Skip to content

Commit

Permalink
Update reference-analysis-tools-strings.yml
Browse files Browse the repository at this point in the history 
fix 2 problems:

1. fix false positive by not hitting, if there was a word character before `ida`:
```
regex: /ida[gqtuw]?(\.exe)?$/i
- "@.didat" @ file+0x2F7

405d4c2ef7419bf265edef0fe86c8ba1ed634b10dccaaa0a6c6b953645598619
```

2. regex didn't match ida64.exe because it required one of the characters in the brackets.
  • Loading branch information
@ruppde
ruppde committed Dec 13, 2023
1 parent 57b3911 commit d2bc78f
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions anti-analysis/reference-analysis-tools-strings.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,8 @@ rule:
- string: /procmon(\.exe)?/i
- string: /regmon(\.exe)?/i
- string: /procexp(\.exe)?/i
- string: /ida[gqtuw]?(\.exe)?$/i
- string: /ida[gqtuw]64(\.exe)?$/i
- string: /(?<!\w)ida[gqtuw]?(\.exe)?$/i
- string: /ida[gqtuw]?64(\.exe)?$/i
- string: /ImmunityDebugger(\.exe)?/i
- string: /Wireshark(\.exe)?/i
- string: /dumpcap(\.exe)?/i
Expand Down

0 comments on commit d2bc78f

Please sign in to comment.