![]() ![]() To do so, let us use the Aut2Exe Converter:Īfter the conversion is complete, there is a fully working executable which is approximately 155 times smaller than the original obfuscated one: ![]() To use a decompiler, a standalone AutoIT script has to be embedded inside the executable so the decompiler can be further applied. But it can’t do anything with external scripts. The decompiler can process executables which have an embedded AutoIT script inside. We’ll show you how to do it in less than 2 minutes. You start analyzing this script and get stuck: its size is more than 150MB! What do you do?Ĭlearly, you need to de-obfuscate the script. Imagine this scenario: you’re researching a malware sample which starts its execution with unpacking the archive (usually RAR or ZIP one) which came with a suspicious email and launching an AutoIT script stored inside the archive. ![]() How to de-obfuscate a huge AutoIT script in less than two minutes ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |