Sunday, 12 April 2026 @ 06:31 UTC ~13 12,244 130,110

YARA

VirusTotal · VirusTotal.YARA

The pattern matching swiss knife for malware researchers (and everyone else)

YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.

winget install --id VirusTotal.YARA --exact --source winget

Latest 4.5.5

Release Notes
  • Implement the --no-follow-symlinks option in Windows (6e11b5a).
  • BUGFIX: Revert YR_RE_SCAN_LIMIT back to 4096 (#2177).
  • BUGFIX: infinite loop while parsing corrupt resource directory in PE module (#2162).
  • BUGFIX: improved detection whether a string requires all matches (#2167).
  • BUGFIX: Heap overflow while loading hand-crafted compiled rules (#2178). Thanks to Momoko Shiraishi for the report. Contributors: @secDre4mer @PeterMatula @wxsBSD

Installer type: zip

Architecture Scope Download SHA256
x86 Download 2CC0B3388039629653B2EF581AB2553670F021A88C9B0FE1D0E35151317399F3
x64 Download 352396C8A3D9B31B157A4820ABD3B9347FC934A2314CDDA8A4F566A5570163E4

Details

Homepage
https://virustotal.github.io/yara/
License
BSD-3-Clause
Publisher
VirusTotal
Support
https://github.com/VirusTotal/yara/issues
Copyright
Copyright (c) 2007-2025. The YARA Authors. All Rights Reserved.

Older versions (3)

4.5.3
Architecture Scope Download SHA256
x86 Download 7048CB64FDC50B273EDAD2AAD2F9224E6027AF991EDE45127D883781014DBCF4
x64 Download 475B3B117DC6130DF2D19A2E866BF2ABC5E62EB058E8AB81FD79F6955ACE3306
4.5.2
Architecture Scope Download SHA256
x86 Download C7A8584133F4438764B8F247489C0C121B16422FD65B76D7A1A754DA79FE5F25
x64 Download 9F934CC4C5DE653324A5714736077F57667A06009BEE7984D960634AE0662DC6
4.3.2
Architecture Scope Download SHA256
x64 Download D878593371A0CDC0946A26E460C3BF0A0964018647A0E2239B1DC25DDC0D2365