yextend is a software tool that extends Yara's capabilities by adding native support for handling archived content inflation. The tool automatically processes files that are compressed or archived within multiple layers of containers, extracting and inflating the content so that Yara can perform pattern matching on the underlying payload. When yextend encounters archived files, it recursively extracts content from nested archives and compressed files, passing each discovered resource to Yara for analysis against specified rule sets. This eliminates the need for manual extraction of archived content before running Yara scans. The tool integrates with existing Yara workflows while extending functionality to handle complex file structures where malicious content may be hidden within multiple layers of compression or archiving. yextend maintains compatibility with standard Yara rules and operates as an enhancement layer that preprocesses archived content before analysis.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.
Code to prevent a managed .NET debugger/profiler from working.
CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.
A collaborative malware analysis framework with various features for automated analysis tasks.
An open source .NET deobfuscator and unpacker that restores packed and obfuscated assemblies by reversing various obfuscation techniques.
Joe Sandbox Community provides automated cloud-based malware analysis across multiple OS platforms.