100 Days of YARA – Day 53: AutoIt 3

On February 10, 2022December 31, 2021 By DanielIn 100 days of Yara

Lots of malware abuses AutoIt 3 because of its unique and easy-to-use scripting language.

rule autoit3
{
	meta:
		description = "AutoIt 3"
		reference = "https://www.autoitscript.com/site/"
		decompiler = "http://domoticx.com/autoit3-decompiler-exe2aut/"

	strings:
		$ = "AutoIt v3" wide

	condition:
		uint16(0) == 0x5a4d and all of them
}

YARA Rules Index

One thought on “100 Days of YARA – Day 53: AutoIt 3”

Pingback: Week 07 – 2022 – This Week In 4n6

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

Share this:

Like this:

One thought on “100 Days of YARA – Day 53: AutoIt 3”

Leave a Reply Cancel reply