yara_zip_module Logo

yara_zip_module

0
Free
Visit Website

This yara module can be used to search for strings inside a zip (.docx word file format) file. The files inside a zip are compressed and therefore not very well searchable for strings. This yara module unzips a requested file in memory and searches for a given string. Installation: The installation of the module should be pretty simple, but yara has to be built from source. - Clone the yara repository (https://github.com/VirusTotal/yara) - Copy yara_zip_modules files into the libyara folder of the yara clone: yara_zip_module/miniz.c --> yara/libyara/miniz.c yara_zip_module/include/yara/miniz.h --> yara/libyara/include/yara/miniz.h yara_zip_module/modules/zip.c --> yara/libyara/modules/zip.c - Edit the file yara/libyara/Makefile.am and add the module as well as the miniz library: MODULES += modules/zip.c yarainclude_HEADERS = include/yara/miniz.h libyara_la_SOURCES = miniz.c - Add the module to the module_list file in the modules folder: MODULE(zip) Now you can build yara by executing the make command inside the root folder. More information can be found here: https://yara.readthedocs.io/en/v3.7.0/writingmodules.html Usage: The yara zip module has at the moment only one funct

FEATURES

ALTERNATIVES

A tool for hacking and security testing of JWT

Ropper is a tool for analyzing binary files and searching for gadgets to build rop chains for different architectures.

An open-source binary debugger for Windows with a comprehensive plugin system for malware analysis and reverse engineering.

A 32-bit assembler level analyzing debugger for Microsoft Windows.

A PowerShell obfuscation detection framework designed to highlight the limitations of signature-based detection and provide a scalable means of detecting known and unknown obfuscation techniques.

Scans running processes for potentially malicious implants and dumps them.

A javascript malware analysis tool with backend code execution.

A tool to fuzz query strings and identify vulnerabilities

PINNED