Re: Getting information about PE using yara-python

I use this module for Python to read .NET info... It's Python2 only, but converting to Python3 is super simple. I have it done locally just haven't had time to put it into a PR: https://github.com/crackinglandia/pype32 On Mon, Mar 12, 2018 at 10:52 AM Wesley Shields wrote:

Re: Getting information about PE using yara-python

Sure, I've been using it to unpack and handle config blocks from .NET binaries using this technique: https://gist.github.com/wxsBSD/1e518cef545fee7bb991a9dc6c14a0f7 Substitute the dotnet module for the pe module and you will get access to all the information exposed via the PE module (you

Getting information about PE using yara-python

Is there a way to get information about PE file using yara-python command directly or indirectly? (section number,timestamp etc) -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an