What is a .YARA file?
YARA is a malware-detection rule file.
- Did you know
- YARA is nicknamed "the pattern-matching swiss knife for malware researchers".
- YARA was created by Victor Alvarez of VirusTotal, the Google-owned malware-scanning service, to classify samples by binary or text patterns rather than exact hashes.
- The name is a self-referential joke, expanded variously as “Yet Another Recursive Acronym” or “Yet Another Ridiculous Acronym”.
- What Analyser reads
- Identify and read more security and forensics files: OpenPGP messages/keys/signatures (.pgp/.gpg/.sig - armor type, packet walk, key algorithm and user ID, secret-key warning), YARA rules, Snort/Suricata IDS rules, STIX/OpenIOC threat intel, Fiddler captures (.saz), 1Password exports (.1pux), Apple Keychain, KeePass 1.x (.kdb), Microsoft keys (.pvk) and AFF/AFF4 forensic images.
- Depth of analysis
- .YARA is an identification-grade format: Analyser recognises it from its bytes and decodes the header metadata it carries, rather than opening it in a full viewer. Formats that do get a full viewer are marked "Full" on the formats page.
- Open a .YARA file
- Drag a .YARA file onto the Analyser home page (or tap to pick one). It is identified entirely in your browser - nothing is uploaded, there is no account, and it works offline once installed.