Update IndiaGolf.yara

3410fea7 · mmorenog · 04b9bb37 · 3410fea7
Commit 3410fea7 authored Feb 25, 2016 by mmorenog
Show whitespace changes
Inline Side-by-side

Showing with 1 additions and 14 deletions

IndiaGolf.yara malware/Operation_Blockbuster/IndiaGolf.yara +1 -14

No files found.
--- a/malware/Operation_Blockbuster/IndiaGolf.yara
+++ b/malware/Operation_Blockbuster/IndiaGolf.yara
@@ -23,20 +23,7 @@ rule IndiaGolf
 		89 7C 24 24  mov     [esp+2A90h+var_2A6C], edi
 	*/
-	$generateRandomID = {
+	$generateRandomID = {FF ?? 8B ?? C1 ?? 10 FF ?? 03 F8 89 [3] FF ?? 8B ?? C1 ?? 10 FF ?? 03 ?? 89}
-			FF ?? 
-			8B ?? 
-			C1 ?? 10 
-			FF ?? 
-			03 F8 
-			89 [3]
-			FF ?? 
-			8B ?? 
-			C1 ?? 10 
-			FF ?? 
-			03 ?? 
-			89 
-		}
 	condition:
 		$generateRandomID in ((pe.sections[pe.section_index(".text")].raw_data_offset)..(pe.sections[pe.section_index(".text")].raw_data_offset + pe.sections[pe.section_index(".text")].raw_data_size))