d5b24384b2e5a7f58299e42cc3d96ff8adc8b7568c1b30305116991b11d74391

Sharing

Copy URL Twitter E-mail

General

Target

d5b24384b2e5a7f58299e42cc3d96ff8adc8b7568c1b30305116991b11d74391
Size

806KB
MD5

818bac05b86e94aea45a20017864011b
SHA1

02f3d066eae5d0e1d5f64ca49a7ffe2426df4a7c
SHA256

d5b24384b2e5a7f58299e42cc3d96ff8adc8b7568c1b30305116991b11d74391
SHA512

52e6d042c351435d12cdb5536f64de98e81f5010d749fe3fde68585a612e37ad44d344ed8047dfa3e15fd710cdd4d10b852c90bfdd7bbf4bb513a10ce47b2457
SSDEEP

24576:cc2ryNv5aXxUG23RSjbQlQyYq5XyqoGGkO2hWZ4lK4c/:EryjSxM3RcbgYUnfO2hWZEc/

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Files

d5b24384b2e5a7f58299e42cc3d96ff8adc8b7568c1b30305116991b11d74391
.exe windows x86

aaea3b6ea941192ba763f0c2b48d6ff8

Code Sign

78:b5:3f:7c:b7:9f:9f:6a:b3:7a:5c:9c:bc:7e:c0:a5
Certificate

Issuer

CN=Windows,O=神州泰岳,1.2.840.113549.1.9.1=#130a556c747261706f776572

Not Before

17/01/2018, 02:57

Not After

31/12/2039, 23:59

Subject

CN=Windows,O=神州泰岳,1.2.840.113549.1.9.1=#130a556c747261706f776572

Extended Key Usages

ExtKeyUsageCodeSigning

8b:97:96:1a:82:6a:ee:7c:b2:99:06:8d:77:0f:71:d1:ef:46:c7:ed
Signer

Actual PE Digest

8b:97:96:1a:82:6a:ee:7c:b2:99:06:8d:77:0f:71:d1:ef:46:c7:ed

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Windows,O=神州泰岳,1.2.840.113549.1.9.1=#130a556c747261706f776572

06/10/2022, 18:36
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

__WSAFDIsSet
recv
send
socket
connect
closesocket
bind
select
accept
htons
sendto
recvfrom
ntohs
WSAGetLastError
ioctlsocket
WSACleanup
inet_addr
gethostbyname
WSAStartup
gethostname
listen

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winmm

waveOutSetVolume
timeGetTime
mciSendStringA

comctl32

ImageList_DragEnter
ImageList_DragMove
ImageList_EndDrag
ImageList_DragLeave
ImageList_BeginDrag
ImageList_SetDragCursorImage
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx
ImageList_Remove

mpr

WNetCancelConnection2A
WNetGetConnectionA
WNetAddConnection2A
WNetUseConnectionA

kernel32

OpenProcess
CreateFileMappingA
MapViewOfFile
WriteProcessMemory
ReadProcessMemory
CreateFileA
ReadFile
SetFilePointer
MoveFileA
OutputDebugStringA
CopyFileA
CreateDirectoryA
RemoveDirectoryA
TerminateProcess
SetSystemPowerState
SetFileTime
FindResourceA
GetFileAttributesA
LoadResource
FindFirstFileA
LockResource
FindClose
SizeofResource
MultiByteToWideChar
EnumResourceNamesA
DeleteFileA
FindNextFileA
lstrcmpiA
GetLocalTime
WideCharToMultiByte
CompareStringA
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
WriteFile
CreatePipe
GetStdHandle
InterlockedExchange
EnterCriticalSection
TerminateThread
LeaveCriticalSection
GetTempPathA
GetTempFileNameA
VirtualFree
UnmapViewOfFile
GetExitCodeProcess
GetDiskFreeSpaceA
GetVolumeInformationA
SetVolumeLabelA
DeviceIoControl
SetErrorMode
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionA
SetFileAttributesA
WritePrivateProfileSectionA
GetShortPathNameA
GetPrivateProfileSectionNamesA
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeA
GlobalAlloc
SetProcessWorkingSetSize
GlobalMemoryStatus
Beep
GetEnvironmentVariableA
GetFileSize
SetEnvironmentVariableA
GlobalFree
GlobalLock
GlobalUnlock
GetCurrentProcessId
GetComputerNameA
GetWindowsDirectoryA
GetSystemDirectoryA
CreateProcessA
SetPriorityClass
VirtualAlloc
GetCurrentThread
LoadLibraryExA
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleA
GetSystemInfo
GetVersionExA
GetCurrentThreadId
Sleep
WaitForSingleObject
CreateThread
DuplicateHandle
GetLastError
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
ExitProcess
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineA
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetCurrentProcess
GetModuleFileNameA
GetFullPathNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
FreeLibrary
InitializeCriticalSection
GetProcAddress
LoadLibraryA
HeapCreate
RtlUnwind
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
FlushFileBuffers
SetStdHandle
LCMapStringA
LCMapStringW
GetTimeZoneInformation
HeapSize
HeapReAlloc
HeapDestroy
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
FormatMessageA
CompareStringW

user32

GetSubMenu
GetCaretPos
IsZoomed
SetWindowLongA
FlashWindow
GetMenuStringA
DestroyMenu
SetMenu
DestroyAcceleratorTable
CreateAcceleratorTableA
GetWindowTextLengthA
SetCursor
GetWindowDC
TranslateAcceleratorA
GetSystemMetrics
IsDialogMessageA
CreateMenu
IsDlgButtonChecked
GetSysColor
GetActiveWindow
InflateRect
CharNextA
DrawFocusRect
wsprintfA
DrawTextA
RedrawWindow
FrameRect
DrawFrameControl
FillRect
DrawMenuBar
PtInRect
ReleaseCapture
SetCapture
DefDlgProcA
RegisterHotKey
ReleaseDC
GetCursor
GetDC
WindowFromPoint
SetClipboardData
EmptyClipboard
CountClipboardFormats
CharLowerBuffA
GetMessageA
LockWindowUpdate
DispatchMessageA
TranslateMessage
IsCharUpperA
UnregisterHotKey
LoadImageA
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExA
EnumThreadWindows
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoA
GetMenuItemInfoA
SetMenuDefaultItem
InsertMenuItemA
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
SystemParametersInfoA
SetForegroundWindow
IsIconic
FindWindowA
GetKeyboardState
GetKeyState
keybd_event
VkKeyScanA
GetKeyboardLayoutNameA
GetAsyncKeyState
SetKeyboardState
CharUpperA
LoadStringA
MessageBeep
EndDialog
SendDlgItemMessageA
GetDlgItem
SetWindowTextA
GetMenu
GetClientRect
CopyRect
EndPaint
BeginPaint
DestroyWindow
GetDesktopWindow
IsWindow
EnumWindows
IsWindowEnabled
IsWindowVisible
IsCharLowerA
IsCharAlphaNumericA
IsCharAlphaA
SetWindowPos
CopyImage
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
AdjustWindowRectEx
SetRect
PeekMessageA
ClientToScreen
EnableWindow
InvalidateRect
GetWindowLongA
GetWindowTextA
ScreenToClient
EnumChildWindows
CharUpperBuffA
GetWindowThreadProcessId
AttachThreadInput
SendMessageTimeoutA
GetFocus
GetClassNameA
GetParent
GetDlgCtrlID
SendMessageA
MapVirtualKeyA
PostMessageA
GetWindowRect
DefWindowProcA
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
MessageBoxA
RegisterWindowMessageA
DestroyIcon
SetTimer
ShowWindow
CreateWindowExA
RegisterClassExA
LoadIconA
LoadCursorA
GetSysColorBrush
GetForegroundWindow
DialogBoxParamA

gdi32

Ellipse
MoveToEx
AngleArc
LineTo
CloseFigure
SetPixel
EndPath
CreateSolidBrush
StrokePath
PolyDraw
DeleteObject
GetTextExtentPoint32A
CreateDCA
BeginPath
Rectangle
SetViewportOrgEx
PolyBezierTo
ExtCreatePen
StrokeAndFillPath
RoundRect
SetBkColor
SetTextColor
GetObjectA
SetBkMode
CreateCompatibleBitmap
GetPixel
DeleteDC
GetDIBits
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
CreateFontA
GetDeviceCaps
GetTextFaceA
GetStockObject
CreatePen

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

LookupPrivilegeValueA
RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegConnectRegistryA
RegEnumKeyExA
AdjustTokenPrivileges
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

DragQueryPoint
ShellExecuteExA
DragQueryFileA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetMalloc
SHFileOperationA
ExtractIconExA
Shell_NotifyIconA
ShellExecuteA
DragFinish

ole32

OleSetContainedObject
OleSetMenuDescriptor
MkParseDisplayName
CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
IIDFromString
StringFromIID
CLSIDFromString
OleInitialize
CreateBindCtx
CLSIDFromProgID
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket
StringFromCLSID
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VariantTimeToSystemTime
VarR8FromDec
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SafeArrayDestroyData
SafeArrayDestroyDescriptor
LoadRegTypeLi
GetActiveObject
SysAllocString
VariantCopy
VariantInit
SafeArrayAllocData
OleLoadPicture
SafeArrayAllocDescriptorEx

Sections

.text
Size: 403KB - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aaea3b6ea941192ba763f0c2b48d6ff8

Code Sign

78:b5:3f:7c:b7:9f:9f:6a:b3:7a:5c:9c:bc:7e:c0:a5Certificate

Extended Key Usages

8b:97:96:1a:82:6a:ee:7c:b2:99:06:8d:77:0f:71:d1:ef:46:c7:edSigner

Signature Validations

Verification

06/10/2022, 18:36 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

version

winmm

comctl32

mpr

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 403KB - Virtual size: 403KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 10KB - Virtual size: 57KB

.rsrc Size: 96KB - Virtual size: 96KB

78:b5:3f:7c:b7:9f:9f:6a:b3:7a:5c:9c:bc:7e:c0:a5
Certificate

8b:97:96:1a:82:6a:ee:7c:b2:99:06:8d:77:0f:71:d1:ef:46:c7:ed
Signer

06/10/2022, 18:36
Valid: false

.text
Size: 403KB - Virtual size: 403KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 10KB - Virtual size: 57KB

.rsrc
Size: 96KB - Virtual size: 96KB