About Yara in the Malwr Analysis, read: http://0xdabbad00.com/2011/04/23/creating-a-yara-signature-for-shellcode/
Here it says it matched shellcode byte patterns (rar file detection)

pol