YARA – malware analyzer

February 18, 2009 9:32 am · 0 comments

by Black

in Malware Analysis

Hi everyone! A nice Malware analyzer! Latest release YARA v1.2

If you are a learning about malware behaviour or need more information about malware working , this tool is for you

With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families.

The description you get will contain a set of strings and a Boolean expression which determines the its logic

YARA is also  multi-platform so don’t worry enjoy it on your own platform let it be Windows, Linux or Mac OS X.

Features supported:

  • Sub-string alternatives in hex strings.
  • Global rules.
  • Enhanced “of” operator and a new “for..of” operator
  • Anonymous strings
  • uintXX and intXX functions to read integers from a given offset
  • yara-python improvements

    • A Sample ZBot rule:

    <pre>rule zbot : banker
    {
    strings:
    $a = “__SYSTEM__” wide
    $b = “*tanentry*”
    $c = “*<option”
    $d = “*<select”
    $e = “*<input”

    condition:
    ($a and $b) or ($c and $d and $e)
    }</pre>

    Download YARA v1.2 here

    To exploit the vulnerability, an attacker must convince a user to view a malicious website.  The attacker may employ social engineering tactics to persuade a targeted user to visit a malicious website.  The tactics may include sending users a link to the site by means of an e-mail message, instant messaging, or other forms of communication.

    If you enjoyed this article, you might also like:

    Tagged as: , , , ,

    Comments on this entry are closed.

    Previous post:

    Next post: