Update KiloAlfa.yara

bc657aba · mmorenog · cb27616b · bc657aba
Commit bc657aba authored Feb 25, 2016 by mmorenog
Hide whitespace changes
Inline Side-by-side

Showing with 1 additions and 6 deletions

KiloAlfa.yara malware/Operation_Blockbuster/KiloAlfa.yara +1 -6

No files found.
--- a/malware/Operation_Blockbuster/KiloAlfa.yara
+++ b/malware/Operation_Blockbuster/KiloAlfa.yara
@@ -21,12 +21,7 @@ rule KiloAlfa
 		
 		this block of code is used multiple times in sequence so i'm looking for 5 consecutive blocks
 		*/
-		$keyxlate = {
-			68 ?? 00 00 00 FF 15 [4] 66 ?? 01 80 75 ?? 6A ?? E8 [4] 83 C4 04
-			68 ?? 00 00 00 FF 15 [4] 66 ?? 01 80 75 ?? 6A ?? E8 [4] 83 C4 04
-			68 ?? 00 00 00 FF 15 [4] 66 ?? 01 80 75 ?? 6A ?? E8 [4] 83 C4 04
-			68 ?? 00 00 00 FF 15 [4] 66 ?? 01 80 75 ?? 6A ?? E8 [4] 83 C4 04
-		}
+		$keyxlate = {68 ?? 00 00 00 FF 15 [4] 66 ?? 01 80 75 ?? 6A ?? E8 [4] 83 C4 04 68 ?? 00 00 00 FF 15 [4] 66 ?? 01 80 75 ?? 6A ?? E8 [4] 83 C4 04 68 ?? 00 00 00 FF 15 [4] 66 ?? 01 80 75 ?? 6A ?? E8 [4] 83 C4 04 68 ?? 00 00 00 FF 15 [4] 66 ?? 01 80 75 ?? 6A ?? E8 [4] 83 C4 04}
 		
 	/*
 		6A 2A                    push    2Ah