Legacy variables
Legacy variables (deprecated)
YARA offers a mechanism for defining custom variables that has been used in Livehunt for providing additional information about the file being scanned. These variables are now deprecated in favor of our vt, they will continue to work as always for backward compatibility. You can find list of variables defined by Livehunt below, but we highly encourage you to start using the vt module instead.
| Deprecated Variable | vt.metadata mapping | |
|---|---|---|
| file_name | vt.metadata.file_name | |
| file_type | vt.metadata.file_type | string becomes a reference, to replicate previous functionality for "doc" you could use vt.FileType.DOC |
| imphash | vt.metadata.imphash | |
| md5 | vt.metadata.md5 | |
| new_file | vt.metadata.new_file | |
| positives | vt.metadata.analysis_stats.malicious | |
| sha256 | vt.metadata.sha256 | |
| sha1 | vt.metadata.sha1 | |
| signatures | vt.metadata.signatures | string becomes a dictionary, to replicate previous functionality you could use: for any engine, signature in vt.metadata.signatures : ( signature contains "x") |
| submissions | vt.metadata.times_submitted | |
| ssdeep | vt.metadata.ssdeep | |
| tags | vt.metadata.tags | string becomes a dictionary, to replicate previous functionality you could use: for any tag in vt.metadata.tags : ( tag == "signed" ) |
| vhash | vt.metadata.vhash |
Updated 26 days ago