Want to Join Us ?

you'll be able to discuss, share and send private messages.

Release Yara swiss knife Quick Menu

Discussion in 'Reverse engineering' started by storm shadow, Aug 26, 2015.

Share This Page

  1. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    I had some fun making the command version of the awsome swiss knife morre fast.


    This is for adding the awsome Yara pattern scanner to windows right click menus.
    What it Does

    Right click a folder Scan folders and subfolder files recursive for

    Code (Text):
    Crypto patterns
     
    Hacking Team Mailware
     
    Packers
     
    Malicious documents

    Right Click a File
    Code (Text):
    Scan files for
     
    Crypto patterns
     
    Hacking Team Mailware
     
    Packers
     
    Malicious documents

    Install
    Since its really just alot of registry based commands, you have to have the files at,
    Code (Text):
    C:\yara\yara32.exe
    C:\yara\icons\
    C:\yara\mailware\

    I have added all rules to date, but if you wanna do it yourself, grap new yara rules from. https://github.com/Yara-Rules/rules
    And if you want new binary prebuild(Use x86 one)I have 3.4.0 in this repo. https://github.com/plusvic/yara/releases/tag/v3.4.0
    after you have extracted everything accoring to the folder i explained.
    run
    Code (Text):
    Add_Yara_Pattern_scanner_rmenu_To_right_click_file.reg
    then
    Code (Text):
    Add_Yara_Pattern_scanner_rmenu_To_right_click_folder.reg
    Folder scan [​IMG]
    File scan [​IMG]
    Result [​IMG]
    regards


    https://github.com/techbliss/Yara_Mailware_Quick_menu_scanner/archive/master.zip
     
    gavz and Rip Cord like this.
  2. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    added fix for win 7
     
    roocoon and Rip Cord like this.
  3. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    Rip Cord likes this.
Top