Update LimaAlfa.yara

malware/Operation_Blockbuster/LimaAlfa.yara

@@ -22,18 +22,7 @@ rule LimaAlfa
 		01 28              add     [eax], ebp
 	*/
 
-	$a = {
-			33 C0 
-			66 [2] 
-			8B ?? 
-			81 ?? 00 F0 FF FF 
-			81 ?? 00 30 00 00 
-			75 ?? 
-			8B [3] 
-			25 FF 0F 00 00 
-			03 C7 
-			01 
-		}
+	$a = {33 C0 66 [2] 8B ?? 81 ?? 00 F0 FF FF 81 ?? 00 30 00 00 75 ?? 8B [3] 25 FF 0F 00 00 03 C7 01}
 
 	condition:
 		$a in ((pe.sections[pe.section_index(".text")].raw_data_offset)..(pe.sections[pe.section_index(".text")].raw_data_offset + pe.sections[pe.section_index(".text")].raw_data_size))