hex strings longer than 6000 in clamsrch.yara cause yara to fail

decalage2 / balbuzard

Balbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns.

http://www.decalage.info/python/balbuzard

128 stars 27 forks source link

hex strings longer than 6000 in clamsrch.yara cause yara to fail #10

Open apolkosnik opened 6 years ago

apolkosnik commented 6 years ago

See https://github.com/VirusTotal/yara/issues/688

DigiAngel commented 5 years ago

Same...unable to use this on say a PE file.