Jump to content

How are AutoIT variable names stored after compiling it to a executable?


Recommended Posts

I need to write a yara rule for a autoit malware (the binary itself not the decompiled script)

As far as i know the actual script is in the resource section in the RCData, but how can i find the bytes that represent the variable names?

for example lets say there is a variable $VeryObviousVariableName in the script and i want to make a yara rule for the name of the variable in the binary, where can i find this variable name  in the binary? 

Link to post
Share on other sites
  • Jos locked this topic
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...