YARA
virustotal.github.io
1
Leaving SiteNav
External Link Disclaimer
You are about to visit virustotal.github.io. This website is not operated by us. We are not responsible for its content or privacy practices.
About this website
YARA is a pattern matching tool designed for malware researchers to identify and classify malware samples based on textual or binary patterns. Originally developed by Victor Alvarez at VirusTotal (a subsidiary of Google), YARA has become the industry standard for creating descriptive rules that match malicious files with high precision. Security researchers, incident response teams, and threat intelligence analysts worldwide rely on YARA to create custom detection signatures for malware families, track specific threat actor toolkits, and hunt for indicators of compromise across large collections of files. YARA rules consist of two main sections: a metadata section (containing descriptive information like rule name, author, description, and tags) and a strings and condition section (defining the patterns to match and the logical conditions under which a match constitutes a positive identification). Supported pattern types include: text strings (with case-insensitive, wide-character, and nocase modifiers), hexadecimal strings (for matching specific byte sequences with wildcards, jumps, and alternatives), regular expressions (using YARA's PCRE-compatible regex engine), and private strings (matched but not reported in results, useful for intermediate conditions). The condition section supports Boolean operators (and, or, not), comparison operators, arithmetic operators, bitwise operators, string occurrence counts, file size checks, entry point checks, PE header inspection, and import table analysis. As of 2026, YARA has over 8,500 stars.
Tags & Categories
Categories
Tags
Statistics
1
Views
0
Clicks
0
Like
0
Dislike