hello all …
some one send me a file binded via autoti to .doc file i decode the auoit code it’s download a malicious exe to %appdata% when i try to check this file via Exeinfo PE tool i got this result : Babel v7.0.0 - 8.5.0.0 .NET Obfuscator … then i unpack it via de4dot tool … and then i used dotPeek tool to export the source code for visual studio but unfortunately i dont know C# … so i decide to do static malware analysis … when i try watch outgoing connection from the file i got this strange result
this domain : time.nist.gov related to microsoft
so i’ll upload the file and the source code can any one explain what is the code do !! an is it botnet or trojan !! I found something interesting here …
original file : http://www.mediafire.com/file/4vv3llkuo4g7lpt/packed.rar
pass : 1
souce code for the original file : http://www.mediafire.com/file/8m0jeebxr481z4z/FileHippo-cleaned.rar
thanx <3