From 0e7023de422ee667ad1ab9bb878658efb8840fb8 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Thu, 15 Oct 2015 16:00:05 +0200
Subject: Fix #11

This is a bit hackish, but I can't manage to find a more elegant way to do it.---
 malwares.yara | 1 +
 1 file changed, 1 insertion(+)

diff --git a/malwares.yara b/malwares.yara
index 1263b39..c901d06 100644
--- a/malwares.yara
+++ b/malwares.yara
@@ -85,6 +85,7 @@ private rule hex
       $exec = "\\x65\\x78\\x65\\x63" nocase
       $system = "\\x73\\x79\\x73\\x74\\x65\\x6d" nocase
       $preg_replace = "\\x70\\x72\\x65\\x67\\x5f\\x72\\x65\\x70\\x6c\\x61\\x63\\x65" nocase
+      $http_user_agent = "\\x48\\124\\x54\\120\\x5f\\125\\x53\\105\\x52\\137\\x41\\107\\x45\\116\\x54" nocase
     
     condition:
         any of them
-- 
cgit v1.3