New release YARA 3.0

VT image

Over this week a new version of Yara have been released. YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.

The new features include the following:

  • Support for modules
  • PE module
  • Cuckoo module
  • Some improvements in the C API
  • More comprehensive documentation
  • BUGFIX: Start anchor (^) not working properly with the “matches” operator
  • BUGFIX: False negative with certain regular expressions
  • BUGFIX: Improper handling of nested includes with relative pathes
  • BUGFIX: \s character class not recognizing \n, \r, \v and \f as spaces
  • BUGFIX: YARA for Win64 scanning only the first 4GB of files.
  • BUGFIX: Segmentation fault when using nested loops
  • BUGFIX: Segmentation fault caused by invalid characters in regular expressions
  • BUGFIX: Segmentation fault while scanning some processes in Windows
  • BUGFIX: Segmentation fault caused by regexp code spanning over non-contiguous memory pages

YARA is used by VirusTotal Malware Intelligence Services and you can install Yara by following this link: https://github.com/plusvic/yara/releases/tag/v3.0.0

Share
You can leave a response, or trackback from your own site.