Designed by | Victor Alvarez |
---|---|
First appeared | 2013 |
Stable release | 4.5.1
[1]
![]() |
Filename extensions | .yara |
Website |
virustotal |
YARA is a tool primarily used in malware research and detection.
It provides a rule-based approach to create descriptions of malware families based on regular expression, textual or binary patterns. A description is essentially a YARA rule name, where these rules consist of sets of strings and a Boolean expression. [2]
YARA was originally developed by Victor Alvarez of VirusTotal and released on GitHub in 2013. [3] The name is an abbreviation of YARA: Another Recursive Acronym or Yet Another Ridiculous Acronym. [4]
YARA by default comes with modules to process PE, ELF analysis, as well as support for the open-source Cuckoo sandbox.
Designed by | Victor Alvarez |
---|---|
First appeared | 2013 |
Stable release | 4.5.1
[1]
![]() |
Filename extensions | .yara |
Website |
virustotal |
YARA is a tool primarily used in malware research and detection.
It provides a rule-based approach to create descriptions of malware families based on regular expression, textual or binary patterns. A description is essentially a YARA rule name, where these rules consist of sets of strings and a Boolean expression. [2]
YARA was originally developed by Victor Alvarez of VirusTotal and released on GitHub in 2013. [3] The name is an abbreviation of YARA: Another Recursive Acronym or Yet Another Ridiculous Acronym. [4]
YARA by default comes with modules to process PE, ELF analysis, as well as support for the open-source Cuckoo sandbox.