1 files changed, 0 insertions, 1 deletions
diff --git a/malwares.yara b/malwares.yara
index 792c0d2..deb5f5f 100644
--- a/malwares.yara
+++ b/malwares.yara
@@ -110,7 +110,6 @@ rule DodgyPhp
        $htaccess = "SetHandler application/x-httpd-php"
        $obvious_preg = /['"]\/\.\*\/e["']/ fullword  // "/.*/e" <- this is suspicious
        $udp_dos = /sockopen\s*\(['"]udp:\/\//
-        $stored_func = /\$[A-Za-z0-9_-]+\[([0-9]+|['"][^'"]+['"])\]\s*\(/  // things like $myArray['varname'](parameters, ...)
    condition:
        IsPhp and (any of them or CloudFlareBypass)

diff --git a/malwares.yara b/malwares.yara index 792c0d2..deb5f5f 100644 --- a/malwares.yara +++ b/malwares.yara
@@ -110,7 +110,6 @@ rule DodgyPhp
110	$htaccess = "SetHandler application/x-httpd-php"	110	$htaccess = "SetHandler application/x-httpd-php"
111	$obvious_preg = /['"]\/\.\\/e["']/ fullword // "/./e" <- this is suspicious	111	$obvious_preg = /['"]\/\.\\/e["']/ fullword // "/./e" <- this is suspicious
112	$udp_dos = /sockopen\s*\(['"]udp:\/\//	112	$udp_dos = /sockopen\s*\(['"]udp:\/\//
113	$stored_func = /\$[A-Za-z0-9_-]+\[([0-9]+\|['"][^'"]+['"])\]\s*\(/ // things like $myArray['varname'](parameters, ...)
114		113
115	condition:	114	condition:
116	IsPhp and (any of them or CloudFlareBypass)	115	IsPhp and (any of them or CloudFlareBypass)