Idbwmexe Here

Based on similar naming patterns observed in the wild:

rule idbwmexe_suspicious meta: description = "Detects renamed or obfuscated idbwmexe-like executable" author = "Analyst" strings: $name = "idbwmexe" nocase wide ascii $pe = "MZ" condition: $pe at 0 and $name idbwmexe