Skip to content

YARA v4.3.0

Compare
Choose a tag to compare
@plusvic plusvic released this 27 Mar 14:36
· 172 commits to master since this release
  • Added a not operator for bytes in hex strings. Example: {01 ~02 03} (#1676).
  • for statement can iterate over sets of literal strings (e.g. for any s in ("a", "b"): (pe.imphash() == s)) (#1787).
  • of statement can be used with at (e.g. any of them at 0) (#1790).
  • Added the --print-xor-key (-X in short form) command-line option that prints the XOR key for xored strings (#1745).
  • Implement the --skip-larger command-line option in Windows (#1678).
  • Add parsing of .NET user types from .NET metadata stream in "dotnet" module (#1605).
  • Improve certificate parsing and validation in "pe" module (#1623).
  • Add telfhash() function to "elf" module (#1624).
  • Add to_int() and to_string() functions to "math" module (#1767).
  • Improve error reporting on certain edge cases (#1709, #1722).
  • BUGFIX: Fix multiple memory alignment issues causing crashes in non-x86 platforms (#1724).
  • BUGFIX: Fix implementation of math.serial_correlation(#1771).
  • BUGFIX: Fix infinite recursion in dotnet module (#1794).
  • BUGFIX: Fix SIGFPE when dividing INT64_MIN by -1 (c2557fc).
  • BUGFIX: Fix several endianess issues (#1884, #1874, #1855).

Thanks to @shanehuntley, @1ndahous3, @HoundThe, @wxsBSD, @vthib, @eeyss01.