How can I know if an AutoIt exe is safe?

[rschanke]

Basically, i've been looking for a certain script for some time now, and just today, a friend sent me an autoit exe with an .ini file and a readme that supposedly does it. He got this from someone he knows, who got it from the creator. Naturally I am skeptical, and there seems to be no way to decompile the autoit exe. I suppose this is done on purpose to protect writers from code theft.

That said, are there any steps I can take to ensure it is safe? It is supposed to run a script while communicating between computers through an IRC channel. The file is 289kb and I seem unable to attach it here due to the size, otherwise I would.

Thanks for any help!

[LurchMan]

virus scanner maybe? have faith? lol...if possible run it on a virtual machine / older machine you dont use and see if anything starts happening to it

[Jos]

Basically, i've been looking for a certain script for some time now, and just today, a friend sent me an autoit exe with an .ini file and a readme that supposedly does it. He got this from someone he knows, who got it from the creator. Naturally I am skeptical, and there seems to be no way to decompile the autoit exe. I suppose this is done on purpose to protect writers from code theft.

That said, are there any steps I can take to ensure it is safe? It is supposed to run a script while communicating between computers through an IRC channel. The file is 289kb and I seem unable to attach it here due to the size, otherwise I would.

Thanks for any help!

You never can unless you have the source script.

So, as it counts for any EXE that you didn't made yourself you need to figure out where it came from and act accordingly: Don't run it!

Edited May 11, 2009 by Jos

[Zedna]

You can run this script inside Virtual PC. So if it's malicious you damage only your virtual PC what isn't problem.

[Jos]

You can run this script inside Virtual PC. So if it's malicious you damage only your virtual PC what isn't problem.

The question remains when you can declare it safe even after running it in VM first.

My answer would be: Never unless you have seen its source and understand how it works.

Jos

[LurchMan]

The question remains when you can declare it safe even after running it in VM first.

My answer would be: Never unless you have seen its source and understand how it works.

Jos

thats where backups come in handy and your Windows CD Key, live in on the wild side and run it for fun!

[Jos]

thats where backups come in handy and your Windows CD Key, live in on the wild side and run it for fun!

This is an approach you quickly give up after loosing your system a couple of times and are depending on it.

[LurchMan]

This is an approach you quickly give up after loosing your system a couple of times and are depending on it.

computer forensics major here....im always up for recovering data lol...

[avery]

I am not sure I'd get anything from IRC except text based help from the support channels like #unix #perl and the likes. I might download software if it was well known and came with an MD5 checksum or something similar. But what says you couldn't just get it from the original source then. IRC is a scary place sometimes The xVM idea might be your best option so far but I've seen Trojans and viruses that can detect VM's and attach to the host system essentially infecting all the VM's on the system. Good luck!

Your program sounds oddly like it could be one of those botnet drones.

A program that communicates over IRC with other systems and runs other scripts.

Are you serious right now? I am not even going to pass judgment here. It's not my job or place. Enjoy your help.

Edited May 11, 2009 by avery