YARA v4.0.0: BASE64 Strings

Published: 2020-05-10
Last Updated: 2020-05-10 12:21:40 UTC
by Didier Stevens (Version: 1)
0 comment(s)

YARA version 4.0.0 was released.

One of its new features that caught my eye, is base64 strings.

This is the example rule for the base64 modifier from YARA's documentation:

rule Base64Example1
{
    strings:
        $a = "This program cannot" base64

    condition:
        $a
}

This rule will search for ASCII strings that are possible BASE64-encodings of ASCII string "This program cannot".

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

Keywords: base64 yara
0 comment(s)

Comments


Diary Archives