shlogg · Early preview
Aj @gelehasan

Yara Rule For Malware Identification In 60 Characters

Yara rules detect malware by matching binary & textual patterns in files. A rule has 3 parts: Meta, Strings (search for specific texts), & Conditions (flag file if met). Example: `$hello_word = "Hello world" nocase and filesize <20kb`.

Yara

Yara rule is a way of identifying malware samples based on if it matches a condition we specified.
Yara identifies malware based on binary and texual patterns in files which they usually contain hexa decimal and strings

Yara usually consist of the following 

Meta —> This section stored information related to author, description of the rule,, date, reference
String —> stores the specific texts we are looking for in a file
Condition —> the condition to be met to flag the file

Conditions example:

rule example_rule{
    meta: 
    author="A_J"
    desc="Simple rule"
    strings:
    $hel...
Read the full article