all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Malware Analysis - Unpacking AutoIt stub with large obfuscated script

Add to bookmarks
Jan. 27, 2024, 12:13 p.m. | MalwareAnalysisForHedgehogs

MalwareAnalysisForHedgehogs www.youtube.com

We look at two ways to unpack malware that was crypted with an AutoIt packer.
At first we trick our way to the payload, skipping the AutoIt script altogether.
At the second run we thoroughly analyse the packer stub, decrypt strings, unpack the shellcode and find the decryption function in it.

Malware Analysis course: https://www.udemy.com/course/windows-malware-analysis-for-hedgehogs-beginner-training/?couponCode=F880CDBE6684E44EB9F8

sample: https://bazaar.abuse.ch/sample/ee69b74d0f0dd59fcd87304863626efb727ad6255bc29a7d48b7a441390dff1a/
binary refinery: https://github.com/binref/refinery
autoit-ripper: https://github.com/nazywam/AutoIt-Ripper

Follow me on Twitter: https://twitter.com/struppigel

00:00 Intro
00:25 Triage
03:38 Way 1: Unpacking by guessing
10:10 Way 2: …

analysis autoit decrypt decryption find function large malware malware analysis obfuscated packer payload run script shellcode strings unpack unpacking

Visit resource

More from www.youtube.com / MalwareAnalysisForHedgehogs

Triaging Files on VirusTotal 1 week, 4 days ago | www.youtube.com
can depth files find +11
Malware Analysis - JS to PowerShell to XWorm with Binary Refinery 1 month ago | www.youtube.com
analysis atom binary configuration +19
Malware Theory - Five Unpacking Methods and Generic Unpacking Approach 1 month, 2 weeks ago | www.youtube.com
breakpoints debugger emulation encryption +7
Binary Ninja - Fix unresolved stack pointer 2 months ago | www.youtube.com
binary binary ninja fix function +1
Malware Analysis - Unpacking AutoIt stub with large obfuscated script 3 months ago | www.youtube.com
analysis autoit decrypt decryption +14
Malware Analysis - C2 extractor for Turla's Kopiluwak using Binary Refinery 3 months, 1 week ago | www.youtube.com
analysis apt beginners binary +16
Malware Analysis - 3 ways to deobfuscate JScript and JavaScript malware 4 months ago | www.youtube.com
analysis code cons current +18
Malware Analysis - .NETReactor deobfuscation and configuration extraction of AgentTesla 5 months, 2 weeks ago | www.youtube.com
agenttesla analysis box configuration +10
Malware Analysis - ZPAQ to .NET downloader to Injector DLL unpacking 5 months, 3 weeks ago | www.youtube.com
analysis archive binary deal +15

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Professional Services Resident Consultant / Senior Professional Services Resident Consultant - AMS

@ Zscaler | Bengaluru, India
View on infosec-jobs.com

Head of Security, Risk & Compliance

@ Gedeon Richter Pharma GmbH | Budapest, HU
View on infosec-jobs.com

Unarmed Professional Security Officer - County Hospital

@ Allied Universal | Los Angeles, CA, United States
View on infosec-jobs.com

Senior Software Engineer, Privacy Engineering

@ Block | Seattle, WA, United States
View on infosec-jobs.com

Senior Cyber Security Specialist

@ Avaloq | Bioggio, Switzerland
View on infosec-jobs.com
View more jobs