yarGen is a generator for YARA rules. The main principle is the creation of yara rules from strings found in malware files while removing all strings that also appear in goodware files. yarGen includes a big goodware strings and opcode database as ZIP archives that have to be extracted before the first use. In version 0.24.0, yarGen introduces an output option (--ai). This feature generates a YARA rule with an expanded set of strings and includes instructions tailored for an AI. Activating the --ai flag appends the instruction text to the yargen_rules.yar output file, which can subsequently be fed into your AI for processing. With version 0.23.0 yarGen has been ported to Python3. If you'd like to use a version using Python 2, try a previous release. (Note that the download location for the pre-built databases has changed)
This tool is not verified yet and doesn't have listed features.
Did you submit the verified tool? Sign in to add features.
Are you the author? Claim the tool by clicking the icon above. After claiming, you can add features.
Parse YARA rules into a dictionary representation.
Assembler/disassembler for the dex format used by Dalvik, Android's Java VM implementation.
Powerful debugging tool with extensive features and extensions for memory dump analysis and crash dump analysis.
Automate the process of writing YARA rules based on executable code within malware.
VxSig is a tool to automatically generate AV byte signatures from similar binaries.
TeamTNT is modifying its malicious shell scripts after they were made public by security researchers.