{"id":18735470,"url":"https://github.com/virustotal/yara-x","last_synced_at":"2025-04-12T12:36:47.539Z","repository":{"id":63048670,"uuid":"551348093","full_name":"VirusTotal/yara-x","owner":"VirusTotal","description":"A rewrite of YARA in Rust.","archived":false,"fork":false,"pushed_at":"2025-03-28T15:41:07.000Z","size":49523,"stargazers_count":728,"open_issues_count":29,"forks_count":64,"subscribers_count":18,"default_branch":"main","last_synced_at":"2025-03-29T09:01:28.617Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://virustotal.github.io/yara-x/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/VirusTotal.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-10-14T08:29:15.000Z","updated_at":"2025-03-28T10:55:44.000Z","dependencies_parsed_at":"2024-11-05T15:40:06.209Z","dependency_job_id":"c43d01d0-3641-401e-a82e-4f9930b583ab","html_url":"https://github.com/VirusTotal/yara-x","commit_stats":{"total_commits":1801,"total_committers":16,"mean_commits":112.5625,"dds":0.03498056635202662,"last_synced_commit":"cd61206000c3247006f57240ca3f48e63e4fd56f"},"previous_names":[],"tags_count":30,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VirusTotal%2Fyara-x","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VirusTotal%2Fyara-x/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VirusTotal%2Fyara-x/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VirusTotal%2Fyara-x/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/VirusTotal","download_url":"https://codeload.github.com/VirusTotal/yara-x/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246988762,"owners_count":20865296,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T15:17:13.011Z","updated_at":"2025-04-05T10:01:30.267Z","avatar_url":"https://github.com/VirusTotal.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![tests](https://github.com/VirusTotal/yara-x/actions/workflows/tests.yaml/badge.svg)](https://github.com/VirusTotal/yara-x/actions/workflows/tests.yaml)\n[![coverage](https://codecov.io/gh/VirusTotal/yara-x/branch/main/graph/badge.svg?token=dPsruCiDqN)](https://app.codecov.io/gh/VirusTotal/yara-x)\n[![Crates.io](https://img.shields.io/crates/v/yara-x.svg)](https://crates.io/crates/yara-x)\n![Crates.io MSRV](https://img.shields.io/crates/msrv/yara-x)\n\n## YARA-X\n\nYARA-X is a re-incarnation of [YARA](https://github.com/VirusTotal/yara), a\npattern matching tool designed with malware researchers in mind. This new\nincarnation intends to be faster, safer and more user-friendly than its\npredecessor. The ultimate goal of YARA-X is to serve as the future replacement\nfor YARA.\n\nWith YARA-X you can create descriptions of malware families (or whatever you\nwant to describe) based on textual or binary patterns. Each description (a.k.a.\nrule) consists of a set of patterns and a boolean expression which determine its\nlogic. Let’s see an example:\n\n```yara\nrule silent_banker : banker {\n    meta:\n        description = \"This is just an example\"\n        threat_level = 3\n        in_the_wild = true\n\n    strings:\n        $a = {6A 40 68 00 30 00 00 6A 14 8D 91}\n        $b = {8D 4D B0 2B C1 83 C0 27 99 6A 4E 59 F7 F9}\n        $c = \"UVODFRYSIHLNWPEJXQZAKCBGMT\"\n\n    condition:\n        $a or $b or $c\n}\n```\n\nThe above rule is telling YARA-X that any file containing one of the three\npatterns must be reported as `silent_banker`. This is just a simple example,\nmore complex and powerful rules can be created by using wild-cards,\ncase-insensitive strings, regular expressions, special operators and many other\nfeatures that you'll find explained in\nthe [documentation](https://virustotal.github.io/yara-x/docs/writing_rules/anatomy-of-a-rule/).\n\n## FAQ\n\n#### How does YARA-X compare to YARA?\n\nRead [this](https://virustotal.github.io/yara-x/docs/intro/yara-x-vs-yara/).\n\n#### Which are the differences at the rule level?\n\nRead [this](https://virustotal.github.io/yara-x/docs/writing_rules/differences-with-yara/).\n\n#### Is YARA still maintained?\n\nYes, it is. YARA is still being maintained, and future releases will include\nbug fixes and minor features. However, don’t expect new large features or\nmodules. All efforts to enhance YARA, including the addition of new modules,\nwill now focus on YARA-X.\n\n#### What's the current state of YARA-X?\n\nYARA-X is still in beta, but is mature and stable enough for use, specially\nfrom the command-line interface or one-shot Python scripts. While the APIs may\nstill undergo minor changes, the foundational aspects are already established.\n\nAt VirusTotal, we have been running YARA-X alongside YARA for a while,\nscanning\nmillions of files with tens of thousands of rules, and addressing\ndiscrepancies\nbetween the two. This means that YARA-X is already battle-tested. These tests\nhave even uncovered YARA bugs!\n\nPlease test YARA-X and don’t hesitate\nto [open an issue](https://github.com/VirusTotal/yara-x/issues/new) if you\nfind a bug or some feature that you want to see implemented.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvirustotal%2Fyara-x","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvirustotal%2Fyara-x","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvirustotal%2Fyara-x/lists"}