Wh0Cares Posted July 13, 2020 Share Posted July 13, 2020 I need to write a yara rule for a autoit malware (the binary itself not the decompiled script) As far as i know the actual script is in the resource section in the RCData, but how can i find the bytes that represent the variable names? for example lets say there is a variable $VeryObviousVariableName in the script and i want to make a yara rule for the name of the variable in the binary, where can i find this variable name in the binary? JLogan3o13 1 Link to comment Share on other sites More sharing options...
Developers Jos Posted July 13, 2020 Developers Share Posted July 13, 2020 This isn't a topic that will be further discussed in our forums. Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Recommended Posts