Detect pyArmor obfuscation

[christophetd]

e.g. https://github.com/tucommenceapousser/CVE-2023-24489-PoC/blob/34a1ef0eba9bec14067efdd255680b028d954432/CVE-2023-24489-RCE.py

perhaps just "very long hex string" is good enough and more generic than matching on a pyarmor import?

[kam193]

You can think about using this Yara rule: https://unprotect.it/detection-rule/yara_susp_obf_pyarmor/ The downside: it also matches PyArmor package itself