How to write Yara script that creates a rule to match/detect strings contained within a file to another directory which contains a lot of such files?

Question

1. The malware is of PE type. Use the magic bytes for this file type.
2. To create a rule with a lot of strings it may be useful to write a script that creates the rule for you.
3. The strings found through intelligence may be present in other files in isolation. To make sure you have a match with the malware, it may be necessary to use all of them.

I suppose here, we have to use the condition 'all of them'. But how would I take the input of the strings contained within file into my .yara file?

Example this is my File path of the file which contains all the Strings that are to be compared -->

/home/student/Desktop/intel/strings.txt

Question --> Write a Yara rule capable of detecting files that are actually malware in the /home/student/Desktop/suspicious directory.

Answer 1

You can use file handling in python to create set of strings for your yara rule.

with open("strings.txt","r") as f:
    data=f.read().splitlines()

with open("new1.txt", "w") as t:
    for i in range(len(data)):
        t.write("$s"+str(i)+"="+"\""+str(data[i])+"\""+"\n")

For the PE type malware the magic byte is "MZ" so,you need to include this additional string as

$mz="MZ"

After creating all you strings, the condition should be

$mz at 0 and all of them