You can test your Yara rules by using first the Yara command tool from windows or Linux. The last version comes with source code :
For example, this rule shows us how to find files by size:
global rule size
filesize > 11MB and filesize < 22MB
This rule finds files by specify the size conditions MB, KB… Continue Reading Yara python module – part 003 .
Before we start, I have to tell you that it is the continuation of an older tutorial you find here. As you know the YARA is a tool aimed at helping malware researchers to identify and classify malware samples. The YARA tool helps you to create descriptions of malware families… Continue Reading Yara python module – part 002 .
YARA is a multi-platform program running on Windows, Linux and Mac OS X. More about Yara python module can see it here. YARA used this keyword with rules under files.
all and any ascii at condition contains
entrypoint false filesize fullword for global in
import include int8 int16 int32 int8be int16be
int32be matches meta nocase not or of
private rule strings them true uint8 uint16
uint32 uint8be uint16be uint32be wide
The Yara documentation can be found in this link. The Yara python module uses version 1.7.7 and this will… Continue Reading Yara python module – part 001 .