YARA is an excellent tool that most of you probably already know and use daily. If you don't, search on isc.sans.edu, we have a bunch of diaries about it[1]. YARA is very powerful because you can search for arrays of bytes that represent executable code. In this case, you provide the hexadecimal representation of the binary machine code.
 
		From YARA Offsets to Virtual Addresses, (Fri, Sep 5th)
		This post was originally published on this site
	
	