Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a support for pe module #230

Open
1 of 4 tasks
msm-code opened this issue Nov 24, 2021 · 0 comments
Open
1 of 4 tasks

Add a support for pe module #230

msm-code opened this issue Nov 24, 2021 · 0 comments
Labels
feature Add a new feature low priority Priority: low needs more design Non-trivial design issues invoved. Ask maintainers before working on

Comments

@msm-code
Copy link
Contributor

msm-code commented Nov 24, 2021
edited

Feature Category

  • Correctness
  • User Interface / User Experience
  • Performance
  • Other (please explain)

Describe the problem

Reported by a user: It's some organisations it's very common to use a pe module in Yara rules. Having a (limited) support for it would be great.

Describe the solution you'd like

This rule should be optimised by the backend:

import "pe"

rule single_section
{
    condition:
        pe.number_of_sections == 1
}

Describe alternatives you've considered

Teach users not to use pe or other auxiliary modules in their yara rules. It worked for all places I've worked at, but this makes life of researchers a bit more difficult.
@msm-code msm-code mentioned this issue Nov 30, 2021
Open
@msm-code msm-code added needs more design Non-trivial design issues invoved. Ask maintainers before working on low priority Priority: low feature Add a new feature labels Jan 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature Add a new feature low priority Priority: low needs more design Non-trivial design issues invoved. Ask maintainers before working on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@msm-code