Wh0Cares Posted July 13, 2020 Posted July 13, 2020 I need to write a yara rule for a autoit malware (the binary itself not the decompiled script) As far as i know the actual script is in the resource section in the RCData, but how can i find the bytes that represent the variable names? for example lets say there is a variable $VeryObviousVariableName in the script and i want to make a yara rule for the name of the variable in the binary, where can i find this variable name in the binary? JLogan3o13 1
Developers Jos Posted July 13, 2020 Developers Posted July 13, 2020 This isn't a topic that will be further discussed in our forums. Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Recommended Posts