Search the Community
Showing results for tags 'fnord'.
-
Fnord is a pattern extractor for obfuscated code Description Fnord has two main functions: Extract byte sequences and create some statistics Use these statistics, combine length, number of occurrences, similarity and keywords to create a YARA rule 1. Statistics Fnord processes the file with a sliding window of varying size to extract all sequences of with a minimum length -m X (default: 4) up to a maximum length -x X (default: 40). For each length, Fnord will present the most frequently occurring sequences -t X (default: 3) in a table. Each line in the table contains: Length Number of occurrences Sequence (string) Formatted (ascii/wide/hex) Hex encoded form Entropy [HIDE][Hidden Content]]