yextend
yextend is a software tool that extends Yara's capabilities by adding native support for handling archived content inflation. The tool automatically processes files that are compressed or archived within multiple layers of containers, extracting and inflating the content so that Yara can perform pattern matching on the underlying payload. When yextend encounters archived files, it recursively extracts content from nested archives and compressed files, passing each discovered resource to Yara for analysis against specified rule sets. This eliminates the need for manual extraction of archived content before running Yara scans. The tool integrates with existing Yara workflows while extending functionality to handle complex file structures where malicious content may be hidden within multiple layers of compression or archiving. yextend maintains compatibility with standard Yara rules and operates as an enhancement layer that preprocesses archived content before analysis.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.
Code to prevent a managed .NET debugger/profiler from working.
CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.
A collaborative malware analysis framework with various features for automated analysis tasks.
An open source .NET deobfuscator and unpacker that restores packed and obfuscated assemblies by reversing various obfuscation techniques.
Joe Sandbox Community provides automated cloud-based malware analysis across multiple OS platforms.
PINNED
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.