yara-x 1.15.0

A pure Rust implementation of YARA.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

rule test_1 {
	strings:
		$a = { 00 00 00 00 }
		$b = { 90 90 90 90 90 }
		$c = { CC CC CC }
	condition:
		any of them
}

rule test_2 {
	strings:
		$a = "\x00\x00\x00\x00"
		$b = "\x90\x90\x90\x90\x90"
		$c = "\xCC\xCC\xCC"
	condition:
		any of them
}

rule test_3 {
	strings:
		$a = /\x00\x00\x00\x00/
		$b = /\x90\x90\x90\x90\x90/
		$c = "\xCC\xCC\xCC"
	condition:
		any of them
}

rule test_4 {
	strings:
		$a = "\x00\x00\x00\x00" base64
		$b = "\x90\x90\x90\x90\x90" xor
		$c = "\xCC\xCC\xCC" fullword
		$d = "\x90x90\x90\x90" 
	condition:
		any of them
}

rule test_5 {
	strings:
		$a = "\x00\x00\x00\x00"
	condition:
		$a at 0
}