Not sure where you got "pilot.dll" from but the file you referenced has one
export by name and that is MSOProtect.
-- WXS
> On Jun 26, 2019, at 7:04 PM, Schrodinger wrote:
>
> Doesn't seem to work for me. Just trying a simple rule.
>
> import "pe"
>
> rule export_name
> {
> condition:
>
Doesn't seem to work for me. Just trying a simple rule.
import "pe"
rule export_name
{
condition:
uint16(0) == 0x5A4D
and
pe.exports("pilot.dll")
}
Sample I tested with d5c679df69751936d0fa380f2e4bf017 can provide the
sample if you need.
Cheers.
On Wednesday, June