Adding a YARA rule that aims to catch payloads within the FileDataStoreObject header/footer offsets, that can serve as a template for anything else you might want to add. Learned a LOT by figuring out the looping logic of checking strings in sequences of arbitrary offsets.
Adding a YARA rule that aims to catch payloads within the FileDataStoreObject header/footer offsets, that can serve as a template for anything else you might want to add. Learned a LOT by figuring out the looping logic of checking strings in sequences of arbitrary offsets.