YARA 介绍

您可以用YARA创建恶意软件的描述,基于文本或二进制模式,包含对这些软件家族的样本描述, 它的逻辑决定了每个描述由一组字符串和布尔表达式,这个软件还包含有命令行界面,

资料来源:http://plusvic.github.io/yara/

YARA 首页
YARA 源代码版本库

包含在YARA里的工具

YARA - 识别和分类恶意软件样本的工具

root@kali:~# yara
usage:  yara [OPTION]... [RULEFILE]... FILE
PID
options:
  -t <tag>                  print rules tagged as <tag> and ignore the rest. Can be used more than once.
  -i <identifier>           print rules named <identifier> and ignore the rest. Can be used more than once.
  -n                        print only not satisfied rules (negate).
  -g                        print tags.
  -m                        print metadata.
  -s                        print matching strings.
  -l <number>               abort scanning after a <number> of rules matched.
  -d <identifier>=<value>   define external variable.
  -r                        recursively search directories.
  -f                        fast matching mode.
  -v                        show version information.

Report bugs to: <vmalvarez@virustotal.com>

YARA 用法示例

root@kali:~# coming soon