Strange Calc

I got this new calculator app from my friend! But it's really weird; for some reason, it needs admin permissions to run??

As with every analyzed sample, I began by checking basic information about the exe file using PeStudio. I noticed that it was packed with UPX and created using AutoIt automation scripts. Executable file analysis.

After unpacking the file, I got an .au script containing base64 encoding. Content of the exe file after unpacking.

The decoded base64 content revealed a .jse file. After deobfuscating it in CyberChef, I obtained JavaScript code, though for unknown reasons, the script didn’t reveal its actual content. ChatGPT quickly decoded it for me. Decoded base64 content.