YARA-X 1.10.1 Release: Hash Function Warnings

    Published: 2026-01-11. Last Updated: 2026-01-11 11:08:41 UTC
    by Didier Stevens (Version: 1)
    0 comment(s)

    YARA-X's 1.11.0 release brings a new feature: hash function warnings.

    When you write a YARA rule to match a cryptographic hash (either the full file content or a part of it), what's actually going on are string comparisons:

    Function hash.sha256 returns a string (the hexadecimal SHA256 hash it calculated) and that is compared to a literal string that is the hash you want to find.

    If you make a mistake in your literal string hash (for example: unintentionally add an extra space), then the match will fail.

    But YARA-X will now show a warning like this:

    Another example is where you mixup hashes: you provide a SHA1 literal string hash, and it should be a SHA256.

     

    Didier Stevens
    Senior handler
    blog.DidierStevens.com

    Keywords:
    0 comment(s)

      Comments

      Login here to join the discussion.


      Diary Archives