[SANS ISC] Malicious DLL Loaded Through AutoIT

I published the following diary on “Malicious DLL Loaded Through AutoIT“:

Here is an interesting sample that I found while hunting. It started with the following URL:


The value of the parameter (‘OQlLg3rUFVE740gn1T3LjoPCQKxAL1i6WoY34y2o73Ap3C80lvTr9FM5’) is used as the key to decode the first stage. If you don’t specify it, you get garbage data… [Read more]

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.