diff options
| author | jvoisin | 2015-05-22 09:43:31 +0200 |
|---|---|---|
| committer | jvoisin | 2015-05-22 09:43:31 +0200 |
| commit | d8ad70a5c5bc621289d6d38c64525bb2b8dca9c0 (patch) | |
| tree | d229a1f44009b1d6ad1bf4ad1a9ab16d4853391f | |
| parent | f9e7357cdc5e006f528235a12f9cd72973aa0dbe (diff) | |
Fix a mistake
| -rw-r--r-- | malwares.yara | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/malwares.yara b/malwares.yara index deb5f5f..25ba196 100644 --- a/malwares.yara +++ b/malwares.yara | |||
| @@ -54,7 +54,7 @@ private rule CloudFlareBypass | |||
| 54 | rule ObfuscatedPhp | 54 | rule ObfuscatedPhp |
| 55 | { | 55 | { |
| 56 | strings: | 56 | strings: |
| 57 | $vars = /\$__*/ // $__ is rarely used in legitimate scripts | 57 | $vars = /\$__+/ // $__ is rarely used in legitimate scripts |
| 58 | $eval = /[;}][\t ]*@?(eval|preg_replace|system|exec)\(/ // ;eval( <- this is dodgy | 58 | $eval = /[;}][\t ]*@?(eval|preg_replace|system|exec)\(/ // ;eval( <- this is dodgy |
| 59 | $align = /(\$\w+=[^;]*)*;\$\w+=@?\$\w+\(/ //b374k | 59 | $align = /(\$\w+=[^;]*)*;\$\w+=@?\$\w+\(/ //b374k |
| 60 | $oneliner = /<\?php\s*\n*\r*\s*(eval|preg_replace|system|exec)\(/ | 60 | $oneliner = /<\?php\s*\n*\r*\s*(eval|preg_replace|system|exec)\(/ |
