File: sample.rules

package info (click to toggle)
yara 4.5.5-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 13,884 kB
  • sloc: ansic: 52,295; yacc: 2,895; lex: 2,019; cpp: 863; makefile: 479; javascript: 85; sh: 47; python: 35
file content (13 lines) | stat: -rw-r--r-- 179 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
 
import "pe"

rule UPX : Packer
{
    strings: 
        $a = {60 E8 00 00 00 00 58 83 E8 3D 50 8D B8}

    condition:
        $a at pe.entry_point
}


rule test {condition: false}