Yara

Yara

Yara rule is a way of identifying malware samples based on if it matches a condition we specified.

Yara identifies malware based on binary and texual patterns in files which they usually contain hexa decimal and strings

Yara usually consist of the following

• Meta —> This section stored information related to author, description of the rule,, date, reference
• String —> stores the specific texts we are looking for in a file
• Condition —> the condition to be met to flag the file

Conditions example:

rule example_rule{

    meta: 
    author="A_J"
    desc="Simple rule"

    strings:
    $hello_word= "Hello worrld" nocase

    condition:
    $hello_word and filesize <20kb

    }