Jump to content


From Wikipedia, the free encyclopedia
Designed byVictor Alvarez
First appeared2013
Stable release
4.5.1[1] Edit this on Wikidata / 25 May 2024; 48 days ago (25 May 2024)
Filename extensions.yara
Websitevirustotal.github.io/yara Edit this at Wikidata

YARA is a tool primarily used in malware research and detection.

It provides a rule-based approach to create descriptions of malware families based on regular expression, textual or binary patterns. A description is essentially a YARA rule name, where these rules consist of sets of strings and a Boolean expression.[2]


YARA was originally developed by Victor Alvarez of VirusTotal and released on GitHub in 2013.[3] The name is an abbreviation of YARA: Another Recursive Acronym or Yet Another Ridiculous Acronym.[4]


YARA by default comes with modules to process PE, ELF analysis, as well as support for the open-source Cuckoo sandbox.

See also[edit]


  1. ^ "Release 4.5.1". 25 May 2024. Retrieved 28 May 2024.
  2. ^ "Welcome to YARA's documentation!". yara.readthedocs.io. Retrieved 2023-09-18.
  3. ^ "Release v1.7.1". GitHub.
  4. ^ Victor M. Alvarez [@plusvic] (22 September 2016). "@milliped @yararules YARA is an acronym for: YARA: Another Recursive Acronym, or Yet Another Ridiculous Acronym. Pick your choice" (Tweet) – via Twitter.

External links[edit]