Detect-It-Easy

mirror of https://github.com/horsicq/Detect-It-Easy.git synced 2026-06-24 01:54:08 +00:00

History

DosX 169eec8e54 Add PE security/trust anomaly YARA rules Introduce two YARA rules to detect PE signature/trust anomalies under a new section: Anomaly__AuthenticodeCorrupt (flags a present security directory with size smaller than a minimal PKCS#7 structure, ~8 bytes) and Anomaly__SecurityDirPointsBeyondFile (flags when the security directory offset + size exceeds the file size, indicating appended or corrupt data). Both rules target PE files and inspect pe.data_directories[4].		2026-04-10 16:41:50 +03:00
..
crypto_signature.yar	Style: unify rule brace placement in YARA files	2026-02-23 12:44:03 +03:00
DiE_BasicHeuristics_by_DosX.yar	Rename and updateYARA rules	2025-09-22 00:30:45 +03:00
DiE_EnhancedHeuristics_by_DosX.yar	Add PE security/trust anomaly YARA rules	2026-04-10 16:41:50 +03:00
DiE_InterestingThings_by_DosX.yar	Add rule for Microsoft Linker detection	2025-11-02 22:02:00 +03:00
malware_analisys.yar	Add initial YARA rules for malware and crypto detection	2025-09-19 18:58:32 +03:00
packer.yar	Style: unify rule brace placement in YARA files	2026-02-23 12:44:03 +03:00
packer_compiler_signatures.yar	Style: unify rule brace placement in YARA files	2026-02-23 12:44:03 +03:00
peid.yar	Remove ': PEiD' specifiers from YARA rules	2026-02-23 12:35:20 +03:00