YARA

Last updated
YARA
Designed by Victor Alvarez
First appeared2013
Stable release
4.5.4 [1]   OOjs UI icon edit-ltr-progressive.svg / 27 May 2025;53 days ago (27 May 2025)
Filename extensions .yara
Website virustotal.github.io/yara OOjs UI icon edit-ltr-progressive.svg

YARA is a tool primarily used in malware research and detection.

Contents

It provides a rule-based approach to create descriptions of malware families based on regular expression, textual or binary patterns. A description is essentially a YARA rule name, where these rules consist of sets of strings and a Boolean expression. [2]

History

YARA was originally developed by Victor Alvarez of VirusTotal and released on GitHub in 2013. [3] The name is an abbreviation of YARA: Another Recursive Acronym or Yet Another Ridiculous Acronym. [4] In 2024, Alvarez announced that YARA would be superseded by a rewrite called YARA-X, written in Rust. [5] A first stable version of YARA-X was released in June 2025, marking the passage of the original YARA into maintenance mode. [6]

Design

YARA by default comes with modules to process PE, ELF analysis, as well as support for the open-source Cuckoo sandbox.

See also

References

  1. "Release 4.5.4". 27 May 2025. Retrieved 1 June 2025.
  2. "Welcome to YARA's documentation!". yara.readthedocs.io. Retrieved 2023-09-18.
  3. "Release v1.7.1". GitHub .
  4. Victor M. Alvarez [@plusvic] (22 September 2016). "@milliped @yararules YARA is an acronym for: YARA: Another Recursive Acronym, or Yet Another Ridiculous Acronym. Pick your choice" (Tweet) via Twitter.
  5. https://virustotal.github.io/yara-x/blog/yara-is-dead-long-live-yara-x/
  6. https://virustotal.github.io/yara-x/blog/yara-x-is-stable/