remove duplicate features from some rules (#984)

v1bh475u · web-flow · commit b4e0c8cdf89a · 2025-01-28T12:54:17.000+01:00
* remove duplicate features from some rules

* keep commented hex values to show AfdOpenPacketX structure

Signed-off-by: vibhatsu &lt;maulikbarot2915@gmail.com&gt;

---------

Signed-off-by: vibhatsu &lt;maulikbarot2915@gmail.com&gt;
diff --git a/anti-analysis/anti-vm/vm-detection/reference-anti-vm-strings-targeting-virtualbox.yml b/anti-analysis/anti-vm/vm-detection/reference-anti-vm-strings-targeting-virtualbox.yml
@@ -55,7 +55,6 @@ rule:
       - string: /\\\\.\\pipe\\VBoxTrayIPC/i
       - string: /VBoxTrayToolWndClass/i
       - string: /VBoxTrayToolWnd/i
-      - string: /vboxservice\.exe/i
       - string: /vboxtray.exe/i
       - string: /vboxvideo/i
       - string: /VBoxVideoW8/i
diff --git a/anti-analysis/anti-vm/vm-detection/reference-anti-vm-strings-targeting-vmware.yml b/anti-analysis/anti-vm/vm-detection/reference-anti-vm-strings-targeting-vmware.yml
@@ -56,7 +56,6 @@ rule:
       - string: /vmx86/i
       - string: /VMwareVMware/i
       - string: /vmGuestLib\.dll/i
-      - string: /vmGuestLib\.dll/i
       - string: /Applications\\VMwareHostOpen\.exe/i
       - string: /vm3dgl\.dll/i
       - string: /vmdum\.dll/i
diff --git a/anti-analysis/anti-vm/vm-detection/reference-anti-vm-strings-targeting-xen.yml b/anti-analysis/anti-vm/vm-detection/reference-anti-vm-strings-targeting-xen.yml
@@ -20,5 +20,4 @@ rule:
       - string: /^Xen/i
       - string: /XenVMMXenVMM/i
       - string: /xenservice.exe/i
-      - string: /XenVMMXenVMM/i
       - string: /HVM domU/i
diff --git a/communication/socket/tcp/create-tcp-socket-via-raw-afd-driver.yml b/communication/socket/tcp/create-tcp-socket-via-raw-afd-driver.yml
@@ -41,7 +41,7 @@ rule:
             - number: 0x64 = d
             - number: 0x4F = O
             - number: 0x70 = p
-            - number: 0x65 = e
+            # - number: 0x65 = e
             - number: 0x6E = n
             - number: 0x50 = P
             - number: 0x61 = a
@@ -53,7 +53,7 @@ rule:
             - number: 0x02
             - number: 0x01
             - number: 0x06
-            - number: 0x00
+            # - number: 0x00
             - number: 0x60
             - number: 0xEF
             - number: 0x3D
diff --git a/nursery/send-data-to-internet.yml b/nursery/send-data-to-internet.yml
@@ -24,6 +24,5 @@ rule:
         - api: System.Net.WebClient::UploadString
         - api: System.Net.WebClient::UploadStringAsync
         - api: System.Net.WebClient::UploadStringTaskAsync
-        - api: System.Net.WebClient::UploadValues
         - api: System.Net.WebClient::UploadValuesAsync
         - api: System.Net.WebClient::UploadValuesTaskAsync
diff --git a/persistence/office/act-as-office-com-add-in.yml b/persistence/office/act-as-office-com-add-in.yml
@@ -19,7 +19,6 @@ rule:
       - format: dotnet
       - class: Extensibility.IDTExtensibility2
       - or:
-        - string: "OnAddInsUpdate"
         - string: "OnAddInsUpdate"
         - string: "OnBeginShutdown"
         - string: "OnConnection"
