Expand description
YARA-X memory region scanner.
Scans raw byte buffers (process memory regions) against compiled YARA rules
to detect malware signatures, shellcode patterns, and IoC indicators in
process address spaces. Unlike yara_classifier which scans individual
strings, this module scans arbitrary binary data — critical for detecting
packed/encrypted payloads, injected code, and fileless malware.
Structs§
- Matched
Pattern - A single pattern match within a YARA scan result.
- Yara
Memory Scanner - Scanner that applies compiled YARA rules to raw memory buffers.
- Yara
Scan Match - A match from scanning a memory region against YARA rules.