This is a decision made by YARA. The underlying code which is doing the hashing
is OpenSSL and that outputs using lowercase. Even if we switched it to all be
uppercase we would have users complaining that they are expecting lowercase. We
can't please everyone, so we just have to pick one and
Hi,
Ok, so because every hashing algorithm returns hashes in all uppercase and
yara requires all lower case, the only solution is for the user to manually
go through and change all uppercase to lowercase in the hash rather than
have either a tolower() functionality added to the yara rules or
See the warning at the top of
https://yara.readthedocs.io/en/stable/modules/hash.html - all hashes are
returned in lowercase.
-- WXS
> On Feb 22, 2021, at 11:30 AM, Jonathan Livolsi wrote:
>
> Hi,
>
> I am going through a lab to learn yara rules and have a simple problem but I
> am not