Merge pull request #25 from Gurummang/develop

fix: add missing_certificate

Author: buubb

rules/exe/executable/grum_custom_rule/suspicious_pe.yar renamed to rules/exe/executable/ransomware/suspicious_pe.yar

@@ -24,6 +24,17 @@ rule EntryPointZero
         pe.entry_point == 0x0
 }
 
+rule missing_certificate
+{
+    meta:
+        atk_type= "missing_certificate"
+        description = "Detects PE files that do not have a digital signature"
+    condition:
+        uint16(0) == 0x5A4D and         
+        pe.is_pe and                     
+        pe.number_of_signatures == 0    
+}
+
 rule SectionSizeGreaterThanImageSize
 {
     meta: