Not sure where you got "pilot.dll" from but the file you referenced has one export by name and that is MSOProtect.
-- WXS > On Jun 26, 2019, at 7:04 PM, Schrodinger <[email protected]> wrote: > > Doesn't seem to work for me. Just trying a simple rule. > > import "pe" > > rule export_name > { > condition: > uint16(0) == 0x5A4D > and > pe.exports("pilot.dll") > } > > Sample I tested with d5c679df69751936d0fa380f2e4bf017 can provide the sample > if you need. > > Cheers. > > On Wednesday, June 26, 2019 at 2:00:47 AM UTC+1, Wesley Shields wrote: > For now you can do: pe.exports("pilot.dll"). > > -- WXS > > > On Jun 25, 2019, at 6:21 PM, Schrodinger <[email protected]> wrote: > > > > Hi everyone, > > > > I was wondering if there is a way to perform matching on the name in the > > DIRECTORY_ENTRY_EXPORT in a Portable Executable. Example from the Python > > pefile module: > > > > In [32]: pe.DIRECTORY_ENTRY_EXPORT.name > > Out[32]: 'pilot.dll' > > > > Cheers, > > Schrodinger. > > > > -- > > You received this message because you are subscribed to the Google Groups > > "YARA" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > To view this discussion on the web visit > > https://groups.google.com/d/msgid/yara-project/2f7a4837-7ce7-430f-a826-0bde055170af%40googlegroups.com. > > > > For more options, visit https://groups.google.com/d/optout. > > > -- > You received this message because you are subscribed to the Google Groups > "YARA" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/yara-project/0ddcbcce-328e-4535-8e3f-f90b61616cd0%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/yara-project/D396795E-598D-4087-9117-33CB2B670390%40gmail.com. For more options, visit https://groups.google.com/d/optout.
