rule Crinkler_V01_V02_Rune_LHStubbe_and_Aske_Simon_Christensen: PEiD { strings: $a = { B9 ?? ?? ?? ?? 01 C0 68 ?? ?? ?? ?? 6A 00 58 50 6A 00 5F 48 5D BB 03 00 00 00 BE ?? ?? ?? ?? E9 } condition: $a at pe.entry_point } rule Crinkler_V03_V04_Rune_LHStubbe_and_Aske_Simon_Christensen_additional: PEiD { strings: $a = { B8 00 00 00 00 60 0B C0 74 58 E8 00 00 00 00 58 05 43 00 00 00 80 38 E9 75 03 61 EB 35 E8 00 00 00 00 58 25 00 F0 FF FF 33 FF 66 BB 19 5A 66 83 C3 34 66 39 18 75 12 0F B7 50 3C 03 D0 BB E9 44 } condition: $a at pe.entry_point } rule Crinkler_V01_V02_Rune_LHStubbe_and_Aske_Simon_Christensen_additional: PEiD { strings: $a = { B8 EF BE AD DE 50 6A ?? FF 15 10 19 40 ?? E9 AD FF FF FF } condition: $a at pe.entry_point } rule Crinkler_V03_V04_Rune_LHStubbe_and_Aske_Simon_Christensen: PEiD { strings: $a = { B8 00 00 42 00 31 DB 43 EB 58 } condition: $a at pe.entry_point }