search

Yara-Rules / rules

Repository of yara rules
GNU General Public License v2.0
4.2k stars 1.01k forks source link

Rule contradiction #358

Closed Inndy closed 3 years ago

Inndy commented 5 years ago

https://github.com/Yara-Rules/rules/blob/76d87e8fb225d2e0bacd76bb00e5c796467f8d7c/malware/TOOLKIT_Chinese_Hacktools.yar#L1693

This rule will match nothing because of contradiction.

Xumeiquer commented 4 years ago

Totally agree, two different conditions at offset 0x0 cannot be never true.

Xumeiquer commented 3 years ago

This rule was created by https://github.com/Neo23x0 so it may be worth to ask him about it.