Author Topic: YARA - a malware identification and classification tool  (Read 2273 times)

0 Members and 1 Guest are viewing this topic.

February 16, 2009, 06:20:00 pm
Read 2273 times

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
http://code.google.com/p/yara-project/

Quote
YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines the its logic.
Ruining the bad guy's day

February 16, 2009, 08:45:04 pm
Reply #1

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

February 16, 2009, 10:18:01 pm
Reply #2

Serg

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 132
Quote
rule silent_banker : banker
{
    strings:
        $a = {6A 40 68 00 30 00 00 6A 14 8D 91} 
        $b = {8D 4D B0 2B C1 83 C0 27 99 6A 4E 59 F7 F9}
        $c = "UVODFRYSIHLNWPEJXQZAKCBGMT"

    condition:
        $a or $b or $c
}
Is Victor opening Pandas sources?  :D