Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve the detection of AutoIT files compiled to binary. #757

Merged
merged 1 commit into from
Apr 30, 2020
Merged

Improve the detection of AutoIT files compiled to binary. #757

merged 1 commit into from
Apr 30, 2020

Conversation

tamaroth
Copy link
Contributor

@tamaroth tamaroth commented Apr 29, 2020
edited
Loading

AutoIT files compiled to binary using Aut2Exe are a regular PE file that
has its script embedded. This commit adds additional checks to catch and
detect the previously undetected version of the compiler.

The tests have been added here

@tamaroth tamaroth requested a review from s3rvac April 29, 2020 11:26
@s3rvac
Copy link
Member

s3rvac commented Apr 29, 2020

Let's run TeamCity tests.

s3rvac
s3rvac requested changes Apr 30, 2020
View reviewed changes
Copy link
Member

@s3rvac s3rvac left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes themselves are alright and all tests pass, but could you please rebase the branch with the current master and fix conflicts in the following two files?

support/yara_patterns/tools/pe/x64/compilers.yara
support/yara_patterns/tools/pe/x86/compilers.yara

They were caused by the merge of #756.

@tamaroth
Copy link
Contributor Author

The changes themselves are alright and all tests pass, but could you please rebase the branch with the current master and fix conflicts in the following two files?

support/yara_patterns/tools/pe/x64/compilers.yara
support/yara_patterns/tools/pe/x86/compilers.yara

They were caused by the merge of #756.

Certainly, it did not occur to me those two PR's can conflict with each other. I'm right on it.

Improve the detection of AutoIT files compiled to binary.
1e95eb1 
AutoIT files compiled to binary using Aut2Exe are a regular PE file that
has its script embedded. This commit adds additional checks to catch and
detect previously undetected version of the compiler.
@tamaroth tamaroth force-pushed the improvement-autoit-detection branch from 0be7970 to 1e95eb1 Compare April 30, 2020 09:11
@tamaroth
Copy link
Contributor Author

Rebased and conflicts resolved.

s3rvac
s3rvac approved these changes Apr 30, 2020
View reviewed changes
Copy link
Member

@s3rvac s3rvac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great, thank you 👍

@s3rvac s3rvac merged commit 4a51f90 into master Apr 30, 2020
@s3rvac s3rvac deleted the improvement-autoit-detection branch April 30, 2020 09:15
s3rvac added a commit that referenced this pull request Apr 30, 2020
@s3rvac
Add a CHANGELOG entry for #757.
2c943a5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@s3rvac s3rvac s3rvac approved these changes

Assignees

@s3rvac s3rvac

Labels
C-cpdetect enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@tamaroth @s3rvac