Thanks Fernando, your suggestion worked. Thanks a ton.
On Friday, 21 September 2018 00:18:45 UTC+5:30, raghvendra mishra wrote:
>
> Hi,
> I am trying to do a heuristic based detection of malware samples using
> YARA and got stuck when i need to add up total number of occurrences of set
> of strings to detect the sample,
> For example, say i have a rule like this,
>
> *rule Malware_Detection : file*
> *{*
> * meta:*
> * author = "Raghvendra"*
> * version = "0.1"*
> * description = "Detecting malwares using heuristics"*
> * strings:*
>
> * $str1= "alice" nocase*
> * $str2="bob" nocase*
> * $str3="intruder" nocase*
> * condition:*
> * need to write*
> *}*
> what i am trying to achieve is, if the total number of occurrences of any
> or combination of strings is greater than 20 then yara engine should
> trigger. So, in sample $str1 could get match 20 times so yara should
> trigger, in sample $str1(15 times) and $str2(5 times) could get match so
> yara should trigger etc. The combination of string matching could be
> anything but it should be equal to 20.
> Is there anyway to implement it in yara?
>
> Thanks,
> --Raghvendra
>
--
You received this message because you are subscribed to the Google Groups
"YARA" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to yara-project+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
