Highest Voted 'yara' Questions - IT Security Stack Exchange

7

votes

1 answer

Unusual case of Microsoft Calculator

Pretty interesting series of event unfolded. I had a newly installed Windows Image downloaded from Microsoft Dreamspark/Imagine. less 3 weeks old with some security restriction policy, gpos etc. Anyhow I started to notice that I saw Cortana and MS…

malware windows yara

asked Aug 24 '17 at 14:43

Sam Arnold

105
7

6

votes

0 answers

How to find malware added in supply chain to Android phone?

As has become a mainstream news story many times over, some Android phones are being shipped with malware preinstalled, because they go from factory to a second party who adds the malware and then to the US. What is the strategy for examining and…

malware android spyware yara

asked Oct 09 '18 at 14:29

flane

69
2

4

votes

1 answer

How can I write logical signature for ClamAV simillar as it is in YARA?

First of all, I know that yara rules can be used in combination with ClamAV, but here I have something else in my mind, so my question is; how can I write logical signature simillar as it is in YARA. Here is an example; Let's say that I have three…

antivirus yara

asked Dec 18 '17 at 21:52

Mirsad

10,005
8
33
53

4

votes

1 answer

How do I use a directory of YARA files?

I'm going through the Malware Cookbook PEScanner and they want a path to my YARA files to search on. I currently have a directory full of YARA rules for known pieces of malware. What would be the best way to run the scanner using all my YARA…

malware snort python yara

asked Jan 02 '16 at 02:00

T. McT

41
1
3

2

votes

1 answer

Scanning a binary against YARA rules dictionary

I have found a malware binary, Which i am curious to see what patterns has been found from this file. Also i have a collection of ~1000 ioc's and yara-rule's related to Malwares and RAT's. I used Loki, yara-gui, The yara64 (i don't remember the link…

malware python scan static-analysis yara

asked Oct 28 '18 at 08:00

0_o

1,142
1
9
19

1

vote

1 answer

Yara rules not working in debian

Yara rules are working on Windows 7 perfectly. I am able to scan and detect malicious commands in .exe malware files but when I run the same program in debian v8.6, it can't detect malicious commands in .exe. When I run the same rule against a .txt…

malware tools yara

asked Jan 17 '18 at 17:37

Arun Pratap Singh

121
4

0

votes

0 answers

False Positives for YARA rule

I've run a malware ruleset from the Yara rules repository run on my Sys32 directory yara64.exe -f -r ./malware_index.yar C:\Windows\System32 and come across a lot of positives (+extra counts) for GLASSES and GLASSESCode Most matches are with…

malware yara

asked Nov 16 '21 at 14:02

N S

41
3

0

votes

1 answer

Yara condition count operator with wildcard

I have a yara rule that looks for multiple strings in a file and fires if the count is greater than 3. But how would I change the condition statement to only fire if greater than 3 but less than 5? Essentially I want something like this 3 <…

detection yara

asked Aug 13 '19 at 15:19

bigC5012

143
7

-2

votes

1 answer

How long is a typical malware signature?

I read in Peter Szor's Art of Computer Virus Research and Defense that, in the past, a 16-byte malware signature was sufficient to 16-bit detect malware, but that longer signatures are necessary for 32-bit malware. I am wondering how large the…

malware antivirus antimalware yara

asked Nov 07 '19 at 18:22

chillsauce

345
1
7

Questions tagged [yara]