1*08b48e0bSAndroid Build Coastguard Worker# https://yara.readthedocs.io/en/latest/ 2*08b48e0bSAndroid Build Coastguard Worker 3*08b48e0bSAndroid Build Coastguard Worker# Keywords 4*08b48e0bSAndroid Build Coastguard Worker"all" 5*08b48e0bSAndroid Build Coastguard Worker"and" 6*08b48e0bSAndroid Build Coastguard Worker"any" 7*08b48e0bSAndroid Build Coastguard Worker"ascii" 8*08b48e0bSAndroid Build Coastguard Worker"at" 9*08b48e0bSAndroid Build Coastguard Worker"condition" 10*08b48e0bSAndroid Build Coastguard Worker"contains" 11*08b48e0bSAndroid Build Coastguard Worker"entrypoint" 12*08b48e0bSAndroid Build Coastguard Worker"false" 13*08b48e0bSAndroid Build Coastguard Worker"filesize" 14*08b48e0bSAndroid Build Coastguard Worker"for" 15*08b48e0bSAndroid Build Coastguard Worker"fullword" 16*08b48e0bSAndroid Build Coastguard Worker"global" 17*08b48e0bSAndroid Build Coastguard Worker"import" 18*08b48e0bSAndroid Build Coastguard Worker"in" 19*08b48e0bSAndroid Build Coastguard Worker"include" 20*08b48e0bSAndroid Build Coastguard Worker"int16" 21*08b48e0bSAndroid Build Coastguard Worker"int16be" 22*08b48e0bSAndroid Build Coastguard Worker"int32" 23*08b48e0bSAndroid Build Coastguard Worker"int32be" 24*08b48e0bSAndroid Build Coastguard Worker"int8" 25*08b48e0bSAndroid Build Coastguard Worker"int8be" 26*08b48e0bSAndroid Build Coastguard Worker"matches" 27*08b48e0bSAndroid Build Coastguard Worker"meta" 28*08b48e0bSAndroid Build Coastguard Worker"nocase" 29*08b48e0bSAndroid Build Coastguard Worker"not" 30*08b48e0bSAndroid Build Coastguard Worker"of" 31*08b48e0bSAndroid Build Coastguard Worker"or" 32*08b48e0bSAndroid Build Coastguard Worker"private" 33*08b48e0bSAndroid Build Coastguard Worker"rule" 34*08b48e0bSAndroid Build Coastguard Worker"strings" 35*08b48e0bSAndroid Build Coastguard Worker"them" 36*08b48e0bSAndroid Build Coastguard Worker"true" 37*08b48e0bSAndroid Build Coastguard Worker"uint16" 38*08b48e0bSAndroid Build Coastguard Worker"uint16be" 39*08b48e0bSAndroid Build Coastguard Worker"uint32" 40*08b48e0bSAndroid Build Coastguard Worker"uint32be" 41*08b48e0bSAndroid Build Coastguard Worker"uint8" 42*08b48e0bSAndroid Build Coastguard Worker"uint8be" 43*08b48e0bSAndroid Build Coastguard Worker"wide" 44*08b48e0bSAndroid Build Coastguard Worker"xor" 45*08b48e0bSAndroid Build Coastguard Worker 46*08b48e0bSAndroid Build Coastguard Worker# pe module 47*08b48e0bSAndroid Build Coastguard Worker"\"pe\"" 48*08b48e0bSAndroid Build Coastguard Worker"pe.machine" 49*08b48e0bSAndroid Build Coastguard Worker"pe.checksum" 50*08b48e0bSAndroid Build Coastguard Worker"pe.calculate_checksum" 51*08b48e0bSAndroid Build Coastguard Worker"pe.subsystem" 52*08b48e0bSAndroid Build Coastguard Worker"pe.timestamp" 53*08b48e0bSAndroid Build Coastguard Worker"pe.pointer_to_symbol_table" 54*08b48e0bSAndroid Build Coastguard Worker"pe.number_of_sumbols" 55*08b48e0bSAndroid Build Coastguard Worker"pe.size_of_optional_header" 56*08b48e0bSAndroid Build Coastguard Worker"pe.pothdr_magic" 57*08b48e0bSAndroid Build Coastguard Worker"pe.size_of_code" 58*08b48e0bSAndroid Build Coastguard Worker"pe.size_of_initialized_data" 59*08b48e0bSAndroid Build Coastguard Worker"pe.size_of_unnitialized_data" 60*08b48e0bSAndroid Build Coastguard Worker"pe.entrypoint" 61*08b48e0bSAndroid Build Coastguard Worker"pe.base_of_code" 62*08b48e0bSAndroid Build Coastguard Worker"pe.base_of_data" 63*08b48e0bSAndroid Build Coastguard Worker"pe.image_base" 64*08b48e0bSAndroid Build Coastguard Worker"pe.section_alignment" 65*08b48e0bSAndroid Build Coastguard Worker"pe.file_alignment" 66*08b48e0bSAndroid Build Coastguard Worker"pe.win32_version_value" 67*08b48e0bSAndroid Build Coastguard Worker"pe.size_of_image" 68*08b48e0bSAndroid Build Coastguard Worker"pe.size_of_headers" 69*08b48e0bSAndroid Build Coastguard Worker"pe.characteristics" 70*08b48e0bSAndroid Build Coastguard Worker"pe.linker_version" 71*08b48e0bSAndroid Build Coastguard Worker"pe.os_version" 72*08b48e0bSAndroid Build Coastguard Worker"pe.image_version" 73*08b48e0bSAndroid Build Coastguard Worker"pe.subsystem_version" 74*08b48e0bSAndroid Build Coastguard Worker"pe.dll_characteristics" 75*08b48e0bSAndroid Build Coastguard Worker"pe.size_of_stack_reserve" 76*08b48e0bSAndroid Build Coastguard Worker"pe.size_of_stack_commit" 77*08b48e0bSAndroid Build Coastguard Worker"pe.size_of_heap_reserve" 78*08b48e0bSAndroid Build Coastguard Worker"pe.size_of_heap_commit" 79*08b48e0bSAndroid Build Coastguard Worker"pe.loader_flags" 80*08b48e0bSAndroid Build Coastguard Worker"pe.number_of_rva_and_sizes" 81*08b48e0bSAndroid Build Coastguard Worker"pe.data_directories" 82*08b48e0bSAndroid Build Coastguard Worker"pe.number_of_sections" 83*08b48e0bSAndroid Build Coastguard Worker"pe.sections" 84*08b48e0bSAndroid Build Coastguard Worker"pe.overlay" 85*08b48e0bSAndroid Build Coastguard Worker"pe.number_of_resources" 86*08b48e0bSAndroid Build Coastguard Worker"pe.resource_timestamp" 87*08b48e0bSAndroid Build Coastguard Worker"pe.resource_version" 88*08b48e0bSAndroid Build Coastguard Worker"pe.resources" 89*08b48e0bSAndroid Build Coastguard Worker"pe.version_info" 90*08b48e0bSAndroid Build Coastguard Worker"pe.number_of_signatures" 91*08b48e0bSAndroid Build Coastguard Worker"pe.signatures" 92*08b48e0bSAndroid Build Coastguard Worker"pe.rich_signature" 93*08b48e0bSAndroid Build Coastguard Worker"pe.exports" 94*08b48e0bSAndroid Build Coastguard Worker"pe.number_of_exports" 95*08b48e0bSAndroid Build Coastguard Worker"pe.number_of_imports" 96*08b48e0bSAndroid Build Coastguard Worker"pe.imports" 97*08b48e0bSAndroid Build Coastguard Worker"pe.locale" 98*08b48e0bSAndroid Build Coastguard Worker"pe.language" 99*08b48e0bSAndroid Build Coastguard Worker"pe.imphash" 100*08b48e0bSAndroid Build Coastguard Worker"pe.section_index" 101*08b48e0bSAndroid Build Coastguard Worker"pe.is_dll()" 102*08b48e0bSAndroid Build Coastguard Worker"pe.is_32bit()" 103*08b48e0bSAndroid Build Coastguard Worker"pe.is_64bit()" 104*08b48e0bSAndroid Build Coastguard Worker"pe.rva_to_offset" 105*08b48e0bSAndroid Build Coastguard Worker 106*08b48e0bSAndroid Build Coastguard Worker# elf module 107*08b48e0bSAndroid Build Coastguard Worker"\"elf\"" 108*08b48e0bSAndroid Build Coastguard Worker"elf.type" 109*08b48e0bSAndroid Build Coastguard Worker"elf.machine" 110*08b48e0bSAndroid Build Coastguard Worker"elf.entry_point" 111*08b48e0bSAndroid Build Coastguard Worker"elf.number_of_sections" 112*08b48e0bSAndroid Build Coastguard Worker"elf.sections" 113*08b48e0bSAndroid Build Coastguard Worker"elf.number_of_segments" 114*08b48e0bSAndroid Build Coastguard Worker"elf.segments" 115*08b48e0bSAndroid Build Coastguard Worker"elf.dynamic_section_entires" 116*08b48e0bSAndroid Build Coastguard Worker"elf.dynamic" 117*08b48e0bSAndroid Build Coastguard Worker"elf.symtab_entries" 118*08b48e0bSAndroid Build Coastguard Worker"elf.symtab" 119*08b48e0bSAndroid Build Coastguard Worker 120*08b48e0bSAndroid Build Coastguard Worker# cuckoo module 121*08b48e0bSAndroid Build Coastguard Worker"\"cuckoo\"" 122*08b48e0bSAndroid Build Coastguard Worker"cuckoo.network" 123*08b48e0bSAndroid Build Coastguard Worker"cuckoo.registry" 124*08b48e0bSAndroid Build Coastguard Worker"cuckoo.filesystem" 125*08b48e0bSAndroid Build Coastguard Worker"cuckoo.sync" 126*08b48e0bSAndroid Build Coastguard Worker 127*08b48e0bSAndroid Build Coastguard Worker# magic module 128*08b48e0bSAndroid Build Coastguard Worker"\"magic\"" 129*08b48e0bSAndroid Build Coastguard Worker"magic.type()" 130*08b48e0bSAndroid Build Coastguard Worker"magic.mime_type()" 131*08b48e0bSAndroid Build Coastguard Worker 132*08b48e0bSAndroid Build Coastguard Worker 133*08b48e0bSAndroid Build Coastguard Worker# hash module 134*08b48e0bSAndroid Build Coastguard Worker"\"hash\"" 135*08b48e0bSAndroid Build Coastguard Worker"hash.md5" 136*08b48e0bSAndroid Build Coastguard Worker"hash.sha1" 137*08b48e0bSAndroid Build Coastguard Worker"hash.sha256" 138*08b48e0bSAndroid Build Coastguard Worker"hash.checksum32" 139*08b48e0bSAndroid Build Coastguard Worker"hash.crc32" 140*08b48e0bSAndroid Build Coastguard Worker 141*08b48e0bSAndroid Build Coastguard Worker# math module 142*08b48e0bSAndroid Build Coastguard Worker"\"math\"" 143*08b48e0bSAndroid Build Coastguard Worker"math.entropuy" 144*08b48e0bSAndroid Build Coastguard Worker"math.monte_carlo_pi" 145*08b48e0bSAndroid Build Coastguard Worker"math.serial_correlation" 146*08b48e0bSAndroid Build Coastguard Worker"math.mean" 147*08b48e0bSAndroid Build Coastguard Worker"math.deviation" 148*08b48e0bSAndroid Build Coastguard Worker"math.in_range" 149*08b48e0bSAndroid Build Coastguard Worker"math.max" 150*08b48e0bSAndroid Build Coastguard Worker"max.min" 151*08b48e0bSAndroid Build Coastguard Worker 152*08b48e0bSAndroid Build Coastguard Worker# dotnet module 153*08b48e0bSAndroid Build Coastguard Worker"\"dotnet\"" 154*08b48e0bSAndroid Build Coastguard Worker"dotnet.version" 155*08b48e0bSAndroid Build Coastguard Worker"dotnet.module_name" 156*08b48e0bSAndroid Build Coastguard Worker"dotnet.number_of_streams" 157*08b48e0bSAndroid Build Coastguard Worker"dotnet.streams" 158*08b48e0bSAndroid Build Coastguard Worker"dotnet.number_of_guid" 159*08b48e0bSAndroid Build Coastguard Worker"dotnet.guids" 160*08b48e0bSAndroid Build Coastguard Worker"dotnet.number_of_resources" 161*08b48e0bSAndroid Build Coastguard Worker"dotnet.resources" 162*08b48e0bSAndroid Build Coastguard Worker"dotnet.assembly" 163*08b48e0bSAndroid Build Coastguard Worker"dotnet.number_of_modulerefs" 164*08b48e0bSAndroid Build Coastguard Worker"dotnet.modulerefs" 165*08b48e0bSAndroid Build Coastguard Worker"dotnet.typelib" 166*08b48e0bSAndroid Build Coastguard Worker"dotnet.assembly_refs" 167*08b48e0bSAndroid Build Coastguard Worker"dotnet.number_of_user_strings" 168*08b48e0bSAndroid Build Coastguard Worker"dotnet.user_strings" 169*08b48e0bSAndroid Build Coastguard Worker"dotnet.number_of_field_offsets" 170*08b48e0bSAndroid Build Coastguard Worker"dotnet.field_offsets" 171*08b48e0bSAndroid Build Coastguard Worker 172*08b48e0bSAndroid Build Coastguard Worker# time module 173*08b48e0bSAndroid Build Coastguard Worker"\"time\"" 174*08b48e0bSAndroid Build Coastguard Worker"time.now()" 175*08b48e0bSAndroid Build Coastguard Worker 176*08b48e0bSAndroid Build Coastguard Worker 177*08b48e0bSAndroid Build Coastguard Worker# misc 178*08b48e0bSAndroid Build Coastguard Worker"/*" 179*08b48e0bSAndroid Build Coastguard Worker"*/" 180*08b48e0bSAndroid Build Coastguard Worker"//" 181*08b48e0bSAndroid Build Coastguard Worker"$a=" 182*08b48e0bSAndroid Build Coastguard Worker"{a?}" 183*08b48e0bSAndroid Build Coastguard Worker"[0-9]" 184*08b48e0bSAndroid Build Coastguard Worker"{(0A|??)}" 185*08b48e0bSAndroid Build Coastguard Worker"<<" 186*08b48e0bSAndroid Build Coastguard Worker">>" 187*08b48e0bSAndroid Build Coastguard Worker"#a" 188*08b48e0bSAndroid Build Coastguard Worker"$a" 189*08b48e0bSAndroid Build Coastguard Worker".." 190*08b48e0bSAndroid Build Coastguard Worker"@a" 191*08b48e0bSAndroid Build Coastguard Worker 192*08b48e0bSAndroid Build Coastguard Worker# regex 193*08b48e0bSAndroid Build Coastguard Worker"*?" 194*08b48e0bSAndroid Build Coastguard Worker"+?" 195*08b48e0bSAndroid Build Coastguard Worker"??" 196*08b48e0bSAndroid Build Coastguard Worker"{1,2}?" 197