用Python编写yara规则

时间:2016-05-09 14:44:38

标签: python malware yara

我一直在阅读文档,而且我一直在努力解决这个问题。翻译会有很大帮助。

我在网上看到了Yara的Perl规则示例:

rule BadBoy
{
strings:
 $a = "win.exe"
 $b = "http://foo.com/badfile1.exe"
 $c = "http://bar.com/badfile2.exe"
condition:
 $a and ($b or $c)
}

您如何在Python中编写和编译此规则?

1 个答案:

答案 0 :(得分:3)

从python首先需要$(function () { var startTime=new Date(); function display() { // later record end time var endTime = new Date(); // time difference in ms var timeDiff = endTime - startTime; // strip the miliseconds timeDiff /= 1000; // get seconds var seconds = Math.round(timeDiff % 60); // remove seconds from the date timeDiff = Math.floor(timeDiff / 60); // get minutes var minutes = Math.round(timeDiff % 60); // remove minutes from the date timeDiff = Math.floor(timeDiff / 60); // get hours var hours = Math.round(timeDiff % 24); // remove hours from the date timeDiff = Math.floor(timeDiff / 24); // the rest of timeDiff is number of days var days = timeDiff; return (days + " days, " + hours + ":" + minutes + ":" + seconds); } var settime=setInterval(function(){ var timeSpent=display(); $("#show").html(timeSpent); }, 1000); $('#myButton').click(function(){ clearInterval(settime); }); });

直接来自文档:

  

然后,您需要在将YARA规则应用于数据之前编译它们,然后可以从文件路径编译规则:

import yara

您可以为格式化规则传递文件名,也可以插入字符串进行编译。

对于传递字符串,必须使用字典结构,键是数据的命名空间,值是属性。

rules = yara.compile()