From 8901cefaeed22e486df1d583e89ad2c80ea32593 Mon Sep 17 00:00:00 2001
From: mmorenog <mmorenog@users.noreply.github.com>
Date: Thu, 25 Feb 2016 19:01:22 +0100
Subject: [PATCH] Update LimaAlfa.yara

---
 malware/Operation_Blockbuster/LimaAlfa.yara | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/malware/Operation_Blockbuster/LimaAlfa.yara b/malware/Operation_Blockbuster/LimaAlfa.yara
index cc5b32a..849a50c 100644
--- a/malware/Operation_Blockbuster/LimaAlfa.yara
+++ b/malware/Operation_Blockbuster/LimaAlfa.yara
@@ -22,18 +22,7 @@ rule LimaAlfa
 		01 28              add     [eax], ebp
 	*/
 
-	$a = {
-			33 C0 
-			66 [2] 
-			8B ?? 
-			81 ?? 00 F0 FF FF 
-			81 ?? 00 30 00 00 
-			75 ?? 
-			8B [3] 
-			25 FF 0F 00 00 
-			03 C7 
-			01 
-		}
+	$a = {33 C0 66 [2] 8B ?? 81 ?? 00 F0 FF FF 81 ?? 00 30 00 00 75 ?? 8B [3] 25 FF 0F 00 00 03 C7 01}
 
 	condition:
 		$a in ((pe.sections[pe.section_index(".text")].raw_data_offset)..(pe.sections[pe.section_index(".text")].raw_data_offset + pe.sections[pe.section_index(".text")].raw_data_size))
--
libgit2 0.26.0