Analyzing an Obfuscated AutoIt Info-Stealer
The REMnux MCP server connects AI assistants to the malware analysis tools on REMnux through the Model Context Protocol. The AI can call tools, interpret results, and adapt its analysis, while everything runs on REMnux, which can be set up as a virtual machine or Docker container.
The sample in this session is ACWEBaQ.exe, a 4.2MB Windows executable shared in a password-protected ZIP (a standard practice for distributing malware samples). The AI assistant handled the analysis largely on its own, making 30+ MCP tool calls to unpack an IExpress dropper, deobfuscate a batch script with 50+ environment variable substitutions, reconstruct a hidden PE from file fragments, and identify an AutoIt-compiled info-stealer with keylogging, screenshot capture, and credit card parsing capabilities.
| Sample | ACWEBaQ.exe (from password-protected ZIP) |
| Verdict | Malicious: info-stealer with keylogger, screenshot capture, credit card parsing |
| MCP Tool Calls | 30+ |
| Analysis Time | ~8 minutes |
The walkthrough below follows an actual analysis session. It focuses on how the MCP server’s tools contributed to the analysis rather than providing a comprehensive malware report.
Using AI with REMnux for Malware Analysis · REMnux MCP Server on GitHub
Uploading the Sample
The analysis starts by uploading a password-protected ZIP into REMnux and extracting it.
upload_from_host· ACWEBaQ.exe.zip · 942msTransferred 3.77MB to REMnux.
extract_archive· password: infected · 423msOne file extracted:
ACWEBaQ.exe.
get_file_info· ACWEBaQ.exePE32+ executable (GUI) x86-64, 4.17MB. SHA256:
56a524ab14ed748549767eaddb993df9a9ef5b0bbe34a7b8aa7a5be052fdac06
Three tool calls, a few seconds. The sample is on REMnux and triaged as a 64-bit Windows PE.
Automated Triage
A single analyze_file call runs 16 tools against the binary in 51 seconds, including peframe, capa, diec, manalyze, portex, and YARA. The triage summary comes back in one line:
analyze_file· ACWEBaQ.exe · depth: standard · 51sIExpress SFX | AutoIt compiled | 16 tools completed | IOCs extracted
The automated triage flags two layers of packaging: an IExpress self-extracting archive (manalyze identifies it as “Win32 Cabinet Self-Extractor”) wrapping an AutoIt-compiled payload.
How the MCP server helps: A single
analyze_filecall replaces what would otherwise be 16 individual tool invocations, each requiring the analyst to know the right flags and interpret raw output. The server selects the appropriate tools for the file type, runs them in sequence, and returns a consolidated triage summary.
Deobfuscating the Batch Script
The AI extracts the IExpress cabinet with 7z, revealing 9 files with cryptic names: Boston.vss, Apr, Dad, Foo, Lay, Abuse.vss, Cfr.vss, Addiction.vss, and Dosage.vss.
run_tool· 7z extraction · 9 files extracted
The AI reads Boston.vss, an obfuscated batch script. Dozens of Set statements assign single characters to variable names:
Set Toolbox=t
Set Pointing=s
Set Hitting=/
Set Minerals=.Commands are built by concatenating these variables. For example, %Pointing%e%Toolbox% resolves to set. After mentally resolving 50+ substitutions, the AI identifies the decoded commands:
set /p ="MZ" > Sought.exe <nul
findstr /V "Je" Apr >> Sought.exe
copy /b /y Sought.exe + Dad + Foo + Lay Sought.exe
start /w Sought.exe vThe script writes the PE magic bytes, strips a “Je” marker from Apr, concatenates four files into Sought.exe, then executes it. The start /w Sought.exe v command runs the reconstructed binary with the v argument, which passes the encrypted .vss files for decryption at runtime. The batch script both reconstructs the PE and launches it with its encrypted configuration.
How the MCP server helps: The AI read the script, mentally resolved 50+ environment variable substitutions, identified the PE reconstruction logic, then wrote Python on the MCP server to replicate the process. This multi-step reasoning (reading obfuscated code, understanding intent, writing a reimplementation) is where AI-assisted analysis goes beyond what any single tool provides.
Reconstructing the Payload
The AI writes Python code and executes it through run_tool to replicate the batch script’s reconstruction logic. The result is a 1.1MB PE32+ executable. This is the actual malicious payload that would normally only exist briefly on a victim’s disk during execution.
run_tool· python3 PE reconstructionCreated Sought.exe: 1,108,064 bytes, PE32+ executable (GUI) x86-64, 7 sections.
ACWEBaQ.exe (IExpress SFX)
├── Boston.vss ← obfuscated batch launcher
├── Apr, Dad, Foo, Lay ← PE fragments
└── Abuse.vss, Cfr.vss ← encrypted config
↓
Sought.exe (reconstructed at runtime)
└── AutoIt-compiled info-stealerAnalyzing the Reconstructed Payload
The AI runs a deep analysis on the reconstructed payload, which takes about 7 minutes (427 seconds). The result: an AutoIt v3.3.17.0 compiled executable with 22 YARA rule matches. Capa detects credit card parsing logic. The convergence of YARA rules and capa detections points to comprehensive info-stealer behavior:
| Capability | Evidence |
|---|---|
| Keylogging | YARA keylogger rule |
| Screenshot capture | YARA screenshot rule |
| Privilege escalation | YARA escalate_priv rule |
| Token manipulation | YARA win_token rule |
| Credit card parsing | capa detection |
| Process injection | YARA inject_thread rule |
| Anti-debugging | YARA anti_dbg rule |
| HTTP communication | YARA network_http rule |
| Registry manipulation | YARA win_registry rule |
Indicators of Compromise:
| File | SHA256 |
|---|---|
| Dropper (ACWEBaQ.exe) | 56a524ab14ed748549767eaddb993df9a9ef5b0bbe34a7b8aa7a5be052fdac06 |
| Payload (Sought.exe) | 881619a47b62b52305d92640cc4d4845a279c23a5a749413785fc8fcb0fdf7fb |
What This Demonstrates
- Automated triage: 16 tools ran from a single
analyze_filecall, with the MCP server selecting tools and consolidating results - Multi-layer unpacking: IExpress → obfuscated batch → reconstructed PE → AutoIt payload
- Script deobfuscation: AI resolved environment variable substitutions that no tool does automatically
- Ad-hoc scripting: Python PE reconstruction executed through the MCP server
- Convergent detection: YARA rules and capa independently pointed to info-stealer behavior
Note: Family names and behavioral labels surfaced by YARA rules and capa are derived from pattern matching and should be treated as indicative rather than definitive. Cross-referencing with sources such as VirusTotal can refine attribution.
Try It Yourself
Install REMnux to get an analysis environment with the MCP server included. The setup guide explains how to connect an AI assistant. See also the companion piece, Analyzing a Trojanized Chrome Installer, for a demo that includes dynamic emulation and format reverse engineering.
This walkthrough is part of the article Using AI Agents to Analyze Malware on REMnux.