You might find what you are looking for here:
http://yararules.com/
On Friday, November 25, 2016 at 1:21:44 PM UTC-6, jimnas...@gmail.com wrote:
>
> Is there an existing rules repository for file types that can be
> downloaded and used with Yara?
>
> For example, a file type rule for PE file
Sharing a program I wrote to help handle understanding the YARA rules I
have in a rule file. It gives some metrics but helps identify duplicate
strings across rules and other quality items. Still working on it but
thought others might benefit from it as well.
You can find it here: https://g
If you want to match "fish" exactly and want to only find it with spaces
around it, e.g., no periods or other characters allowed with fullword,
consider using a hex string:
$fish = { 20 66 69 73 68 20}
This would match only exactly on situations where there is a space followed
by the word "fis
