From a576f699723396acc90844a184c2006b80ab49c1 Mon Sep 17 00:00:00 2001
From: David Schramm <david.schramm@live.com>
Date: Mon, 7 Oct 2024 13:19:53 +0200
Subject: [PATCH] FormhookB: any -> all

---
 analyzer/windows/data/yara/Formbook.yar | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/analyzer/windows/data/yara/Formbook.yar b/analyzer/windows/data/yara/Formbook.yar
index 732310fc320..60e9e9bd5cf 100644
--- a/analyzer/windows/data/yara/Formbook.yar
+++ b/analyzer/windows/data/yara/Formbook.yar
@@ -24,7 +24,7 @@ rule FormhookB
         $decode = {55 8B EC 83 EC 24 53 56 57 [480-520] 8B E5 5D C3}
         $remap_ntdll = {90 90 90 90 90 90 8B (86 [2] 00 00|46 ??|06) 5F 5E 5B 8B E5 5D C3}
     condition:
-        any of them
+        all of them
 }
 
 rule FormconfA