00 45 00 52 00 } //1 MMI_FILEANALYZER
|
|
$a_01_40 = {4d 00 4d 00 49 00 5f 00 46 00 49 00 4c 00 45 00 41 00 53 00 53 00 4f 00 43 00 49 00 41 00 54 00 49 00 4f 00 4e 00 52 00 45 00 41 00 50 00 49 00 52 00 } //1 MMI_FILEASSOCIATIONREAPIR
|
|
$a_01_41 = {4d 00 4d 00 49 00 5f 00 46 00 49 00 4c 00 45 00 42 00 41 00 43 00 4b 00 55 00 50 00 } //1 MMI_FILEBACKUP
|
|
$a_01_42 = {4d 00 4d 00 49 00 5f 00 46 00 49 00 4c 00 45 00 44 00 45 00 46 00 52 00 41 00 47 00 47 00 45 00 52 00 } //1 MMI_FILEDEFRAGGER
|
|
$a_01_43 = {4d 00 4d 00 49 00 5f 00 46 00 49 00 4c 00 45 00 45 00 4e 00 43 00 52 00 59 00 50 00 54 00 } //1 MMI_FILEENCRYPT
|
|
$a_01_44 = {4d 00 4d 00 49 00 5f 00 46 00 49 00 4c 00 45 00 54 00 52 00 41 00 4e 00 53 00 46 00 45 00 52 00 4d 00 41 00 4e 00 41 00 47 00 45 00 52 00 } //1 MMI_FILETRANSFERMANAGER
|
|
$a_01_45 = {4d 00 4d 00 49 00 5f 00 48 00 41 00 52 00 44 00 57 00 41 00 52 00 45 00 49 00 4e 00 46 00 4f 00 } //1 MMI_HARDWAREINFO
|
|
$a_01_46 = {4d 00 4d 00 49 00 5f 00 49 00 45 00 52 00 45 00 50 00 41 00 49 00 52 00 } //1 MMI_IEREPAIR
|
|
condition:
|
|
((#a_01_0 & 1)*1+(#a_01_1 & 1)*1+(#a_01_2 & 1)*1+(#a_01_3 & 1)*1+(#a_01_4 & 1)*1+(#a_01_5 & 1)*1+(#a_01_6 & 1)*1+(#a_01_7 & 1)*1+(#a_01_8 & 1)*1+(#a_01_9 & 1)*1+(#a_01_10 & 1)*1+(#a_01_11 & 1)*1+(#a_01_12 & 1)*1+(#a_01_13 & 1)*1+(#a_01_14 & 1)*1+(#a_01_15 & 1)*1+(#a_01_16 & 1)*1+(#a_01_17 & 1)*1+(#a_01_18 & 1)*1+(#a_01_19 & 1)*1+(#a_01_20 & 1)*1+(#a_01_21 & 1)*1+(#a_01_22 & 1)*1+(#a_01_23 & 1)*1+(#a_01_24 & 1)*1+(#a_01_25 & 1)*1+(#a_01_26 & 1)*1+(#a_01_27 & 1)*1+(#a_01_28 & 1)*1+(#a_01_29 & 1)*1+(#a_01_30 & 1)*1+(#a_01_31 & 1)*1+(#a_01_32 & 1)*1+(#a_01_33 & 1)*1+(#a_01_34 & 1)*1+(#a_01_35 & 1)*1+(#a_01_36 & 1)*1+(#a_01_37 & 1)*1+(#a_01_38 & 1)*1+(#a_01_39 & 1)*1+(#a_01_40 & 1)*1+(#a_01_41 & 1)*1+(#a_01_42 & 1)*1+(#a_01_43 & 1)*1+(#a_01_44 & 1)*1+(#a_01_45 & 1)*1+(#a_01_46 & 1)*1) >=40
|
|
|
|
} |