Closed joanbono closed 7 years ago
Added png.yar into files/png.yar
png.yar
files/png.yar
/* Author: Joan Bono <@joan_bono> */ rule png_magic: PNG { meta: author = "Joan Bono" strings: $a = { 89 50 4E 47 0D 0A 1A 0A } $b = { 49 48 44 52 } $c = { 49 44 41 54 } $d = { 49 45 4E 44 } condition: $a at 0 and for any of ($b, $c): (@ > @a) and $d }
jbono@MacBook [~/Git/yara-forensics/file]> yara png.yar ~/Desktop/test1.png png_magic /Users/jbono/Desktop/test1.png
Added MNG and JNG support, will open other PR
Info
Added
png.yar
intofiles/png.yar
Testing