yara

I’ve just reading YARA. Tool aimed at helping malware researchers to identify and classify malware  families. With YARA we can create descriptions of malware families based on textual or binary information contained on samples of those families. These descriptions, a.k.a rules, consist patterns and a boolean expression which determines its logic. Rules can be applied to files or running processes in order to determine if it belongs to the described malware family.

To start playing with YARA, you must run YARA on command prompt on windows or you can run it as plugin in Python that can be downloaded through here. For your convenience, you can download notepad++, hex editor.

Sources:

http://plusvic.github.io/yara/

PC Media September 2013

Advertisements