Syntax error fixed

Syntax error fixed

Syntax error fixed
71d524f5 · j0sm1 · GitHub · 8f2e56df · 71d524f5
Unverified Commit 71d524f5 authored May 07, 2019 by j0sm1 Committed by GitHub May 07, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 10 deletions

MALW_ATM_HelloWorld.yar malware/MALW_ATM_HelloWorld.yar +5 -10

No files found.
--- a/malware/MALW_ATM_HelloWorld.yar
+++ b/malware/MALW_ATM_HelloWorld.yar
@@ -2,26 +2,21 @@
    This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
 */

-rule ATM_HelloWorld : 
+rule ATM_HelloWorld : malware
 {
    meta:
        description = "Search strings and procedure in HelloWorld ATM Malware"
        author = "xylitol@temari.fr"
        date = "2019-01-13"
-        // May only the challenge guide you
+
    strings:
        $api1 = "CscCngOpen" ascii wide
        $api2 = "CscCngClose" ascii wide
        $string1 = "%d,%02d;" ascii wide
        $string2 = "MAX_NOTES" ascii wide
-
-/*
-f6609bb3c3197ace26ebdeb372ba657ac84b05a3e9e265b5211e1ea42da70dbe:
-.text:00401EDE FF 15 08 B2 41 00             CALL DWORD PTR DS:[41B208]  ; cscwcng.CscCngDispense
-.text:00401EE4 BF 00 80 00 00                MOV EDI,8000
-.text:00401EE9 85 C7                         TEST EDI,EAX
-*/
        $hex_var1 = { FF 15 ?? ?? ?? ?? BF 00 80 00 00 85 C7 }
-    condition:  
+
+    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and all of them
 }
+