Skip to content

Comments

Improve the detection of AutoIT files compiled to binary.#757

Merged
s3rvac merged 1 commit intomasterfrom
improvement-autoit-detection
Apr 30, 2020
Merged

Improve the detection of AutoIT files compiled to binary.#757
s3rvac merged 1 commit intomasterfrom
improvement-autoit-detection

Conversation

@tamaroth
Copy link
Contributor

@tamaroth tamaroth commented Apr 29, 2020
edited
Loading

AutoIT files compiled to binary using Aut2Exe are a regular PE file that
has its script embedded. This commit adds additional checks to catch and
detect the previously undetected version of the compiler.

The tests have been added here

@tamaroth tamaroth requested a review from s3rvac April 29, 2020 11:26
@s3rvac
Copy link
Member

s3rvac commented Apr 29, 2020

Let's run TeamCity tests.

s3rvac
s3rvac requested changes Apr 30, 2020
View reviewed changes
Copy link
Member

@s3rvac s3rvac left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes themselves are alright and all tests pass, but could you please rebase the branch with the current master and fix conflicts in the following two files?

support/yara_patterns/tools/pe/x64/compilers.yara
support/yara_patterns/tools/pe/x86/compilers.yara

They were caused by the merge of #756.

@tamaroth
Copy link
Contributor Author

tamaroth commented Apr 30, 2020

The changes themselves are alright and all tests pass, but could you please rebase the branch with the current master and fix conflicts in the following two files?

support/yara_patterns/tools/pe/x64/compilers.yara
support/yara_patterns/tools/pe/x86/compilers.yara

They were caused by the merge of #756.

Certainly, it did not occur to me those two PR's can conflict with each other. I'm right on it.

Improve the detection of AutoIT files compiled to binary.
1e95eb1 
AutoIT files compiled to binary using Aut2Exe are a regular PE file that
has its script embedded. This commit adds additional checks to catch and
detect previously undetected version of the compiler.
@tamaroth tamaroth force-pushed the improvement-autoit-detection branch from 0be7970 to 1e95eb1 Compare April 30, 2020 09:11
@tamaroth
Copy link
Contributor Author

tamaroth commented Apr 30, 2020

Rebased and conflicts resolved.

s3rvac
s3rvac approved these changes Apr 30, 2020
View reviewed changes
Copy link
Member

@s3rvac s3rvac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great, thank you 👍

@s3rvac s3rvac merged commit 4a51f90 into master Apr 30, 2020
@s3rvac s3rvac deleted the improvement-autoit-detection branch April 30, 2020 09:15
s3rvac added a commit that referenced this pull request Apr 30, 2020
@s3rvac
Add a CHANGELOG entry for #757.
2c943a5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@s3rvac s3rvac s3rvac approved these changes

Assignees

@s3rvac s3rvac

Labels

C-cpdetect enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tamaroth @s3rvac