A malware sample can contain many strings or binary indicators; recognizing the strings or binary data that are unique to a malware sample or a malware family can help in malware classification. Security researchers classify malware based on the unique strings and the binary indicators present in the binary. Sometimes, malware can also be classified based on general characteristics.

YARA (http://virustotal.github.io/yara/) is a powerful malware identification and classification tool. Malware researchers can create YARA rules based on textual or binary information contained within the malware specimen. These YARA rules consist of a set of strings and a Boolean expression, which determines its logic. Once ...