The dr_sandbox module is an exclusive Dr.Web YARA module, which allows creating rules based on: •information on the file behavior, •types of created files (src, dump, drop, alloc and etc.), •information about detected threats, •the analyzed file’s name. Sample rule that uses the dr_sandbox module:
A detailed list of the module features is in Appendix B. More Details About dr_sandbox Module for YARA Rules. |