Multi-pattern simultaneous matcher. Subset of YARA rule syntax: text + hex + regex strings, conditions. For learning + quick triage. Real YARA-X requires the native runtime; this is browser-side educational equivalent.
| Element | Syntax | Example |
|---|---|---|
| Rule | rule NAME { meta: ... strings: ... condition: ... } | rule MalDoc { ... } |
| Meta key=value | key = "value" or key = number | severity = "high" |
| Text string | $id = "literal" + optional modifier | $s1 = "FromBase64" nocase |
| Hex string | $id = { XX XX ?? XX } (?? = wildcard byte) | $mz = { 4D 5A 90 00 ?? ?? FF } |
| Regex string | $id = /pattern/ + optional flags | $r = /[a-z0-9]{32}/ nocase |
| String modifiers | nocase, wide, ascii | $x = "admin" nocase wide |
| Condition: presence | $id (true if matches at least once) | $s1 |
| Condition: count | #id > N or #id == N | #enc > 2 |
| Condition: any/all of | any of (...), all of (...), N of (...) | 3 of ($a, $b, $c, $d) |
| Condition: any/all of them | any of them, all of them | any of them |
| Logical operators | and, or, not | ($a and $b) or $c |
| Wildcard ID set | any of ($s*) | 2 of ($evil*) |
| Comments | // line or /* block */ | // detection note |