linked against Go registry library

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: linked against Go registry library
    namespace: host-interaction/registry
    authors:
      - joakim@intezer.com
    description: Uses a Go library for interacting with the Windows registry.
    scopes:
      static: file
      dynamic: file
    references:
      - https://github.com/golang/sys
  features:
    - and:
      - match: compiled with Go
      - or:
        - string: "golang.org/x/sys/windows/registry.Key.Close"
        - string: "github.com/golang/sys/windows/registry.Key.Close"

last edited: 2023-11-24 10:34:28