Last Updated: 2020-05-10 12:21:40 UTC
by Didier Stevens (Version: 1)
One of its new features that caught my eye, is base64 strings.
This is the example rule for the base64 modifier from YARA's documentation:
$a = "This program cannot" base64
This rule will search for ASCII strings that are possible BASE64-encodings of ASCII string "This program cannot".