Detecting malware with yara scripts
Malware researchers like to use YARA to identify and classify samples of malicious files. You can create descriptions of malware families based on text or binary samples with YARA.
This article describes how to create Yara rules for malware detection. Jara basically resembles the syntax of C. You create rules – consisting of text strings, hexadecimal values or regular expressions – and Yara checks suspicious directories and files for matching. Although file scanning is the most common procedure, Yara can also use rules to check already running processes.