ENNAENNA

FLARE FLOSS vs YARA

FLARE FLOSS

๐Ÿงฌ Reverse Engineering ยท Python

YARA

๐Ÿ”ฌ Digital Forensics ยท C

GitHub Stats

4.0k
Stars
9.6k
526
Forks
1.6k
119
Issues
173
4d ago
Updated
2mo ago
Apache-2.0
License
BSD-3-Clause
Python
Language
C

About FLARE FLOSS

FLARE FLOSS (FireEye Labs Obfuscated String Solver) automatically extracts obfuscated strings from malware binaries. While the standard 'strings' utility only finds plaintext, FLOSS uses advanced static analysis techniques to identify string decoding routines, emulates them, and recovers the decoded strings. It handles XOR encoding, stack strings (built character-by-character), tight strings (short encoded sequences), and custom decryption routines. FLOSS integrates with FLARE's analysis toolkit and produces output compatible with YARA rule generation. It dramatically reduces manual reverse engineering time for string-heavy malware analysis.

About YARA

YARA is the pattern matching swiss knife for malware researchers. It allows you to create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each rule consists of a set of strings and a boolean expression which determines its logic. YARA is used by security researchers, incident responders, and threat hunters to identify and classify malware samples, suspicious files, and network artifacts.

Platform Support

๐Ÿงlinux๐ŸŽmacos๐ŸชŸwindows
๐Ÿงlinux๐ŸŽmacos๐ŸชŸwindows

Tags

FLARE FLOSS only

string-extractionmalware-analysisdeobfuscationmandiantstatic-analysis

YARA only

malwarepattern-matchingrulesclassification
View FLARE FLOSS DetailsView YARA Details