Skip to content

Comments

Remove too broad YARA rules for VMProtect packer detection.#778

Merged
s3rvac merged 1 commit intomasterfrom
bug-vmprotect-too-broad-patterns
Jun 2, 2020
Merged

Remove too broad YARA rules for VMProtect packer detection.#778
s3rvac merged 1 commit intomasterfrom
bug-vmprotect-too-broad-patterns

Conversation

@tamaroth
Copy link
Contributor

@tamaroth tamaroth commented Jun 2, 2020

These patterns are very common in regular files and do not indicate the presence of
VMProtect packer. In the cpdetect module there is a heuristic check that verifies the
same code alongside additional checks to ensure the detected packer is correct.

Remove too broad YARA rules for VMProtect packer detection.
1946523 
These patterns are very common in regular files and do not indicate the presence of
VMProtect packer. In cpdetect module there is a heuristic check that verifies the
same code alongside additional checks to ensure the detected packer is correct.
@tamaroth tamaroth requested a review from s3rvac June 2, 2020 09:25
@s3rvac
Copy link
Member

s3rvac commented Jun 2, 2020

Let's run TC tests.

s3rvac
s3rvac approved these changes Jun 2, 2020
View reviewed changes
Copy link
Member

@s3rvac s3rvac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All tests are passing -> merging. Thank you for the fix 👍

@s3rvac s3rvac merged commit 0fd0b6f into master Jun 2, 2020
@s3rvac s3rvac deleted the bug-vmprotect-too-broad-patterns branch June 2, 2020 11:54
s3rvac added a commit that referenced this pull request Jun 2, 2020
@s3rvac
Add a CHANGELOG entry for #778.
49ecfe7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@s3rvac s3rvac s3rvac approved these changes

Assignees

@s3rvac s3rvac

Labels

enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tamaroth @s3rvac