How are AutoIT variable names stored after compiling it to a executable?

Reverse Engineering Asked by Mery Ted on September 30, 2021

I need to write a yara rule for a autoit malware (the binary itself not the decompiled script)

As far as i know the actual script is in the resource section in the RCData, but how can i find the bytes that represent the variable names?

for example lets say there is a variable $MyObviousVariable in the script and i want to make a yara rule for it in the binary, where can i find this variable NAME in the binary? is it inside the RCData?

malware windows

Add your own answers!

Ask a Question

Get help from others!

Recent Answers

haakon.io on Why fry rice before boiling?
Lex on Does Google Analytics track 404 page responses as valid page views?
Peter Machado on Why fry rice before boiling?
Joshua Engel on Why fry rice before boiling?
Jon Church on Why fry rice before boiling?