Hello.
Do you mean Windows executables? If so, there's a PE module you should use.
A sample rule is as follows:
import "pe"
rule exe {
condition:
pe.is_pe
and not (pe.characteristics & pe.DLL)
and pe.subsystem != pe.SUBSYSTEM_NATIVE
}
The above rule matches executables (.ex
Any solution or help on this ask?
On Tuesday, 28 June 2022 at 00:39:58 UTC-4 muhammadz...@gmail.com wrote:
> I want to write yara rule to detect only executable files in any drive,
> can any one help me out
>
>
--
You received this message because you are subscribed to the Google Groups
"YAR
I want to write yara rule to detect only executable files in any drive, can
any one help me out
--
You received this message because you are subscribed to the Google Groups
"YARA" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to yara-project+unsubscr..