Forem

AJ
AJ

Posted on

1

Yara

Yara

Yara rule is a way of identifying malware samples based on if it matches a condition we specified.

Yara identifies malware based on binary and texual patterns in files which they usually contain hexa decimal and strings

Image description

Yara usually consist of the following

  • Meta —> This section stored information related to author, description of the rule,, date, reference
  • String —> stores the specific texts we are looking for in a file
  • Condition —> the condition to be met to flag the file

Conditions example:

rule example_rule{

    meta: 
    author="A_J"
    desc="Simple rule"

    strings:
    $hello_word= "Hello worrld" nocase

    condition:
    $hello_word and filesize <20kb

    }

Enter fullscreen mode Exit fullscreen mode

Top comments (0)

Image of Docusign

🛠️ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more

👋 Kindness is contagious

Dive into an ocean of knowledge with this thought-provoking post, revered deeply within the supportive DEV Community. Developers of all levels are welcome to join and enhance our collective intelligence.

Saying a simple "thank you" can brighten someone's day. Share your gratitude in the comments below!

On DEV, sharing ideas eases our path and fortifies our community connections. Found this helpful? Sending a quick thanks to the author can be profoundly valued.

Okay