The carriage return is causing error when scanning files. Made the string one line.

5bb6eb3f · Eric Chin · 6c9cbcca · 5bb6eb3f
Commit 5bb6eb3f authored May 02, 2017 by Eric Chin
Hide whitespace changes
Inline Side-by-side

Showing with 1 additions and 3 deletions

APT_RedLeaves malware/APT_RedLeaves +1 -3

No files found.
--- a/malware/APT_RedLeaves
+++ b/malware/APT_RedLeaves
@@ -17,9 +17,7 @@ rule malware_red_leaves_generic {
    $ = "\\\\.\\pipe\\NamePipe_MoreWindows" wide
    $ = "RedLeavesCMDSimulatorMutex" wide
    $ = "(NT %d.%d Build %d)" wide
-    $ = "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; 
-      SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; 
-      .NET4.0E)" wide
+    $ = "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)" wide
    $ = "red_autumnal_leaves_dllmain.dll" wide ascii
    $ = "__data" wide
    $ = "__serial" wide