invalid field name "imphash" and invalid field name "number_of_signatures"
resteex0 opened this issue · 3 comments
[ERROR] Error while initializing Yara rule apt_oilrig_oct17.yar ERROR: line 107: invalid field name "imphash"
Traceback (most recent call last):
File "/home/geo/Loki/loki.py", line 1126, in initialize_yara_rules
compiledRules = yara.compile(source=yara_rule_data, externals={
yara.SyntaxError: line 107: invalid field name "imphash"
[ERROR] Error while initializing Yara rule blocklist.yara ERROR: line 6931: invalid field name "number_of_signatures"
Traceback (most recent call last):
File "/home/geo/Loki/loki.py", line 1126, in initialize_yara_rules
compiledRules = yara.compile(source=yara_rule_data, externals={
yara.SyntaxError: line 6931: invalid field name "number_of_signatures"
[ERROR] Error while initializing Yara rule apt_bigbang.yar ERROR: line 26: invalid field name "imphash"
Traceback (most recent call last):
File "/home/geo/Loki/loki.py", line 1126, in initialize_yara_rules
compiledRules = yara.compile(source=yara_rule_data, externals={
yara.SyntaxError: line 26: invalid field name "imphash"
[ERROR] Error while initializing Yara rule apt_babyshark.yar ERROR: line 19: invalid field name "imphash"
Traceback (most recent call last):
File "/home/geo/Loki/loki.py", line 1126, in initialize_yara_rules
compiledRules = yara.compile(source=yara_rule_data, externals={
yara.SyntaxError: line 19: invalid field name "imphash"
[ERROR] Error while initializing Yara rule apt_op_honeybee.yar ERROR: line 64: invalid field name "imphash"
Traceback (most recent call last):
File "/home/geo/Loki/loki.py", line 1126, in initialize_yara_rules
compiledRules = yara.compile(source=yara_rule_data, externals={
yara.SyntaxError: line 64: invalid field name "imphash"
am already pip3 install pefile
and pip3 install pe
Better use THOR Lite
https://www.nextron-systems.com/thor-lite/
If you still want to use LOKI, you have to install openssl-dev before compiling YARA
install openssl-dev , not solved laso