Now Reading
Detecting malware with yara scripts

Detecting malware with yara scripts

by Igor Mikhaylov2018-02-15

Malware researchers like to use YARA to identify and classify samples of malicious files. You can create descriptions of malware families based on text or binary samples with YARA.

This article describes how to create Yara rules for malware detection. Jara basically resembles the syntax of C. You create rules – consisting of text strings, hexadecimal values ​​or regular expressions – and Yara checks suspicious directories and files for matching. Although file scanning is the most common procedure, Yara can also use rules to check already running processes.



Leave a Response

Please enter the result of the calculation above.