Yara Decompressor Logo

Yara Decompressor

0
Free
Visit Website

For when your malware samples are stored compressed, but you still want to run rules against them. Currently supports: GZip, BZip2, LZMA (XZ). Modules used: Go-Yara: https://github.com/hillu/go-yara, XZ: https://github.com/ulikunitz/xz. Motivation: I've had to test Yara rules with compressed malware on systems with or without Yara installed. Compiled statically against libyara for ease of use. Currently runs a rule file against a directory of files. Future thoughts: Support for files in Zip and Tar archives, password-protected Zip and 7z files, and testing common passwords.

FEATURES

ALTERNATIVES

A tool that executes programs in memory from various sources

A tool for identifying and analyzing Java serialized objects in network traffic

A library and command line interface for extracting URLs, IP addresses, MD5/SHA hashes, email addresses, and YARA rules from text corpora.

Repository of YARA rules for Trellix ATR blogposts and investigations

A tool that scans a corpus of malware and builds a YARA rule to detect similar code sections.

Management portal for LoKi scanner with centralized database for scanning activities.

Python 3 tool for parsing Yara rules with ongoing development.

A sandbox for quickly sandboxing known or unknown families of Android Malware