Update SierraAlfa.yara

f8cc4e9a · mmorenog · 7747d094 · f8cc4e9a
Commit f8cc4e9a authored Feb 25, 2016 by mmorenog
Hide whitespace changes
Inline Side-by-side

Showing with 1 additions and 2 deletions

SierraAlfa.yara malware/Operation_Blockbuster/SierraAlfa.yara +1 -2

No files found.
--- a/malware/Operation_Blockbuster/SierraAlfa.yara
+++ b/malware/Operation_Blockbuster/SierraAlfa.yara
@@ -40,8 +40,7 @@ rule SierraAlfa
 		E8 7D 51 00 00           call    closesocket
 	*/
-	$connectTest = { 8D [3] 5? 68 7E 66 04 80 5? E8 [4] 8D [3] 6A 10 5? 5? E8 [4] 8B [6] 8D [3] 5? 8D [3] 6A 00 5? 6A 00 6A 00 
+	$connectTest = {8D [3] 5? 68 7E 66 04 80 5? E8 [4] 8D [3] 6A 10 5? 5? E8 [4] 8B [6] 8D [3] 5? 8D [3] 6A 00 5? 6A 00 6A 00 89 [3] 89 [3] 89 [3] C7 [7] E8 [4] 33 ?? 5? 85 C0 0F 9F ?? 8B ?? E8}
-			89 [3] 89 [3] 89 [3] C7 [7] E8 [4] 33 ?? 5? 85 C0 0F 9F ?? 8B ?? E8 }
 	/*
 		E8 D8 62 00 00                                call    rand