diff options
Diffstat (limited to 'tools/yara2rost/demo.yar')
-rw-r--r-- | tools/yara2rost/demo.yar | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/tools/yara2rost/demo.yar b/tools/yara2rost/demo.yar new file mode 100644 index 0000000..081973f --- /dev/null +++ b/tools/yara2rost/demo.yar @@ -0,0 +1,27 @@ + +include "demobis.yar" + +import "modname" + + +private global rule Test : tag1 tag2 { + + meta: + desc_0 = "abc" + desc_1 = 123 + desc_2 = true + desc_3 = false + desc_z = "" + + strings: + $text = "value" + $text_b = "value" wide ascii fullword private xor(0x12) + $re = /hash: [0-9a-fA-F]{32}/ + $re_b = /hash: [0-9a-fA-F]{32}/ wide ascii nocase fullword private + $hex = { AA bb [2-4] 61 62 63 } + $hex_b = { AA bb [2-4] 61 62 63 } private + + condition: + filesize == 123 and entrypoint == 456 and for all of ($text*) : ( @ > @hex_b ) and any of them + +} |