Pattern matching tool for malware researchers that classifies files with rules based on text or binary patterns
- Stars9.7k
- Forks1.6k
- Open Issues177
BSD-3-Clause
- C
- Yacc
- C++
About YARA
YARA is a tool that helps malware researchers identify and classify malware samples. It describes malware families, or anything else you want to describe, using rules built from a set of strings and a boolean expression that determines the matching logic.
Rules can match textual or binary patterns in files and support wildcards, case-insensitive strings, regular expressions, and special operators. You run YARA through its command-line interface or call it from Python scripts with the yara-python extension.
YARA runs on Windows, Linux, and Mac OS X and is licensed under the BSD 3-Clause License. It is now in maintenance mode, with active development continuing in its successor, YARA-X.
Key features
- Define malware detection rules from strings and boolean logic
- Match textual and binary patterns in files
- Wildcards, regular expressions, and case-insensitive strings
- Command-line scanning and Python scripting via yara-python
Details
- First released
- 2012
- Platforms
- Windows · Linux · macOS
- License
- BSD 3-Clause
- Interface
- CLI · Python
- Maintenance
- Maintenance mode
- Use case
- Malware sample identification