karttoon / binsequencer Goto Github PK

BinSequencer is a script designed to find a common pattern of bytes within a set of samples and generate a YARA rule from the identified pattern.

Python 100.00%

binsequencer's People

Contributors

Stargazers

Watchers

Forkers

techlord-rce vominh2012 chaitanyaharitash bb33bb alchemycyberblaze trietptm-on-coding-algorithms alienzox

binsequencer's Issues

Failing with the -n flag

Hi!

I'm trying to create a YARA rule for a nonpe file and binsequencer is crashing:

[+] Generating YARA rule for matches off of bytes from gold - malware/d41532ae67394c2f158f943fcf9651b2
Traceback (most recent call last):
  File "binsequencer.py", line 1864, in <module>
    main()
  File "binsequencer.py", line 1858, in main
    data = gen_yara(data["gold"], data, hashes, args)
  File "binsequencer.py", line 1210, in gen_yara
    data = gen_nonpeyara(data, hash, args, hashes)
  File "binsequencer.py", line 1195, in gen_nonpeyara
    data = yara_disa(data, args, hashes, code_section, virt_addr, rule)
  File "binsequencer.py", line 931, in yara_disa
    keep_bytes = ((4 - (op.prefix).count(0)) + (4 - (op.opcode).count(0))) * 2
  File "/binsequencer/lib/python3.6/site-packages/capstone/__init__.py", line 674, in __getattr__
    raise CsError(CS_ERR_SKIPDATA)
capstone.CsError: Information irrelevant for 'data' instruction in SKIPDATA mode (CS_ERR_SKIPDATA)

It seems an issue with capstone, but I don't know if it can be fixed from your side :-) !!!

SKIPDATA issue for PEFiles

Hi!

seems this issue is related with the previous one #1

[+] Generating YARA rule for matches off of bytes from gold - malware/8db0d4d53c39a7d5d27617814c07693f311c500b9c791f55b2dc5d1ef5e3e570
Traceback (most recent call last):
  File "binsequencer.py", line 1867, in <module>
    main()
  File "binsequencer.py", line 1861, in main
    data = gen_yara(data["gold"], data, hashes, args)
  File "binsequencer.py", line 1208, in gen_yara
    data = gen_peyara(data, hash, args, hashes)
  File "binsequencer.py", line 1180, in gen_peyara
    data = yara_disa(data, args, hashes, code_section, virt_addr, rule)
  File "binsequencer.py", line 931, in yara_disa
    keep_bytes = ((4 - (op.prefix).count(0)) + (4 - (op.opcode).count(0))) * 2
  File "/usr/local/lib/python3.6/dist-packages/capstone/__init__.py", line 674, in __getattr__
    raise CsError(CS_ERR_SKIPDATA)
capstone.CsError: Information irrelevant for 'data' instruction in SKIPDATA mode (CS_ERR_SKIPDATA)

karttoon / binsequencer Goto Github PK

binsequencer's People

Contributors

Stargazers

Watchers

Forkers

binsequencer's Issues

Failing with the -n flag

SKIPDATA issue for PEFiles

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent