Merge pull request #75 from apolkosnik/patch-1

Update rovnix to replace M$ word quotes with ASCII quotation marks

Merge pull request #75 from apolkosnik/patch-1
Update rovnix to replace M$ word quotes with ASCII quotation marks
34d88a57 · mmorenog · 29ffb307 · 9b002f17 · 34d88a57
Commit 34d88a57 authored Jan 07, 2016 by mmorenog
Show whitespace changes
Inline Side-by-side

Showing with 17 additions and 17 deletions

rovnix_downloader_sinkhole_check.yar malware/rovnix_downloader_sinkhole_check.yar +17 -17

No files found.
--- a/malware/rovnix_downloader_sinkhole_check.yar
+++ b/malware/rovnix_downloader_sinkhole_check.yar
 rule rovnix_downloader
 {
 	meta:
-		author=”Intel Security”
+		author="Intel Security"
-		description=”Rovnix downloader with sinkhole checks”
+		description="Rovnix downloader with sinkhole checks"
 		reference = "https://blogs.mcafee.com/mcafee-labs/rovnix-downloader-sinkhole-time-checks/"
 	strings:
-			$sink1=”control”
+			$sink1= "control"
-			$sink2 = “sink”
+			$sink2 = "sink"
-			$sink3 = “hole”
+			$sink3 = "hole"
-			$sink4= “dynadot”
+			$sink4= "dynadot"
-			$sink5= “block”
+			$sink5= "block"
-			$sink6= “malw”
+			$sink6= "malw"
-			$sink7= “anti”
+			$sink7= "anti"
-			$sink8= “googl”
+			$sink8= "googl"
-			$sink9= “hack”
+			$sink9= "hack"
-			$sink10= “trojan”
+			$sink10= "trojan"
-			$sink11= “abuse”
+			$sink11= "abuse"
-			$sink12= “virus”
+			$sink12= "virus"
-			$sink13= “black”
+			$sink13= "black"
-			$sink14= “spam”
+			$sink14= "spam"
-			$boot= “BOOTKIT_DLL.dll”
+			$boot= "BOOTKIT_DLL.dll"
 			$mz = { 4D 5A }
 	condition:
 		$mz in (0..2) and all of ($sink*) and $boot