Update UniformAlfa.yara

d379f5cf · mmorenog · 8901cefa · d379f5cf
Commit d379f5cf authored Feb 25, 2016 by mmorenog
Hide whitespace changes
Inline Side-by-side

Showing with 1 additions and 11 deletions

UniformAlfa.yara malware/Operation_Blockbuster/UniformAlfa.yara +1 -11

No files found.
--- a/malware/Operation_Blockbuster/UniformAlfa.yara
+++ b/malware/Operation_Blockbuster/UniformAlfa.yara
@@ -20,17 +20,7 @@ rule UniformAlfa
 		FF 15 08 70 40 00  call    ds:DeleteService
 	*/

-	$stopDeleteService = {
-			8D [3] 
-			5? 
-			6A 01 
-			5? 
-			FF D? 
-			83 [3] 01 
-			75 ?? 
-			5? 
-			FF 15  
-		}
+	$stopDeleteService = {8D [3] 5? 6A 01 5? FF D?	83 [3] 01 75 ?? 5? FF 15}

 	condition:
 		$stopDeleteService in ((pe.sections[pe.section_index(".text")].raw_data_offset)..(pe.sections[pe.section_index(".text")].raw_data_offset + pe.sections[pe.section_index(".text")].raw_data_size))