Yara python module – part 002 .

Before we start, I have to tell you that it is the continuation of an older tutorial you find here.
As you know the YARA is a tool aimed at helping malware researchers to identify and classify malware samples.
The YARA tool helps you to create descriptions of malware families based on textual or binary patterns.
This patterns – rules come with description consists of a set of strings and a boolean expression which determine its logic.
The YARA tool can be found on the official website.
First, you need to install the python version
I used the yara-python-3.7.0.win-amd64-py3.5 version.
You need to use Python 3.5.0 version from here.
Let’s test the Yara python module:

You can see the Yara python module works well.
Let’s make a rule and test with a PDF file. This rule will tell us if the PDF comes with links.
The rule is one file named detected links into this path:
The source code of this rule is:

Now will make the python script to use this Yara rule with one pdf file:

You can see the URI on the variable named $the_uri.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.