1 files changed, 0 insertions, 1 deletions
diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara
index 1a4abf6..45100c5 100644
--- a/php-malware-finder/malwares.yara
+++ b/php-malware-finder/malwares.yara
@@ -64,7 +64,6 @@ rule ObfuscatedPhp
        $c99_launcher = /;\$\w+\(\$\w+(,\s?\$\w+)+\);/  // http://bartblaze.blogspot.fr/2015/03/c99shell-not-dead.html
        $variable_variable = /\${\$[0-9a-zA-z]+}/
        $too_many_chr = /(chr\([\d]+\)\.){2,}?/
-        $b64_concat = /('[A-Za-z0-9=+]*'\.){4,8}?/    
 condition:
        any of them and not IsWhitelisted
 }

diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara index 1a4abf6..45100c5 100644 --- a/php-malware-finder/malwares.yara +++ b/php-malware-finder/malwares.yara
@@ -64,7 +64,6 @@ rule ObfuscatedPhp
64	$c99_launcher = /;\$\w+\(\$\w+(,\s?\$\w+)+\);/ // http://bartblaze.blogspot.fr/2015/03/c99shell-not-dead.html	64	$c99_launcher = /;\$\w+\(\$\w+(,\s?\$\w+)+\);/ // http://bartblaze.blogspot.fr/2015/03/c99shell-not-dead.html
65	$variable_variable = /\${\$[0-9a-zA-z]+}/	65	$variable_variable = /\${\$[0-9a-zA-z]+}/
66	$too_many_chr = /(chr\([\d]+\)\.){2,}?/	66	$too_many_chr = /(chr\([\d]+\)\.){2,}?/
67	$b64_concat = /('[A-Za-z0-9=+]*'\.){4,8}?/
68	condition:	67	condition:
69	any of them and not IsWhitelisted	68	any of them and not IsWhitelisted
70	}	69	}