Hi everyone I have a pdf file word1.pdf which include hello_1234 and some other text. I want to detect all pdf file having string hello-1234. But the yara rule doesn't detect pdf with hello wird but it works for txt file.
My yara rule is
Rule example1{
Strings:
$Str1 = {25 50 44 46} // for pdf
detection
$str2 = "hello-1234" // string in pdf
//$str2 = /hello-\d{4}/ // regex for string detection
Condition:
$str1 and $str2
}
Cmd command
Yara64 filename.yara C:/directory of pdf files.
Output
Dose not gives any output