Extension to use YARA rules on Cutter projects.
Simply paste your rule files in the "rules" directory to apply them at start.
This plugin relies on yara-python.
To make it work you need to install it into the cutter embedded python version.
- For windows systems you can run the provided powershell file. (Don't forget to edit the path!)
- For nix operating systems simply install yara-python, locate the files with
pip showand copy the module files to the python directory of cutter. - Now copy the cutter plugin files to the cutter plugin directory (on windows usually found at
%USERPROFILE%\AppData\Roaming\RadareOrg\Cutter\plugins\python\) - Finally add some rules to the "rules" directory
- Packer detection Detect matching packers to replace tools like PEiD or DiE.
- Malware attribution Detect known malware signatures.
- Crypto detection Detect various crypto constants.