Win32 YARA Version Available

More outstanding work from Virustotal: It looks like a Win32 version of YARA has been posted on the YARA project’s page on code.google.com. Unlike classic YARA, no Python runtime support is required. Note the interesting PID argument to YARA.exe.

usage: yara [OPTION]… [RULEFILE]… FILE | PID
options:
-t print rules tagged as and ignore the rest. Can be used more than once.
-i print rules named and ignore the rest. Can be used more than once.
-n print only not satisfied rules (negate).
-g print tags.
-m print metadata.
-s print matching strings.
-l abort scanning after a of rules matched.
-d = define external variable.
-r recursively search directories.
-f fast matching mode.
-v show version information.

Report bugs to:

References:
http://code.google.com/p/yara-project/downloads/detail?name=yara-1.5-win32.zip&can=2&q=

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Leave a Reply