![]() Instead of writing scripts to manually de-obfuscate the script, let the converter do the entire job and produce clear byte-code in the output. To do so, let us use the Aut2Exe Converter:Īfter the conversion is complete, there is a fully working executable which is approximately 155 times smaller than the original obfuscated one: To use a decompiler, a standalone AutoIT script has to be embedded inside the executable so the decompiler can be further applied. But it can’t do anything with external scripts. The decompiler can process executables which have an embedded AutoIT script inside. Exe2Aut is designed to be the easiest to use and most versatile decompiler for compiled AutoIt3 scripts one could think of. We’ll show you how to do it in less than 2 minutes. Simply drag and drop the executable onto Exe2Aut’s main window and the source script will be displayed. ![]() ![]() ![]() You start analyzing this script and get stuck: its size is more than 150MB! What do you do?Ĭlearly, you need to de-obfuscate the script. Exe2Aut is designed to be the easiest to use and most versatile decompiler for compiled AutoIt3 scripts one could think of. Imagine this scenario: you’re researching a malware sample which starts its execution with unpacking the archive (usually RAR or ZIP one) which came with a suspicious email and launching an AutoIT script stored inside the archive. How to de-obfuscate a huge AutoIT script in less than two minutes ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |