File: rules.yara

package info (click to toggle)
plaso 20260119-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 672,264 kB
  • sloc: python: 93,763; sh: 541; xml: 97; makefile: 19; sql: 14; vhdl: 11
file content (16 lines) | stat: -rw-r--r-- 189 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
 
rule PEfileBasic {
  strings:
    $mz = "MZ"

  condition:
    ($mz at 0)
}

rule PEfile {
  strings:
    $mz = "MZ"
    $pe = "PE"

  condition:
    ($mz at 0) and ($pe at uint32(0x3c))
}