-
Notifications
You must be signed in to change notification settings - Fork 59
Home
Welcome to the yextend wiki!
Yara integrated software to handle archive file data as well as some native format types (such as PDF).
yextend was written for the sake of augmenting Yara (https://github.com/virustotal/yara). Yara by itself is great but we realized that it could not natively handle archived content in the granular way that we needed it to for our work at Bayshore Networks. For instance, if we were hunting for malware and it happened to be buried a few levels into archived content, Yara in its native form could not help us. So what we have done is natively handle the inflation of archived content. And we pass the inflated content of each discovered resource to Yara so that it can work its magic natively on a single payload. Then Yara does what it does quite well in terms of pattern matching and such based on a given set of rules.