def checkMebroot(path): pyew = CPyew(batch=True) pyew.codeanalysis = True try: pyew.loadFile(path) except: print "ERROR loading file %s" % path return if pyew.format == "PE": # Get 6 bytes at offset 0xB8 if pyew.getBytes(0xB8, 6) != "Rich;\x2E": return printData(pyew, path, "Mebroot downloader") print