A Semi-automatic handy tool to generate YARA rules from sample virus files ( WIP ) for Malware Analyst, inspired by the DIFF function of VirusTotal Premium Account. It generates all the artifacts from samples ( Static Analyzer ) needed to create good Yara Rules, with less false positive.
Features:-
It uses a fuzzy match to find similar malware files based on tolerance the percentage set by the user.
String dump from the files in binary mode and find the occurrences of the files and take those string that occurs the specified number of times set by the user.
Eliminate all the blacklist strings that are provided from the match occurrences criteria.
Generate YARA rule and also prints the MD5 hash of the files within the meta section of YARA rules.
You can find the project repo at https://github.com/YARA-Silly-Silly/yarasilly2
Top comments (0)