Victor M. Alvarez
Victor M. Alvarez
Well, the first thing is to manually check that `malicious.bin` actually matches the rule. Can you paste the content of the rule here? I've found for `RAT_Meterpreter_Reverse_Tcp.yar` in GitHub and...
The rule is very straightforward, have you confirmed that `malicious.bin` contain those strings?
I tried to replicate this issue without success. I built YARA with Visual Studio 2015 both for 64 and 32 bits in debug mode and it didn't crashed. The pre-built...
My only concern with this is that it can lead to false negatives if the pattern you are looking for with you rule spans a block boundary. The risk is...
Do you plan to implement it for the remaining platforms?
That's probably because you don't have openssl installed in your system, and imphash needs that library. Try `sudo apt-get install libssl-dev` before installing `yara-python`.
Do you mean multi-threaded? Or multi-process? Can you tell a little more about what do you want to accomplish?
I think that yara-python should work fine with multi-process, but honestly I haven't test it myself. Anyone have tried it?
As I already commented in the PR, #163 is interesting but I don't think it should be added to this repository, mainly because most of the logic in the code...
The actual verification of PE signatures, going up the signing chain up to a root certificate trusted by the operating system is a major undertake. In Windows you can simply...