Add YARA language (#3877)

* Add YARA language grammars * Add YARA to languages.yml * Add YARA samples * Add YARA to README
2025-10-29 09:40:21 +00:00 · 2017-11-15 20:16:33 -05:00
parent 9dceffce2f
commit 8c516655bc
9 changed files with 78 additions and 0 deletions
--- a/samples/YARA/OfExample.yar
+++ b/samples/YARA/OfExample.yar
@@ -0,0 +1,23 @@
+rule OfExample2
+{
+    strings:
+        $foo1 = "foo1"
+        $foo2 = "foo2"
+        $foo3 = "foo3"
+
+    condition:
+        2 of ($foo*)  // equivalent to 2 of ($foo1,$foo2,$foo3)
+}
+
+rule OfExample3
+{
+    strings:
+        $foo1 = "foo1"
+        $foo2 = "foo2"
+
+        $bar1 = "bar1"
+        $bar2 = "bar2"
+
+    condition:
+        3 of ($foo*,$bar1,$bar2)
+}
--- a/samples/YARA/example.yara
+++ b/samples/YARA/example.yara
@@ -0,0 +1,13 @@
+rule silent_banker : banker
+{
+    meta:
+        description = "This is just an example"
+        thread_level = 3
+        in_the_wild = true
+    strings:
+        $a = {6A 40 68 00 30 00 00 6A 14 8D 91}
+        $b = {8D 4D B0 2B C1 83 C0 27 99 6A 4E 59 F7 F9}
+        $c = "UVODFRYSIHLNWPEJXQZAKCBGMT"
+    condition:
+        $a or $b or $c
+}
--- a/samples/YARA/true.yar
+++ b/samples/YARA/true.yar
@@ -0,0 +1 @@
+rule test { condition: true }