[Forensics-changes] [yara] 267/368: pe: '-' is a valid character for a DLL name.
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:30:46 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.5.0
in repository yara.
commit da6790b0b2d0896a4857ba193ad71b2990e47b79
Author: Hilko Bengen <bengen at hilluzination.de>
Date: Sat Apr 30 13:55:07 2016 +0200
pe: '-' is a valid character for a DLL name.
Examples:
VirusShare_00000/VirusShare_0e2b17078a87a93c599d07e43181b912:
- cygcrypt-0.dll
VirusShare_00000/VirusShare_4ae29df7f2d8abf75ba65ab6a2c62634:
- libgdk_pixbuf-2.0-0.dll
- libglib-2.0-0.dll
- libgobject-2.0-0.dll
- libpango-1.0-0.dll
- libpangowin32-1.0-0.dll
---
libyara/modules/pe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index 722f4f3..8171049 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -1041,7 +1041,7 @@ int pe_valid_dll_name(
if ((*c >= 'a' && *c <= 'z') ||
(*c >= 'A' && *c <= 'Z') ||
(*c >= '0' && *c <= '9') ||
- (*c == '_' || *c == '.'))
+ (*c == '_' || *c == '.' || *c == '-'))
{
c++;
l++;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list