search

nazywam / AutoIt-Ripper

Extract AutoIt scripts embedded in PE binaries
MIT License
160 stars 31 forks source link

AutoHotKey v1(JB01 header signature) binary extraction support #18

Open newmsk opened 1 year ago

newmsk commented 1 year ago

I forgot the original malware hash which i want to extract, here is a test case I generated: https://tria.ge/230511-eaxg2add6z output script:

; <COMPILER: v1.0.48.5>

#z::Run www.autohotkey.com

^!n::
IfWinExist Untitled - Notepad
    WinActivate
else
    Run Notepad
return