Sure, I've been using it to unpack and handle config blocks from .NET binaries using this technique:
https://gist.github.com/wxsBSD/1e518cef545fee7bb991a9dc6c14a0f7 Substitute the dotnet module for the pe module and you will get access to all the information exposed via the PE module (you won't get things that require function calls like imports and exports though). -- WXS > On Mar 12, 2018, at 12:49 PM, Matan Bachar <matan...@gmail.com> wrote: > > Is there a way to get information about PE file using yara-python command > directly or indirectly? (section number,timestamp etc) > > -- > You received this message because you are subscribed to the Google Groups > "YARA" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to yara-project+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to yara-project+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
