Reverse Engineering Asked by Mery Ted on September 30, 2021
I need to write a yara rule for a autoit malware (the binary itself not the decompiled script)
As far as i know the actual script is in the resource section in the RCData, but how can i find the bytes that represent the variable names?
for example lets say there is a variable $MyObviousVariable in the script and i want to make a yara rule for it in the binary, where can i find this variable NAME in the binary? is it inside the RCData?
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP