m4b
commented
1 year ago Seems reasonable to me, would you like to make a PR adding this? (ideally backwards compatible/non breaking) :)
Open theflakes opened 1 year ago
m4b
commented
1 year ago Seems reasonable to me, would you like to make a PR adding this? (ideally backwards compatible/non breaking) :)
theflakes
commented
1 year ago I can try at some point but its beyond my capabilities unfortunately. When I get some more time, I'll keep digging into it. Thanks
MS doc: https://learn.microsoft.com/en-us/windows/win32/menurc/string-str?redirectedfrom=MSDN Yara rule support for field: https://yara.readthedocs.io/en/v3.2.0/modules/pe.html
This is a useful field in threat hunting and forensics in general.
thanks