• Become a Power user Intro to AutoHotkey Intermediate AutoHotkey Intermediate Objects GUIs are Easy w/AutoHotkey Painlessly switch from V1 to V2

AHKScriptScan: Easily scan AutoHotkey files

AHKScriptScanner allows you to run some basic checks on autohotkey script files to find potential security issues.

Don’t panic❗ Find out why virus checkers aren’t always right and how to protect your computer
Don't panic❗ Find out why virus checkers aren't always right and how to protect your computer

AutoHotkey is powerful but can be flagged by virus software, so use caution and trust the source.

  • 00:00 💻 AutoHotkey is powerful but can’t be inspected by virus software.
    • AutoHotkey is powerful but virus software can’t inspect the file to determine if it is malicious or not.
  • 01:09 🚨 Hotkey is potentially malicious, so use with caution.
    • Hotkey is the simplest and easiest to compile, but two virus checkers reported it as malicious.
  • 02:08 💻 Compile Script GUI lets you choose AutoHotkey version & bitness for successful conversion.
    • Right-clicking and selecting “Compile Script GUI” allows you to pick and choose the version and bitness of AutoHotkey and convert it successfully.
  • 03:28 🚀 Dragging a script onto an executable will launch it, and the original u32 scored 2/72.
    • Compiling a script with an executable and dragging it onto the executable will launch the script, and the original u32 had a score of 2 out of 72.
  • 05:02 🤔 SecureAge and Black Pro initially gave two scores, but Magazine’s score was the highest.
    • SecureAge and Black Pro initially gave two scores, but after uploading, five more scores were added, with the max score being from Magazine, which still isn’t horrible.
  • 05:55 📦 Compressing the file increased the number of antivirus flags detected.
    • Using an encoder to compress the file increased the number of antivirus flags detected by Virustotal.
  • 07:24 🔎 Trust the source and use a tool to flag any suspicious behavior.
    • Trust the source of the code and use a tool to peek inside and flag any suspicious behavior.
  • 08:18 🚨 Downloading an Auto hockey script may not be a virus, just flagged due to its power.
    • Downloading an Auto hockey script may be flagged as a virus, but it is likely not a virus and is just flagged due to its power.

 

hey it’s Joe Glines from the-Automator and the Auto day someone wrote me and said hey I downloaded this file from your website and it’s a virusyou know just one let you know and I’m like okay it’s not a virus again I wanna in this video demonstrate some of the misconceptions about AutoHotkey how toHotkey files viruses you know how they check thingsand really what’s going on here soit’s it’s a really interesting thing is because for the most part virus software doesn’t really
understand what software is doing it’s much more of a reputation type of thing than it is inspecting the file and analyzing what gets done right the problem is like let’s pay pickairplanes airplanes are incredibly powerful right they can do a lot of good stuff we’re like at 9 11 they can do some Terrible Things Auto hockey is the same way and people realize howHotkey is really powerful but they can’t peek inside it and they can’t see is it hijackers or is it a normal pilot let’s
try to finish right so like they just don’t know so they throw up this thing saying it’s a virusso let me demonstrate hereand first off we’re going to start let’s drag the AutoHotkey u32 this is v1’s been around for about a week and a half I think so I’m gonna drag it on here the virus total is from Google it goes across apparently 72 virus Checkers now this was incredibly fast because virus total has seen this before so it doesn’t
do the check it just says hey we know that hash we know what it is this is your score right apparently two these two let’s grab thosethis this by the way is my sipping tool I’ll put the URL on here this is what the person wrote me and said this is a virus and I’m like yeah trust me it’s not a virus anyway so there are two that got reported as malicious you know in the detected malware which again like well you know it’s it’s not butokay so here’s the fun part here’s by the way
if you don’t know this about Hotkey it is by far like any any which I’ve ever found when you go to compile it it is the simplest and easiest so first off this demo virus.txt this is all that’s in it is just persistent now we’re going to change that it’s amazing AutoHotkey is just plain text right so I have it as a text file I’m gonna change the extension to be ahk the problem is I just haven’t configured Explorer to be able to peek inside it so we can we canedit this file and we’ll see again all
that’s there is just as persistent right that’s it so let me close that now I can right click on this thing and say compile script that will use my default editorand let’s just do it to show how you see this right so that just created this virus.exe we can get rid of this so that used my default version of AutoHotkey however we could test this and I’m going to test it just not from compiling it that way I’m going to right click and say compile script GUI now this is going to allow me to pick
and choose which version and you know bitness of arohaki so this is the same thing versionUnicode 32 now I’m going to convert successfully compiled so here it is and let’s let’s rename this u32 okay so that’s just letting us know what we compiled it with now I’m gonna do all these in a row I’m going to right click actually we don’t have to go we can come back to here I’m going to add compression let’s add impress my output well I’ll just change it after okay it’s compiled
now this one was the u32 impress so I’m just creating a couple different versions of this so we can see the scores when we take these to virus total so without a Hotkey it’s kind of fake compiling in that it takes the executable which I happen to have here but it’s grabbing it from where I have installed and it slaps it together with my script right here and packages them together and puts them in a way because I don’t know if you know this you cantake your script and just drag it on top of an executable and it will launch it
so right now that script is running so you don’t actually have to compile it this is also why I don’t compile stuff it’s just I have it this format but what we’re doing is we’re compiling them and now it it has this executable this one because I made it with these two in there with it with this script right so when I drag so this had usthe original u32 had a score of 2 out of 72 right so I’m going to take this first one this is now my script which actually I think if I drag this here I think it’ll actually accept
it and give it a a zero because nothing recognizes it and there’s really nothing in it right so there’s and no one’s ever seen it before so it does take a couple seconds for getting through there almost done and there we go so zero out of six and one so on its own virus total is saying hey this thing is nothing right it’s fine there’s no problems with it no malicious activity this is simply a combination of this and this right so I’m going to drag this into here for upload and here’s where we’re going
to see something to me really really interesting is suddenly some of these guys will start flocking it as a virus so here’s the max score from magazine remember we had these two initially right these two so secure age and black Pro so now we’re up to five which still isn’t horrible however the other ones didn’t detect a darn thing when we did this one right on its own it was after we combined it with this and you know those are combined in the compiled v1 that we got five now let’s take it with
impress now impress is an encoder and it basically makes itobfuscates things and makes it harder to peek inside and a lot of people use out of Hotkey are worried people can steal their code because if I just was to get this file I can basically decompile it and see the code that’s there so I might want to use impress to make it harder for people to be concise right so let’s drag this one onto here oh you know what let’s grab this so this was five the first one was two and let’s see how many now with the
impress version and so this is just where again the virus total does peak inside the files clearly because it’s changing the scores and the ratings and I shouldn’t say virus level because it’s running it through all these 72 differentantivirus stuff look at how many more it’s getting flagged at now right because we used impress to compress it right and that’s where virustotal is looking at things in the file and basically saying hey other people who have reported this kind of pattern in code they have had viruses so
I’m going to score it higher again it knows nothing about what’s actually in the-Automator.com plug
um I was getting flagged as a military software website and it was just really annoying because I’m like it’s not you know I don’t distribute viruses now can AutoHotkey be a virus sure absolutely but it depends what someone has put into the code right so the important part is Trust The Source who gave it to you you know hey if you can get the decompiled version get just the script and peek inside it and take a look at what’s there we have a tool I’ll put up here that helps you do that it’ll help peek
inside and flag you know certain types of behaviors that are often you know used byscammers and and virus people but again they can be used for really good things too you need to pay attention to what’s going on and everything so it’s just much more complicated but the fact is if you get a Auto hockey script and you download it it gets flagged as a virus in my experience the odds are much better that it’s not a virus it’s just getting flagged because people are afraid because AutoHotkey is really
powerful so I hope that helps if you liked that and learn something please like the video it really helps me out where the largest AutoHotkey channel out there we publish at least twice a week and if you’re not a subscriber consider subscribing we release videos on you know things with Automation and how to use arohaki and other languages but mostly even a hunky so hope to see you around thank you so much for watching cheers

Comments are closed.