What's a module?

Modules are the mechanism that YARA-X provides for extending its capabilities by adding new data structures and functions that can be used in your rules, making them more powerful and expressive. For instance, a module can parse a specific file format (like the Windows Portable Executable (PE) format), and expose to YARA-X a data structure that describes the features of that file format.

By using modules you can create rules that go beyond the simple pattern matching on a sequence of raw bytes, relying on properties and characteristics of the data being scanned.

This section describes the modules that are included in YARA-X.