something like this:
rule Overlay_check {
meta:
author = "Me"
condition:
int16be(pe.overlayoffset) == 0x5a44
}that would make it easier to make detections. Would be nice if that was implemented :) -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to yara-project+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
