Quote:
Originally Posted by sh3dow
Install Requests library.
PHP Code:
python -m pip install requests
|
I have tried to install the requests on different WinOS without success.
In the meantime, I’ve spent some time reading different papers on the strength of Yara and decided to try to write some rules for OnGuard, Matrix Decryption and TRegware for the start.
It was during this time that I realized for the first time that x64Dbg at least up to the snapshot from March, 28 2019 had Yara implemented as dll.
So I decided to test my attempts of the yara rules in it.
It worked most of the times in x64Dbg if I don’t use the “pe” and “math” options in the rules, which I needed, to limit the scanning only to MZ header files.
Also the version in x64Dbg only scans the file in its current active CPU, even if you select a different directory to scan, and this I presume could be the reason the "pe" option fails.
So in the end I was able to write - thanks to some code snippets from the net - a wrapper in classic VB to execute and capture the result of the console version of the latest compiled yara32.
Tries were made with single files as well as nested folders with pretty decent results in timing and hits in the results I have added rules of the signatures of these three modules to the “crypto_signatures.yara” found example @
https://github.com/Yara-Rules/rules/tree/master/crypto