Yara
Yara
http://plusvic.github.io/yara/
help to identify and classify malwares
YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic. This is useful in forensics analysis.
Complex and powerful rules can be created by using binary strings with wild-cards, case-insensitive text strings, special operators, regular expressions and many other features.
Are examples of the organizations and services using YARA:
- VirusTotal Intelligence (https://www.virustotal.com/intelligence/) - jsunpack-n (http://jsunpack.jeek.org/) - We Watch Your Website (http://www.wewatchyourwebsite.com/) - FireEye, Inc. (http://www.fireeye.com) - Fidelis XPS (http://www.fidelissecurity.com/network-security-appliance/ \ Fidelis-XPS)
The Volatility Framework is an example of the software that uses YARA.
Licensing
License
Verified by
Verified on
Notes
License
Verified by
Debian: Hilko Bengen <bengen@debian.org>
Verified on
30 August 2014
Notes
License: bsd-3-clause
License
Verified by
Debian: Hilko Bengen <bengen@debian.org>
Verified on
30 August 2014
Notes
License: apache-2.0
Leaders and contributors
Resources and communication
Audience | Resource type | URI |
---|---|---|
Debian (Ref) | https://tracker.debian.org/pkg/yara | |
Ruby (Ref) | https://rubygems.org/gems/yara | |
Python (Ref) | https://pypi.org/project/yara | |
Download | http://code.google.com/p/yara-project |
Software prerequisites
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.
The copyright and license notices on this page only apply to the text on this page. Any software or copyright-licenses or other similar notices described in this text has its own copyright notice and license, which can usually be found in the distribution or license text itself.