Hi,
I am trying to do a heuristic based detection of malware samples using YARA
and got stuck when i need to add up total number of occurrences of set of
strings to detect the sample,
For example, say i have a rule like this,
*rule Malware_Detection : file*
*{*
* meta:*
* author = "Raghvendra"*
* version = "0.1"*
* description = "Detecting malwares using heuristics"*
* strings:*
* $str1= "alice" nocase*
* $str2="bob" nocase*
* $str3="intruder" nocase*
* condition:*
* need to write*
*}*
what i am trying to achieve is, if the total number of occurrences of any
or combination of strings is greater than 20 then yara engine should
trigger. So, in sample $str1 could get match 20 times so yara should
trigger, in sample $str1(15 times) and $str2(5 times) could get match so
yara should trigger etc. The combination of string matching could be
anything but it should be equal to 20.
Is there anyway to implement it in yara?
Thanks,
--Raghvendra
--
You received this message because you are subscribed to the Google Groups
"YARA" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
