DEV Community

Cover image for YaraSilly2 - YARA Rule Generator
Himadri Ganguly
Himadri Ganguly

Posted on

5

YaraSilly2 - YARA Rule Generator

Alt Text

A Semi-automatic handy tool to generate YARA rules from sample virus files ( WIP ) for Malware Analyst, inspired by the DIFF function of VirusTotal Premium Account. It generates all the artifacts from samples ( Static Analyzer ) needed to create good Yara Rules, with less false positive.

Features:-

  1. It uses a fuzzy match to find similar malware files based on tolerance the percentage set by the user.

  2. String dump from the files in binary mode and find the occurrences of the files and take those string that occurs the specified number of times set by the user.

  3. Eliminate all the blacklist strings that are provided from the match occurrences criteria.

  4. Generate YARA rule and also prints the MD5 hash of the files within the meta section of YARA rules.

You can find the project repo at https://github.com/YARA-Silly-Silly/yarasilly2

Hostinger image

Get n8n VPS hosting 3x cheaper than a cloud solution

Get fast, easy, secure n8n VPS hosting from $4.99/mo at Hostinger. Automate any workflow using a pre-installed n8n application and no-code customization.

Start now

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

πŸ‘‹ Kindness is contagious

Please leave a ❀️ or a friendly comment on this post if you found it helpful!

Okay