Yara | Awesome Repository

YARA is a pattern matching engine and binary analysis tool used to identify and classify malware samples. It functions as a malware research framework that allows for the definition of file descriptions and detection rules to find indicators of compromise within binaries.

The system enables the creation of custom detection rules using strings, wildcards, and regular expressions. These rules use boolean logic to match textual or binary patterns, allowing for the classification of files into specific malware families and the automation of threat intelligence.

The engine utilizes Aho-Corasick string matching and a regular expression engine to scan files. It processes data via buffer-based stream processing and transforms human-readable rules into a bytecode format for execution.

Features

Malware Research Frameworks - Functions as a comprehensive framework for defining file descriptions and detection rules used in malware research.
Pattern Matching Engines - An engine that scans files for specific strings, regular expressions and binary sequences based on custom rules.
Malware Detection Rules - Classifies files by matching patterns and regular expressions against a set of predefined rules.
Sample Classification - Identifies known malware families by matching files against specific textual and binary patterns.

Features

Malware Research Frameworks - Functions as a comprehensive framework for defining file descriptions and detection rules used in malware research.
Pattern Matching Engines - An engine that scans files for specific strings, regular expressions and binary sequences based on custom rules.
Malware Detection Rules - Classifies files by matching patterns and regular expressions against a set of predefined rules.
Sample Classification - Identifies known malware families by matching files against specific textual and binary patterns.