Update MALW_AdGholas.yar

malware/MALW_AdGholas.yar

 /*
     This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
-
 */
 
-rule AdGholas_mem : memory
+rule AdGholas_mem
 {
+
     meta:
         malfamily = "AdGholas"
         ref = "https://www.proofpoint.com/us/threat-insight/post/massive-adgholas-malvertising-campaigns-use-steganography-and-file-whitelisting-to-hide-in-plain-sight"
@@ -22,13 +22,13 @@ rule AdGholas_mem : memory
         all of ($a*)
 }
 
-rule AdGholas_mem_MIME : memory
+rule AdGholas_mem_MIME 
 {
+
     meta:
         malfamily = "AdGholas"
         ref = "https://www.proofpoint.com/us/threat-insight/post/massive-adgholas-malvertising-campaigns-use-steganography-and-file-whitelisting-to-hide-in-plain-sight"
 
-
     strings:
         $b1=".300000000" ascii nocase wide fullword
         $b2=".saz" ascii nocase wide fullword
@@ -43,6 +43,7 @@ rule AdGholas_mem_MIME : memory
 //expensive
 rule AdGholas_mem_antisec : memory
 {
+ 
     meta:
         malfamily = "AdGholas"
         ref = "https://www.proofpoint.com/us/threat-insight/post/massive-adgholas-malvertising-campaigns-use-steganography-and-file-whitelisting-to-hide-in-plain-sight"
@@ -83,8 +84,9 @@ rule AdGholas_mem_antisec : memory
         any of ($vid*) and #antisec > 20
 }
 
-rule AdGholas_mem_antisec_M2 : memory
+rule AdGholas_mem_antisec_M2
 {
+ 
     meta:
         malfamily = "AdGholas"
         ref = "https://www.proofpoint.com/us/threat-insight/post/massive-adgholas-malvertising-campaigns-use-steganography-and-file-whitelisting-to-hide-in-plain-sight"
@@ -100,8 +102,9 @@ rule AdGholas_mem_antisec_M2 : memory
         all of ($s*)
 }
 
-rule AdGholas_mem_MIME_M2 : memory
+rule AdGholas_mem_MIME_M2
 {
+
     meta:
         malfamily = "AdGholas"
         ref = "https://www.proofpoint.com/us/threat-insight/post/massive-adgholas-malvertising-campaigns-use-steganography-and-file-whitelisting-to-hide-in-plain-sight"