yara-sigs
CommunityScan memory with YARA to detect malware.
Software Engineering#automation#forensics#malware-detection#yara#memory-map#memory-snapshot#signature-detection
Authordariushoule
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Analysts need to rapidly identify known malware signatures and suspicious patterns in memory dumps from captured sessions.
Core Features & Use Cases
- Load YARA rule sets from yarasigs and apply them to memory regions within a state snapshot to detect packers, cryptographic constants, and anti-debug patterns.
- Scan all memory region dumps (e.g., .bin files) contained in a snapshot and produce structured results describing matches, locations, and metadata.
- Optionally merge multiple regions belonging to a single module (via module-filter) to support cross-boundary rules and yield consolidated results.
- Output a yara_results.json with per-match details, including rule name, source, regions hit, and string matches for quick analysis.
Quick Start
Take a state snapshot with the state-snapshot skill, then run the yara-sigs scan with a chosen category (packers, crypto, antidebug, or all) against the snapshot.
Dependency Matrix
Required Modules
yara-python
Components
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: yara-sigs Download link: https://github.com/dariushoule/x64dbg-skills/archive/main.zip#yara-sigs Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.