secrary
commented
7 years ago Can you check Yara version?
yara --version
Your Yara has to support PE module.
Closed tehfcae closed 7 years ago
secrary
commented
7 years ago Can you check Yara version?
yara --version
Your Yara has to support PE module.
tehfcae
commented
7 years ago I have tried with Yara 3.4 and Yara 3.5
I went through and set pe to point to pefile, and I am still getting the error.
If it helps I also tried to manually run some of the attributes ( example: pe.entry_point) in python and got the error: module 'pe' has no attribute 'entry_point'
secrary
commented
7 years ago What OS are you using? Can you provide a screenshot of the error?
tehfcae
commented
7 years ago Ubuntu 16.04
tehfcae
commented
7 years ago I ended up rebuilding this VM due to a space issue and and new VM is working without any problems
Whenever I try to SSMA, most of it goes without issue, however, once it gets to the yara rules it fails. Regardless of if I try to re-download yara rules or not I get the error undefined identifier "pe" in rules/Packers/packer.yar.
I tried changing it be pefile, which I have installed, but it still fails with the same issue. Any suggestions?