feat: Added a basic C++ and MSVC detector yara signature

WerWolv · Feb 22, 2024 · e28b72e · e28b72e
1 parent daf007f
commit e28b72e
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/plugins/yara_rules/romfs/rules/language.yar b/plugins/yara_rules/romfs/rules/language.yar
@@ -0,0 +1,25 @@
+rule CppExecutable {
+    meta:
+        category = "Programming Language"
+        name = "C++"
+
+    strings:
+        $exception_windows = "_CxxThrowException" ascii fullword
+        $iostreams = "iostream" ascii
+        
+    condition:
+        any of them
+}
+
+rule CppMSVC {
+    meta:
+        category = "Compiler"
+        name = "MSVC"
+
+    strings:
+        $iostreams_mangled_name = "$basic_iostream@DU" ascii
+        $std_namespace = "@@std@@" ascii
+
+    condition:
+        any of them and CppExecutable
+}