A lot of false positives

[AmrThabet]

Hello,

I liked the idea of the tool very much but I'm asking if it could be extended to check also the generated strings among other clean files to exclude the widely used strings

So I can give an input for the mean malware samples directory and the clean files directory .. and then it generates all of the strings it can generate and excludes what's common with other clean samples

I think in this situation it will be really useful

[Maijin]

@AmrThabet if you look at the source code you'll see that https://github.com/Xen0ph0n/YaraGenerator/tree/master/modules are implemented for this purpose => https://github.com/Xen0ph0n/YaraGenerator/blob/master/modules/exe_blacklist.txt

[AmrThabet]

Yes I know .. I looked on it .. but still there's a lot of strings that still not included .. and that's will continue .. so I think it could be more useful if we have a more accurate option if we need

so if we need more accurate results so we can have an option to skip some strings that's not in exe blacklist but still common in clean samples and so on

because sometimes some malwares uses libraries like openssl or crypto libraries and it's static linked library so we need to skip them and skip their strings

[LittleHann]

is there elf_blacklist?