I got this new calculator app from my friend! But it's really weird; for some reason, it needs admin permissions to run??
As with every analyzed sample, I began by checking basic information about the exe file using PeStudio. I noticed that it was packed with UPX and created using AutoIt automation scripts.
After unpacking the file, I got an .au script containing base64 encoding.
The decoded base64 content revealed a .jse file. After deobfuscating it in CyberChef, I obtained JavaScript code, though for unknown reasons, the script didn’t reveal its actual content. ChatGPT quickly decoded it for me.
