From 16670d87d98a9dfda557e73e27568d7205a5488c Mon Sep 17 00:00:00 2001
From: wesinator <5124946+wesinator@users.noreply.github.com>
Date: Mon, 20 May 2019 22:26:20 -0400
Subject: [PATCH] Disable PEiD Armadillo packer false positive

"Armadillo v1.xx - v2.xx" is a false positive

https://www.zscaler.com/blogs/research/your-windows-8-packed
---
 Packers/packer.yar | 4 +++-
 Packers/peid.yar   | 6 ++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/Packers/packer.yar b/Packers/packer.yar
index 0ae4765f..3b7ac082 100644
--- a/Packers/packer.yar
+++ b/Packers/packer.yar
@@ -17191,6 +17191,8 @@ condition:
 }
 
 
+/* false positive - https://www.zscaler.com/blogs/research/your-windows-8-packed
+
 rule Armadillov1xxv2xx
 {
       meta:
@@ -17200,7 +17202,7 @@ strings:
 
 condition:
 		$a0 at pe.entry_point
-}
+}*/
 
 
 rule HACKSTOPv111c
diff --git a/Packers/peid.yar b/Packers/peid.yar
index 2d726024..a45498c5 100644
--- a/Packers/peid.yar
+++ b/Packers/peid.yar
@@ -5928,6 +5928,7 @@ rule Armadillo_v310: PEiD
 
 }
 
+/* false positive - https://www.zscaler.com/blogs/research/your-windows-8-packed
 rule Armadillo_v1xx_v2xx_additional: PEiD
 {
     strings:
@@ -5935,7 +5936,7 @@ rule Armadillo_v1xx_v2xx_additional: PEiD
     condition:
         $a at pe.entry_point
 
-}
+}*/
 
 rule DOS32_v33_DOS_Extender_and_Loader_Hint_DOS_EP: PEiD
 {
@@ -39949,6 +39950,7 @@ rule MCLOCK_13: PEiD
 
 }
 
+/* false positive - https://www.zscaler.com/blogs/research/your-windows-8-packed
 rule Armadillo_v1xx_v2xx: PEiD
 {
     strings:
@@ -39956,7 +39958,7 @@ rule Armadillo_v1xx_v2xx: PEiD
     condition:
         $a at pe.entry_point
 
-}
+}*/
 
 rule Lattice_C_v101: PEiD
 {