Hey guys, Today’s blog will be very small so don’t worry it is very simple to learn and understand it.
YARA – It is a tool for Malware identification which works on matching patterns across various malware samples and rules with signature identification.
That’s how Anti-virus works based on YARA rules and Signature of Previously found Malwares.
Lets see how to create a basic YARA rule and how to use it to check it with the malware sample.
Structure of YARA rule.
We can use whatever information from the PE sections like signatures, stamp details, File type, Gateway sockets, in the strings we want to stop or detect when it comes in the future, we can add multiple variables like $a, $c and goes on, We have to add a condition to pass to check the parameter to be detected if it is available.
I know Beginners can’t understand what is stamp details, PE sections and everything, you will understand it clearly once we start doing the practical things.
We will be setting up a Dedicated environment for Malware analysis in the Next Blog then we can go with the real time Static analysis.
That’s it, see you in setting up the sand-boxing environment.
Bye Bye!
