YARA

LSE top 100LSE top 100YARA (43)YARA (43)

Tool and Usage

Project details

License
BSD 3-clause
Programming language
C
Author
Victor M. Alvarez
Latest release
4.5.0
Latest release date

Project health

97
This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

YARA is a tool to identify and classify malware samples. It uses textual or binary patterns to match data, combined with a boolean expression to define a match. YARA is multi-platform, can be used via a command-line interface or via Python scripts using the yara-python extension.

How it works

YARA uses a language that is close to Perl regular expressions. The first step to let YARA recognize a particular file or pattern is by defining one or multiple textual or binary strings. Secondly, a logic tree is to be applied, stating when something should or should not match. For example, you can define three strings (A, B, C) and then tell YARA only to do a positive match if A and B are matched, but not C.

Usage and audience

YARA is commonly used for malware analysis, malware detection, or malware scanning. Target users for this tool are malware analysts, security professionals, and system administrators.

Features

  • Command line interface
  • Has bindings for multiple programming languages

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + More than 50 contributors
  • + More than 2000 GitHub stars
  • + The source code of this software is available

Author and Maintainers

YARA is under development by Victor M. Alvarez.

Installation

Supported operating systems

YARA is known to work on Linux, Microsoft Windows, and macOS.

YARA alternatives

Similar tools to YARA:

60

Malice

Malice is a malware analysis that wants to provide a free and open source version of VirusTotal. Read how the framework works in this review.

60

MultiScanner

MultiScanner is a modular file scanning and analysis framework. It can be used to scan files and detect malware or other suspicious traces. With the help of the modules, it can be extended to provide more details about a file.

78

SSMA

There are never enough tools to analyze malware, right? SSMA might be one of those tools that to add to your malware analysis toolbox.

All YARA alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.