这是一个用于演示比较字符串之间相对偏移的YARA rule.
rule IsPEFile
{
strings:
$mz = "MZ"
$pe = "PE"
condition:
$mz and $pe and for any of ($pe*) : ( @ > @mz and @ < @mz+0x130 )
}这是一个用于演示比较字符串之间相对偏移的YARA rule.
rule IsPEFile
{
strings:
$mz = "MZ"
$pe = "PE"
condition:
$mz and $pe and for any of ($pe*) : ( @ > @mz and @ < @mz+0x130 )
}