You might find what you are looking for here:
http://yararules.com/
On Friday, November 25, 2016 at 1:21:44 PM UTC-6, jimnas...@gmail.com wrote:
>
> Is there an existing rules repository for file types that can be
> downloaded and used with Yara?
>
> For example, a file type rule for PE files:
>
> Rule IsPE
>
> {
>
> condition:
>
> // MZ signature at offset 0 and ...
>
> uint16(0) == 0x5A4D and
>
> // ... PE signature at offset stored in MZ header at 0x3C
>
> uint32(uint32(0x3C)) == 0x00004550
>
> }
>
>
> Thanks,
>
> Jim
>
--
You received this message because you are subscribed to the Google Groups
"YARA" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to yara-project+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
