legal contact rss
 

yara - the swiss knife

YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns.

Basically, this is a snort like search tool for binary patterns.

David French (sen. Malware Researcher) has done a very good article on how to write effective YARA signatures.

Some yara sample pattern files can be found at malwareconfig.com.