malduck icon indicating copy to clipboard operation
malduck copied to clipboard

Published 20 hours ago verified publisher icon CERT-Polska

Retrieving XOR key from yara engine

Open Still34 opened this issue 1 year ago • 0 comments

Summary

Consider the following yara rule,

rule example {
    strings:
        $xor = "hello world!" xor
    condition:
        any of them
}

When using yara-python, one could fetch the found XOR key from the xor_key property from a StringMatchInstance object. This property does not appear to be passed to the yara wrapper in malduck yet?

Still34 avatar Dec 14 '23 05:12 Still34