ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-12 01:58:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
981ffb27a8a166b51a06d57fce044ed1eaf1aa62
AFLplusplus/dictionaries/yara.dict
van Hauser afb81b8005 added lots of dictionaries
2020-05-16 11:17:36 +02:00

197 lines
2.7 KiB
Plaintext
Raw Blame History

# https://yara.readthedocs.io/en/latest/
# Keywords
"all"
"and"
"any"
"ascii"
"at"
"condition"
"contains"
"entrypoint"
"false"
"filesize"
"for"
"fullword"
"global"
"import"
"in"
"include"
"int16"
"int16be"
"int32"
"int32be"
"int8"
"int8be"
"matches"
"meta"
"nocase"
"not"
"of"
"or"
"private"
"rule"
"strings"
"them"
"true"
"uint16"
"uint16be"
"uint32"
"uint32be"
"uint8"
"uint8be"
"wide"
"xor"
# pe module
"\"pe\""
"pe.machine"
"pe.checksum"
"pe.calculate_checksum"
"pe.subsystem"
"pe.timestamp"
"pe.pointer_to_symbol_table"
"pe.number_of_sumbols"
"pe.size_of_optional_header"
"pe.pothdr_magic"
"pe.size_of_code"
"pe.size_of_initialized_data"
"pe.size_of_unnitialized_data"
"pe.entrypoint"
"pe.base_of_code"
"pe.base_of_data"
"pe.image_base"
"pe.section_alignment"
"pe.file_alignment"
"pe.win32_version_value"
"pe.size_of_image"
"pe.size_of_headers"
"pe.characteristics"
"pe.linker_version"
"pe.os_version"
"pe.image_version"
"pe.subsystem_version"
"pe.dll_characteristics"
"pe.size_of_stack_reserve"
"pe.size_of_stack_commit"
"pe.size_of_heap_reserve"
"pe.size_of_heap_commit"
"pe.loader_flags"
"pe.number_of_rva_and_sizes"
"pe.data_directories"
"pe.number_of_sections"
"pe.sections"
"pe.overlay"
"pe.number_of_resources"
"pe.resource_timestamp"
"pe.resource_version"
"pe.resources"
"pe.version_info"
"pe.number_of_signatures"
"pe.signatures"
"pe.rich_signature"
"pe.exports"
"pe.number_of_exports"
"pe.number_of_imports"
"pe.imports"
"pe.locale"
"pe.language"
"pe.imphash"
"pe.section_index"
"pe.is_dll()"
"pe.is_32bit()"
"pe.is_64bit()"
"pe.rva_to_offset"
# elf module
"\"elf\""
"elf.type"
"elf.machine"
"elf.entry_point"
"elf.number_of_sections"
"elf.sections"
"elf.number_of_segments"
"elf.segments"
"elf.dynamic_section_entires"
"elf.dynamic"
"elf.symtab_entries"
"elf.symtab"
# cuckoo module
"\"cuckoo\""
"cuckoo.network"
"cuckoo.registry"
"cuckoo.filesystem"
"cuckoo.sync"
# magic module
"\"magic\""
"magic.type()"
"magic.mime_type()"
# hash module
"\"hash\""
"hash.md5"
"hash.sha1"
"hash.sha256"
"hash.checksum32"
"hash.crc32"
# math module
"\"math\""
"math.entropuy"
"math.monte_carlo_pi"
"math.serial_correlation"
"math.mean"
"math.deviation"
"math.in_range"
"math.max"
"max.min"
# dotnet module
"\"dotnet\""
"dotnet.version"
"dotnet.module_name"
"dotnet.number_of_streams"
"dotnet.streams"
"dotnet.number_of_guid"
"dotnet.guids"
"dotnet.number_of_resources"
"dotnet.resources"
"dotnet.assembly"
"dotnet.number_of_modulerefs"
"dotnet.modulerefs"
"dotnet.typelib"
"dotnet.assembly_refs"
"dotnet.number_of_user_strings"
"dotnet.user_strings"
"dotnet.number_of_field_offsets"
"dotnet.field_offsets"
# time module
"\"time\""
"time.now()"
# misc
"/*"
"*/"
"//"
"$a="
"{a?}"
"[0-9]"
"{(0A|??)}"
"<<"
">>"
"#a"
"$a"
".."
"@a"
# regex
"*?"
"+?"
"??"
"{1,2}?"
Reference in New Issue View Git Blame Copy Permalink