rule CheekyChipmunk_amsi_avoidance_strings {
	meta:
		author = "NCSC"
		description = "Detects Cheeky Chipmunk loader AMSI avoidance 
strings"
		date = "2022-01-24"
		hash1 = "50c0bf9479efc93fa9cf1aa99bdca923273b71a1"
	strings:
		$functionname = "FindAmsiFun"
		$x86found = "x32 protection detected"
		$x64found = "x64 protection detected"
	condition:
		all of them
}