YARA

by VirusTotalv4.5.5

Last updated Jun 8, 2026

The pattern matching swiss knife for malware researchers (and everyone else)

Install with winget

$ winget install --id VirusTotal.YARA --exact --version 4.5.5

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.

Installers · v4.5.5

Architecture	Type	Scope	Install	Download
x86	ZIP archive	-		Direct
x64	ZIP archive	-		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

3 known CVEs via NVD

high8.8Patched in wingetCVE-2023-40857affects v4.3.2Aug 28, 2023
Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component.
Vendor advisory
medium5.5Patched in wingetCVE-2021-45429affects <=4.1.3Feb 4, 2022
A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara/libyara.c, which could cause a Denial of Service.
critical9.1Patched in wingetCVE-2021-3402affects before 4.0.4May 14, 2021
An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4

Source: NVD, updated 4h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr.

Related apps

VirusTotal UploaderVirusTotal
VirusTotal.VirusTotalUploaderv2.2
It's a simple Microsoft Windows Desktop application that makes the interaction with VirusTotal as easy as a right-click.
V
vt-cliVirusTotal
VirusTotal.vt-cliv1.3.1
VirusTotal Command Line Interface
Y
YARA-XVirusTotal
VirusTotal.YARA-Xv1.17.0
YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor.

Frequently asked questions

How do I install YARA on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id VirusTotal.YARA --exact --version 4.5.5. winget downloads the installer from VirusTotal and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install YARA silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id VirusTotal.YARA --exact 4.5.5 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

How do I uninstall YARA via winget?

Run: winget uninstall --id VirusTotal.YARA --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from YARA's Apps & Features entry.

Is YARA free?

YARA is distributed under BSD-3-Clause. Refer to the publisher (https://virustotal.github.io/yara/) for the full license terms - Wingetly itself does not charge for installation.

Does YARA work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls YARA directly from the publisher.

How do I keep YARA up to date?

Run winget upgrade --id VirusTotal.YARA --exact, or winget upgrade --all to update everything winget tracks. We index 4 versions of YARA from microsoft/winget-pkgs.

Recent versions

4.5.5latest
4.5.3
4.5.2
4.3.2