Comments (1)
This is a VirusTotal-specific issue not directly related to YARA itself, but let me address it here anyways. That's the expected behaviour, because the Base64_Encoded_URL
rule doesn't take into account if files are signed or not. The rule is designed to match files that have some base64 encoded URL, even if the file is signed.
When a file matches this rule it doesn't mean that file is malicious, it only means that the file contains a base64-encoded URL. This is an uncommon trait in non-malware files, but it may happen. The rule itself has a comment that says:
This signature fires on the presence of Base64 encoded URI prefixes (http:// and https://) across any file. The simple presence of such strings is not inherently an indicator of malicious content, but is worth further investigation.
from yara.
Related Issues (20)
- Test Failure - test-rules: Assertion failed: status == SIGALRM (tests/test-rules.c: test_process_scan: 3524) HOT 1
- Test Failure - test-pe: tests/test-pe.c:292: rule does not match contents of'tests/data/ HOT 5
- WebsitePIIdisclosure var account_ID:660544 CWE:359 audit logs setup-20230927
- [Yara 4.5.0][Build error] --- pread64 not found on Alpine Linux HOT 5
- error: unknown module "lnk" HOT 1
- PE signatures and other details incorrectly parsed HOT 1
- I have a question about the order in which internal rules are parsed HOT 2
- Support chi2 algorithm in math library
- GUID mismatch in dotnet module
- Using YARA scanning process in a container led to OOM due to the generation of a large amount of cache. HOT 1
- Windows Defender detects YARA as Malware!! HOT 1
- Assert thrown for PE module in debug
- False negative with certain hex patterns
- Problem while using scanner with libyara in C++ HOT 2
- Add libyara.lib in the windows builds of the ci
- ERROR_TOO_MANY_SCAN_THREADS HOT 1
- Alignment in 32-bits. Again
- Add Support for Scanning Windows 64-bit process from 32-bit Processes in YARA HOT 3
- Ruby yara-ffi and virustotal yara release 4.5.0 HOT 1
- Build fails for Ubuntu 22.04 HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from yara.