Rename architecture-specific rules and update rule name and match feature inside YAML files

Author: akh7177

anti-analysis/anti-debugging/debugger-detection/check-for-peb-beingdebugged-flag.yml

@@ -15,5 +15,5 @@ rule:
       - Practical Malware Analysis Lab 16-01.exe_:0x403530
   features:
     - and:
-      - match: PEB access
+      - match: PEB access via x86 assembly
       - offset: 2 = PEB.BeingDebugged

anti-analysis/anti-debugging/debugger-detection/check-for-peb-ntglobalflag-flag-via-x86-assembly.yml

@@ -18,7 +18,7 @@ rule:
     - and:
       - basic block:
         - and:
-          - match: PEB access
+          - match: PEB access via x86 assembly
           - or:
             - and:
               - arch: i386

anti-analysis/anti-disasm/contain-anti-disasm-techniques.yml

@@ -13,4 +13,4 @@ rule:
       - a5c70086b3bc4fe64f4e7a0aa452e620
   features:
     - or:
-      - count(match(contain pusha popa sequence)): 10 or more
+      - count(match(contain pusha popa sequence via x86 assembly)): 10 or more

data-manipulation/encryption/hc-128/encrypt-data-using-hc-128-via-wolfssl.yml

@@ -31,7 +31,7 @@ rule:
               - number: 0x100
         - or:
           - description: modulo 256
-          - match: calculate modulo 256 via x86 assembly
+          - match: calculate modulo 256 via x86 assembly via x86 assembly
           - basic block:
             - and:
               - description: modulo via zero-extended mov from 8-bit register

data-manipulation/encryption/rc4/encrypt-data-using-rc4-ksa-via-x86-assembly.yml

@@ -22,7 +22,7 @@ rule:
       # TODO: maybe add characteristic for nzxor reg size
       - count(characteristic(nzxor)): 1
       - or:
-        - match: calculate modulo 256 via x86 assembly
+        - match: calculate modulo 256 via x86 assembly via x86 assembly
         # compiler may do this via zero-extended mov from 8-bit register
         - count(mnemonic(movzx)): 4 or more
       # should not call (many) functions