rule go_language_pe {
	strings:
		$go1 = "go.buildid" ascii wide
		$go2 = "go.buildi" ascii wide
		$go3 = "Go build ID:" ascii wide
		$go4 = "Go buildinf:"
		$go5 = "runtime.cgo"
		$go6 = "runtime.go"
		$go7 = "GOMAXPRO"
		$str1 = "kernel32.dll" nocase
	condition:
		uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550 and 2 of ($go*) and all of ($str*)
}