YARA

Last updated
YARA
Designed by Victor Alvarez
First appeared2013
Stable release
4.5.5 [1]   OOjs UI icon edit-ltr-progressive.svg / 30 October 2025;3 months ago (30 October 2025)
Filename extensions .yara
Website virustotal.github.io/yara OOjs UI icon edit-ltr-progressive.svg

YARA is a tool primarily used in malware research and detection.

Contents

It provides a rule-based approach to create descriptions of malware families based on regular expression, textual or binary patterns. A description is essentially a YARA rule name, where these rules consist of sets of strings and a Boolean expression. [2]

Analysts write YARA rules to capture the DNA of malware families, persistent elements like code fragments, configuration strings, and structural patterns expressed as text, hex sequences, or regex with Boolean logic. This signature-based detection survives file mutations that defeat hash matching, enabling identification of variants and related samples across large datasets [3] .

History

YARA was originally developed by Victor Alvarez of VirusTotal and released on GitHub in 2013. [4] The name is an abbreviation of YARA: Another Recursive Acronym or Yet Another Ridiculous Acronym. [5] In 2024, Alvarez announced that YARA would be superseded by a rewrite called YARA-X, written in Rust. [6] A first stable version of YARA-X was released in June 2025, marking the passage of the original YARA into maintenance mode. [7]

Design

YARA by default comes with modules to process PE, ELF analysis, as well as support for the open-source Cuckoo sandbox.

See also

References

  1. "Release 4.5.5". 30 October 2025. Retrieved 31 October 2025.
  2. "Welcome to YARA's documentation!". yara.readthedocs.io. Retrieved 2023-09-18.
  3. "What Are YARA Rules? A Complete 2025 Guide with Examples". www.picussecurity.com. Retrieved 2026-02-19.
  4. "Release v1.7.1". GitHub .
  5. Victor M. Alvarez [@plusvic] (22 September 2016). "@milliped @yararules YARA is an acronym for: YARA: Another Recursive Acronym, or Yet Another Ridiculous Acronym. Pick your choice" (Tweet) via Twitter.
  6. https://virustotal.github.io/yara-x/blog/yara-is-dead-long-live-yara-x/
  7. https://virustotal.github.io/yara-x/blog/yara-x-is-stable/
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.