Everything you've ever wanted to know about Loki-Bot. Includes a Cheat Sheet, IDS signatures, python script, and a link to my 177 page research paper on the subject
AutoIt is yet-another-development-language that malware authors leverage to create and obfuscate their malware. As a matter of fact, AutoIt is so closely associated with malware, that AutoIT's website has a wiki article that "addresses" the fact that the legitimate AutoIt binary is often detected as malicious by AntiVirus. In this post, I will not be going into end-to-end analysis of any one sample. Unfortunately, there are way too many different ways that malware authors have leveraged AutoIt for me to write a one-analysis-fits-all post. I will, however, attempt to provide you with a starting point by showing you how to get from a compiled AutoIt binary to a plain-text script.