Mirrors/reversinglabs-reversinglabs-yara-rules
1
0
Fork 0
mirror of https://github.com/reversinglabs/reversinglabs-yara-rules synced 2026-06-11 03:01:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6 from NextronSystems/develop

Browse Source 
refactor: avoid using the elf module for performance reasons
This commit is contained in:
Tomislav Pericin
2023-02-10 11:32:59 +01:00
committed by GitHub
parent 4a8dc19225 f35aa86927
commit a8973f1cbd
1 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
yara/virus/Linux.Virus.Vit.yara
+2 -4
View File
@@ -1,5 +1,3 @@
import "elf"
rule Linux_Virus_Vit : tc_detection malicious rule Linux_Virus_Vit : tc_detection malicious
{ {
meta: meta:
@@ -32,5 +30,5 @@ rule Linux_Virus_Vit : tc_detection malicious
$vit_str = "vi324.tmp" $vit_str = "vi324.tmp"
condition: condition:
uint32(0) == 0x464C457F and $vit_entry_point at elf.entry_point and $vit_str uint32(0) == 0x464C457F and all of them
} }