Yara is not correctly parsing PE metadata for MSHTA.EXE (e616c5ce71886652c13e2e1fa45a653b44d492b054f16b15a38418b8507f57c7), including not correctly identifying VersionInfo data and signatures.
To Reproduce
Run the following Yara rules against e616c5ce71886652c13e2e1fa45a653b44d492b054f16b15a38418b8507f57c7.
Describe the bug
Yara is not correctly parsing PE metadata for MSHTA.EXE (
e616c5ce71886652c13e2e1fa45a653b44d492b054f16b15a38418b8507f57c7
), including not correctly identifying VersionInfo data and signatures.To Reproduce
Run the following Yara rules against
e616c5ce71886652c13e2e1fa45a653b44d492b054f16b15a38418b8507f57c7
.Expected behavior
The rules to match
Screenshots
N/A
Please complete the following information:
(issue is also present in the version of Yara used by VirusTotal)
Additional context
N/A