Update MALW_Elex.yar

malware/MALW_Elex.yar

@@ -2,8 +2,12 @@
     This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as    long as you use it under this license.
 
 */
+
 import "pe"
-rule Trj_Elex_Installer_NSIS {
+
+rule Trj_Elex_Installer_NSIS 
+{
+   
     meta:
         author = "Centro Criptológico Nacional (CCN)"
         description = "Elex Installer NSIS"
@@ -15,7 +19,10 @@ rule Trj_Elex_Installer_NSIS {
     condition:
         ($mz at 0) and ($str1 at 0xA008) and ($str2 at 0x1c8700)
 }
-rule Trj_Elex_Installer {
+
+rule Trj_Elex_Installer 
+{
+
     meta:
         author = "Centro Criptológico Nacional (CCN)"
         description = "Elex Installer"
@@ -28,7 +35,10 @@ rule Trj_Elex_Installer {
     condition:
         ($mz at 0) and ($str1) and ($str2) and ($str3)
 }
-rule Trj_Elex_Service32 {
+
+rule Trj_Elex_Service32 
+{
+
     meta:
         author = "Centro Criptológico Nacional (CCN)"
         description = "Elex Service 32 bits"
@@ -41,7 +51,10 @@ rule Trj_Elex_Service32 {
     condition:
         (pe.machine == pe.MACHINE_I386) and ($mz at 0) and ($str1) and ($str2) and ($str3)
 }
-rule Trj_Elex_Service64 {
+
+rule Trj_Elex_Service64 
+{
+    
     meta:
         author = "Centro Criptológico Nacional (CCN)"
         description = "Elex Service 64 bits"
@@ -54,7 +67,10 @@ rule Trj_Elex_Service64 {
     condition:
         (pe.machine == pe.MACHINE_AMD64) and ($mz at 0) and ($str1) and ($str2) and ($str3)
 }
-rule Trj_Elex_Dll32 {
+
+rule Trj_Elex_Dll32 
+{
+
     meta:
         author = "Centro Criptológico Nacional (CCN)"
         description = "Elex DLL 32 bits"
@@ -66,7 +82,10 @@ rule Trj_Elex_Dll32 {
     condition:
         (pe.machine == pe.MACHINE_I386) and (pe.characteristics & pe.DLL) and ($mz at 0) and ($str1) and ($str2)
 }
-rule Trj_Elex_Dll64 {
+
+rule Trj_Elex_Dll64 
+{
+
     meta:
         author = "Centro Criptológico Nacional (CCN)"
         description = "Elex DLL 64 bits"