AutoIt Virus - Help me figure out what it does!

[locknlol]

Hey there everyone! New to the community, but not AutoIt.  Just recently someone tried to social engineer me into running an AutoIt exe file. I had my suspicions immediately so I decided to throw it onto a few malware VM machines to figure out what it does. After checking it out a bit, I figured out that it was in fact an AutoIt 3.3.8.1 exe and I used Exe2Aut to decompile it as best as I could. How ever, either, it did not decompile correctly, or it's been obfuscated. This is the first time dealing with an AutoIt.exe so I was wondering if I could get some help.

I'm not going to post the source code or any links to the actual exe publically. You may how ever private message me for either, and I will send them that way.

-- AGAIN: These are confirmed to be some type of RAT. There is some kind of C&C used to launch commands, and I'd like to figure out exactly what it is.

 

To the mods: If this is a violation of the rules, or there is a better, or more security based area I can post this in, please send me in that direction. Thanks!

[Melba23]

locknlol,

Admitting to using a decompiler is a capital offence here.

Consider yourself lucky that it is your first post - other wise you would be permanently banned. As it is this thread will now be locked and I suggest you read the Forum rules (there is also a link at bottom right of each page) before you post again.

M23