# virustotal/yara

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/virustotal-yara).**

9,420 stars · 1,552 forks · C · bsd-3-clause

## Links

- GitHub: https://github.com/VirusTotal/yara
- Homepage: https://virustotal.github.io/yara/
- awesome-repositories: https://awesome-repositories.com/repository/virustotal-yara.md

## Topics

`yara`

## Description

YARA is a pattern matching engine and binary analysis tool used to identify and classify malware samples. It functions as a malware research framework that allows for the definition of file descriptions and detection rules to find indicators of compromise within binaries.

The system enables the creation of custom detection rules using strings, wildcards, and regular expressions. These rules use boolean logic to match textual or binary patterns, allowing for the classification of files into specific malware families and the automation of threat intelligence.

The engine utilizes Aho-Corasick string matching and a regular expression engine to scan files. It processes data via buffer-based stream processing and transforms human-readable rules into a bytecode format for execution.

## Tags

### Security & Cryptography

- [Malware Research Frameworks](https://awesome-repositories.com/f/security-cryptography/malware-research-frameworks.md) — Functions as a comprehensive framework for defining file descriptions and detection rules used in malware research.
- [Pattern Matching Engines](https://awesome-repositories.com/f/security-cryptography/pattern-matching-engines.md) — An engine that scans files for specific strings, regular expressions and binary sequences based on custom rules.
- [Binary Pattern Matching](https://awesome-repositories.com/f/security-cryptography/binary-pattern-matching.md) — Searches through executable files for specific byte sequences to identify software versions or hidden threats.
- [Custom Detection Rules](https://awesome-repositories.com/f/security-cryptography/custom-detection-rules.md) — Enables the creation of custom detection rules using strings, wildcards, and regular expressions. ([source](https://cdn.jsdelivr.net/gh/virustotal/yara@master/README.md))
- [Malware Analysis](https://awesome-repositories.com/f/security-cryptography/malware-analysis.md) — Provides tools for analyzing suspicious files and categorizing threats by applying complex rule sets.
- [Malware Analysis Tools](https://awesome-repositories.com/f/security-cryptography/malware-analysis-tools.md) — Provides a specialized tool for identifying and classifying malware samples using boolean logic.

### Part of an Awesome List

- [Malware Detection Rules](https://awesome-repositories.com/f/awesome-lists/security/malware-detection-rules.md) — Classifies files by matching patterns and regular expressions against a set of predefined rules. ([source](https://yara.readthedocs.org/))
- [Sample Classification](https://awesome-repositories.com/f/awesome-lists/security/malware-detection-rules/sample-classification.md) — Identifies known malware families by matching files against specific textual and binary patterns.
- [Learning and Reference](https://awesome-repositories.com/f/awesome-lists/learning/learning-and-reference.md) — The official YARA pattern matching engine.
- [Security Tools](https://awesome-repositories.com/f/awesome-lists/security/security-tools.md) — Pattern matching tool for malware identification.
- [Threat Intelligence](https://awesome-repositories.com/f/awesome-lists/security/threat-intelligence.md) — Identifies and classifies malware using pattern matching.

### Operating Systems & Systems Programming

- [Binary Analysis Tools](https://awesome-repositories.com/f/operating-systems-systems-programming/binary-analysis-capabilities/binary-analysis-tools.md) — Provides a utility for inspecting the contents of binaries to find indicators of compromise.

### Data & Databases

- [Memory-Efficient Data Streaming](https://awesome-repositories.com/f/data-databases/data-processing-pipelines/stream-processing-systems/stream-processing/memory-efficient-data-streaming.md) — Processes large binaries in memory-efficient chunks to prevent system memory overload during scans.

### Programming Languages & Runtimes

- [Bytecode Compilation](https://awesome-repositories.com/f/programming-languages-runtimes/bytecode-compilation.md) — Transforms human-readable rule definitions into a compact binary bytecode format for high-performance execution.
- [Regular Expression Engines](https://awesome-repositories.com/f/programming-languages-runtimes/regular-expression-engines.md) — Integrates a regular expression engine to perform flexible pattern matching against binary and text data.

### Scientific & Mathematical Computing

- [Rule Evaluation Engines](https://awesome-repositories.com/f/scientific-mathematical-computing/numerical-mathematical-foundations/arithmetic-number-types/multiplication-algorithms/number-theory-algorithms/boolean-logic-evaluators/rule-evaluation-engines.md) — Combines multiple pattern matches using boolean logic to determine if a file satisfies a complex detection rule.

### Software Engineering & Architecture

- [Multi-Pattern Matching Algorithms](https://awesome-repositories.com/f/software-engineering-architecture/string-matching-algorithms/multi-pattern-matching-algorithms.md) — Implements the Aho-Corasick algorithm for simultaneous multi-pattern string matching to ensure linear time scanning.