Update MALW_CAP_Win32Inet.yara

malware/MALW_CAP_Win32Inet.yara

@@ -9,43 +9,51 @@
 
 rule Str_Win32_Winsock2_Library
 {
+
     meta:
         author = "@adricnet"
         description = "Match Winsock 2 API library declaration"
         method = "String match"
+
     strings:
         $ws2_lib = "Ws2_32.dll" nocase
         $wsock2_lib = "WSock32.dll" nocase
+
     condition:
-	(any of ($ws2_lib, $wsock2_lib))
+    (any of ($ws2_lib, $wsock2_lib))
 }
 
 rule Str_Win32_Wininet_Library
 {
+    
     meta:
         author = "@adricnet"
         description = "Match Windows Inet API library declaration"
         method = "String match"
+    
     strings:
         $wininet_lib = "WININET.dll" nocase
+    
     condition:
-	(all of ($wininet*))
+    (all of ($wininet*))
 }
 
 rule Str_Win32_Internet_API
 {
+   
     meta:
         author = "@adricnet"
         description = "Match Windows Inet API call"
         method = "String match, trim the As"
+   
     strings:
-	$wininet_call_closeh = "InternetCloseHandle"
-	$wininet_call_readf = "InternetReadFile"
-	$wininet_call_connect = "InternetConnect"
-	$wininet_call_open = "InternetOpen"
+        $wininet_call_closeh = "InternetCloseHandle"
+        $wininet_call_readf = "InternetReadFile"
+        $wininet_call_connect = "InternetConnect"
+        $wininet_call_open = "InternetOpen"
 
     condition:
-	(any of ($wininet_call*))
+        (any of ($wininet_call*))
 }
 
 rule Str_Win32_Http_API
@@ -54,10 +62,11 @@ rule Str_Win32_Http_API
         author = "@adricnet"
         description = "Match Windows Http API call"
         method = "String match, trim the As"
+   
     strings:
-	$wininet_call_httpr = "HttpSendRequest"
-	$wininet_call_httpq = "HttpQueryInfo"
-	$wininet_call_httpo = "HttpOpenRequest"
-    condition:
-	(any of ($wininet_call_http*))
+        $wininet_call_httpr = "HttpSendRequest"
+        $wininet_call_httpq = "HttpQueryInfo"
+        $wininet_call_httpo = "HttpOpenRequest"
+     condition:
+        (any of ($wininet_call_http*))
 }