How is the malware file signature generated? Does it use a sequence of bytes in the beginning, size, PE (export, import, section), etc?
And can the MD5 or SHA256 be considered a file signature for a malware file?
Note: I know that there's YARA that tries to identify a malware file based on a pattern.
There is no "standard" malware signature. How this works is proprietary to each malware detection software, and probably multiple methods are used even within one detector. Commercial anti-malware vendors tend to not publish their methods, and may actively try to keep them secret.
Malware detection is an arms race of sorts, with malware authors trying to modify their malware to not be detected and anti-malware software trying to recognize all malware. Something like md5 or sha256 would not work, because then the malware authors would have to just modify one byte and it wouldn't be recognized.
So likely the "signature" will recognize some piece of the malware that it is hard to disguise, but some care must be taken to not get false positives and recognize something as malware that is benign and common, or worse, a normal part of the host operating system or legitimate user downloaded software.
YARA is just one out of many tools. Many malware detection programs, in addition to signature based detection, include algorithmic detection try to recognize malware by detecting behavior rather than a specific signature.
In some security circles, malware signatures (blacklisting) are considered obsolete (as there is potentially more malware than legitimate software), and prefer whitelisting, which makes lists of known legitimate software, and tries to block (or greylist) anything not on the whitelist. This works well in restricted environments (like point of sale systems, where there should not ever be "new" software), but is typically extremely inconvenient otherwise.
Some operating systems support cryptographically signing executables, which makes whitelisting by manufacturer more practical, but still not a complete solution, and this has problems as well.
