From ee2b664e053cc51db9efbbadcdcfd61aeb62e0e7 Mon Sep 17 00:00:00 2001
From: Julien (jvoisin) Voisin
Date: Tue, 23 Feb 2016 17:05:36 +0100
Subject: Rename a rule

---
 php-malware-finder/malwares.yara | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara
index 4603b76..1a4abf6 100644
--- a/php-malware-finder/malwares.yara
+++ b/php-malware-finder/malwares.yara
@@ -62,7 +62,7 @@ rule ObfuscatedPhp
         $align = /(\$\w+=[^;]*)*;\$\w+=@?\$\w+\(/  //b374k
         $weevely3 = /\$\w=\$[a-zA-Z]\('',\$\w\);\$\w\(\);/  // weevely3 launcher
         $c99_launcher = /;\$\w+\(\$\w+(,\s?\$\w+)+\);/  // http://bartblaze.blogspot.fr/2015/03/c99shell-not-dead.html
-        $strange_arg = /\${\$[0-9a-zA-z]+}/
+        $variable_variable = /\${\$[0-9a-zA-z]+}/
         $too_many_chr = /(chr\([\d]+\)\.){2,}?/
         $b64_concat = /('[A-Za-z0-9=+]*'\.){4,8}?/    
 condition:
-- 
cgit v1.3