because it is not much clever to detect AutoIt malware from outside and the developing (and testing) of an decompiler took some time... as you maybe know - there are some publicly available AutoIt scramblers and "encryptors" and AutoIt itself could be quite polymorphic - that makes the detection from outside ineffective, because it covers only the one particular file, while the authors of the malware are able to make the same (or slightly different) sample in a minute and it will be undetected... the decompilation gives us a chance to make algorithmical detections, which are much stronger (in our internal testing two algo detections can catch thousands of malware AutoIt samples, that really worth it)...