Closed zagge-cgeo closed 8 months ago
Describe the bug When scanning the sample 601ef2a4cdbb757050f33f8ebcb0ef642025a89f8ae5eca988722cc073266001 with the following rule
import "pe" rule peHang { condition: pe.imphash() == "00000000000000000000000000000000" }
it takes 7 minutes to finish on my i7-8565U. Setting a timeout on yara with -a does not stop yara after the timeout.
Trying to calculate the imphash with pefile.get_imphash() returns instantly without giving back a imphash. On vt the sample is marked as corrupt.
To Reproduce yara -a 10 rule_from_above.yar 601ef2a4cdbb757050f33f8ebcb0ef642025a89f8ae5eca988722cc073266001 This takes 7 minutes to finish
yara -a 10 rule_from_above.yar 601ef2a4cdbb757050f33f8ebcb0ef642025a89f8ae5eca988722cc073266001
Expected behavior Scan should finish in a few seconds.
Please complete the following information:
Describe the bug When scanning the sample 601ef2a4cdbb757050f33f8ebcb0ef642025a89f8ae5eca988722cc073266001 with the following rule
import "pe" rule peHang { condition: pe.imphash() == "00000000000000000000000000000000" }it takes 7 minutes to finish on my i7-8565U. Setting a timeout on yara with -a does not stop yara after the timeout.
Trying to calculate the imphash with pefile.get_imphash() returns instantly without giving back a imphash. On vt the sample is marked as corrupt.
To Reproduce
yara -a 10 rule_from_above.yar 601ef2a4cdbb757050f33f8ebcb0ef642025a89f8ae5eca988722cc073266001This takes 7 minutes to finishExpected behavior Scan should finish in a few seconds.
Please complete the following information: