Update RomeoHotel.yara

malware/Operation_Blockbuster/RomeoHotel.yara

@@ -25,8 +25,7 @@ rule RomeoHotel
 		41 83 C4 3C     add     r12d, 3Ch
 	*/
 
-	$randBuff64 = {
-			E8 [4]
+	$randBuff64 = {	E8 [4]
 			44 [2]
 			44 [2] 
 			B? 1F 85 EB 51 
@@ -38,8 +37,7 @@ rule RomeoHotel
 			03 ?? 
 			6B ?? 64 
 			44 [2] 
-			41 [2] 3C 
-		}
+			41 [2] 3C}
 		
 	/*
 		FF 15 40 70 01 10     call    ds:GetDiskFreeSpaceExA
@@ -54,8 +52,7 @@ rule RomeoHotel
 		E8 4C 7C 00 00        call    __allmul
 	*/
 
-	$diskSpace = {
-			FF 15 [4]
+	$diskSpace = { FF 15 [4]
 			85 C0 
 			74 ??
 			8B [6]
@@ -64,8 +61,7 @@ rule RomeoHotel
 			68 00 00 10 00 
 			5? 
 			5? 
-			E8
-		}
+			E8}
 		
 	$winst = "winsta0\\default" wide		// this limits the overlap with RomeoGolf