Fnord is a pattern extractor for obfuscated code. It has two main functions: Extract byte sequences and create some statistics Use these statistics, combine length, number of occurrences, similarity and keywords to create a YARA rule. Fnord processes the file with a sliding window of varying size to extract all sequences of with a minimum …
Continue reading “Fnord : Pattern Extractor for Obfuscated Code”