A handy tool that automatically extracts the next stage of malware using AutoIt that decodes the next stage via known patterns encountered during analyses.
Note: Actually the RC4, LZNT1 Patterns is related to a CypherIt Crypter (didn't know this information when I wrote this tool) as mentioned by Unit42 here
usage: deautoit.py [-h] [-s SCRIPT] [-a AUTOIT]
A tool to automate extraction of stage 2 of some cases of malware using AutoIt.
options:
-h, --help show this help message and exit
-s, --script SCRIPT Work directly on the script (deobfuscate strings before using it)
-a, --autoit AUTOIT extract the script and embedded files then work on them
This samples uses AutoIt de deliver the next stage, the tool automatically extracts the next stage.
This samples uses an AutoIt script at an advanced stage, the tool automatically extracts the next stage
