+4Hi All,
IS it possible to convert BYTE to a STRING in Yara L.
Getting error :- Validating intermediate representation: expect type [string], got type bytes for "Factory(e.udm.principal.process.commmand_line)
Use case convert input hex string to base64 and base64 to readable format
Best answer by jstoner
Based on the screenshot and what you are looking to do, I'm not sure if you need to do that.
The process.command_line field is a string so even if there is hex within it, you would need to break it out into a placeholder variable before running an conversions on it. Below is a blog where i use base64 decode with encoded powershell but i also use re.regex in this example to extract the base64 and then decode it.
+23Based on the screenshot and what you are looking to do, I'm not sure if you need to do that.
The process.command_line field is a string so even if there is hex within it, you would need to break it out into a placeholder variable before running an conversions on it. Below is a blog where i use base64 decode with encoded powershell but i also use re.regex in this example to extract the base64 and then decode it.
+4@jstoner Thanks for the links , The below approach works if anything is HEX need to converted redable format or to use in filter condition
Example
Input string => "E4B88AE6B5B72BE4B8ADE59C8B"
Expected output string => "%E4%B8%8A%E6%B5%B7%2B%E4%B8%AD%E5%9C%8B"
$command_line = strings.url_decode(re.replace($e.principal.process.command_line, /(..)/, /%\\1/))
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
