ca43d08752c9743afa753eff95c936c20e4c8360aaba3bae85e767a88239ac08

Sharing

Copy URL Twitter E-mail

General

Target

ca43d08752c9743afa753eff95c936c20e4c8360aaba3bae85e767a88239ac08
Size

487KB
MD5

9a747414bbe6f3a24e4e3c4b21920b68
SHA1

30d9454800390587d275e89e8aa1ad401d71c47d
SHA256

ca43d08752c9743afa753eff95c936c20e4c8360aaba3bae85e767a88239ac08
SHA512

48dcd2c5ba9c1c2b207b0faa34a4a61e22da06b6180d4adae1aa3eb8c011597b92fe85b0c20e57fb3bbb358d3cff9c9e94011d43c5171573114f7fc7c6c888e1
SSDEEP

6144:hLbG4OGnF//45EikTRsKDErEO2vws26xqINpnKEMTiFoSP/8ZxW:hbLF//4oR2EO2om7NVKviFoy8Zx

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Files

ca43d08752c9743afa753eff95c936c20e4c8360aaba3bae85e767a88239ac08
.exe windows x86

a1657ed2b06e9bc2620f042e3157e0e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

__WSAFDIsSet
recv
send
socket
connect
closesocket
bind
select
accept
htons
sendto
recvfrom
ntohs
WSAGetLastError
ioctlsocket
WSACleanup
inet_addr
gethostbyname
WSAStartup
gethostname
listen

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winmm

waveOutSetVolume
timeGetTime
mciSendStringA

comctl32

ImageList_EndDrag
ImageList_DragLeave
ImageList_DragMove
ImageList_DragEnter
ImageList_BeginDrag
ImageList_SetDragCursorImage
ImageList_Remove
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx

mpr

WNetUseConnectionA
WNetGetConnectionA
WNetAddConnection2A
WNetCancelConnection2A

kernel32

SetSystemPowerState
SetFileTime
GetFileAttributesA
FindResourceA
FindFirstFileA
LoadResource
FindClose
LockResource
SizeofResource
MultiByteToWideChar
EnumResourceNamesA
DeleteFileA
FindNextFileA
lstrcmpiA
MoveFileA
OutputDebugStringA
CopyFileA
GetLastError
CreateDirectoryA
RemoveDirectoryA
TerminateProcess
WaitForSingleObject
GetLocalTime
WideCharToMultiByte
CompareStringA
InterlockedIncrement
InterlockedDecrement
GetTempPathA
GetTempFileNameA
FormatMessageA
GetExitCodeProcess
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeA
SetErrorMode
GetDiskFreeSpaceA
GetVolumeInformationA
SetVolumeLabelA
DeviceIoControl
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
SetFileAttributesA
GetPrivateProfileSectionNamesA
SetFilePointer
FileTimeToLocalFileTime
FileTimeToSystemTime
SetProcessWorkingSetSize
GlobalMemoryStatus
Beep
GetFileSize
GetEnvironmentVariableA
SetEnvironmentVariableA
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetComputerNameA
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentProcessId
CreateProcessA
SetPriorityClass
GetProcessIoCounters
CreatePipe
DuplicateHandle
GetStdHandle
WriteFile
GetFileType
PeekNamedPipe
SetLastError
LoadLibraryExA
GlobalFindAtomA
HeapFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetProcessHeap
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
DeleteCriticalSection
InitializeCriticalSection
HeapSize
ReadFile
CreateFileA
CreateFileMappingA
OpenProcess
UnmapViewOfFile
CloseHandle
ReadProcessMemory
WriteProcessMemory
MapViewOfFile
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleA
GetSystemInfo
GetCurrentProcess
GetVersionExA
GetCurrentThreadId
Sleep
GetProcAddress
LoadLibraryA
HeapDestroy
HeapCreate
VirtualFree
FreeLibrary
GetModuleFileNameA
GetFullPathNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
HeapAlloc
ExitThread
CreateThread
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
RtlUnwind
GetConsoleCP
GetConsoleMode
SetHandleCount
ResumeThread
SetStdHandle
FlushFileBuffers
LCMapStringA
LCMapStringW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetShortPathNameA
CompareStringW

user32

GetWindowTextLengthA
GetSystemMetrics
IsDialogMessageA
SetClassLongA
GetSysColor
GetActiveWindow
InflateRect
CharNextA
wsprintfA
DrawFocusRect
RedrawWindow
DrawTextA
FrameRect
DrawFrameControl
FillRect
DrawMenuBar
PtInRect
DestroyMenu
CreateMenu
GetClassWord
GetNextDlgTabItem
GetWindow
IsChild
ReleaseCapture
SetCapture
SubtractRect
OffsetRect
DispatchMessageA
TranslateMessage
PeekMessageA
SetActiveWindow
FindWindowExA
EnumThreadWindows
LoadImageA
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
DeleteMenu
CreateIcon
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoA
GetMenuItemInfoA
GetWindowDC
InsertMenuItemA
IsMenu
TrackPopupMenuEx
GetCursorPos
SetForegroundWindow
IsIconic
FindWindowA
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
SetClipboardData
WindowFromPoint
VkKeyScanA
GetKeyboardLayoutNameA
CharUpperA
LoadStringA
DialogBoxParamA
MessageBeep
EndDialog
SendDlgItemMessageA
GetDlgItem
SetWindowTextA
EndPaint
BeginPaint
DestroyWindow
GetMenu
GetClientRect
CopyRect
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
ScreenToClient
InvalidateRect
GetWindowLongA
GetWindowThreadProcessId
AttachThreadInput
SendMessageTimeoutA
GetFocus
GetWindowTextA
EnumChildWindows
CharUpperBuffA
SetCursor
SetMenu
IsZoomed
GetCaretPos
GetSubMenu
GetMenuStringA
FlashWindow
SetWindowLongA
IsCharLowerA
IsCharAlphaNumericA
IsCharAlphaA
SetMenuDefaultItem
IsCharUpperA
GetClassNameA
GetParent
GetDlgCtrlID
SendMessageA
MapVirtualKeyA
PostMessageA
GetWindowRect
CreateWindowExA
RegisterClassExA
LoadIconA
LoadCursorA
GetSysColorBrush
GetForegroundWindow
DefWindowProcA
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
MessageBoxA
RegisterWindowMessageA
SetTimer
EmptyClipboard
CountClipboardFormats
SetWindowPos
CloseClipboard
CopyImage
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
AdjustWindowRectEx
SetRect
ClientToScreen
RegisterHotKey
ReleaseDC
GetCursor
GetKeyState
GetDC
DestroyIcon
ShowWindow
CharLowerBuffA
UnregisterHotKey
GetMessageA
keybd_event
LockWindowUpdate
SystemParametersInfoA

gdi32

MoveToEx
Ellipse
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
SetTextColor
AngleArc
LineTo
CloseFigure
SetPixel
EndPath
StrokePath
StrokeAndFillPath
ExtCreatePen
PolyBezierTo
GetObjectA
SetBkMode
CreateFontA
GetDeviceCaps
GetTextFaceA
GetStockObject
CreateDCA
CreateCompatibleBitmap
GetPixel
DeleteDC
GetDIBits
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
GetTextExtentPoint32A
DeleteObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegConnectRegistryA
RegEnumKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

DragQueryPoint
ShellExecuteExA
DragQueryFileA
SHBrowseForFolderA
SHFileOperationA
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetMalloc
ExtractIconExA
Shell_NotifyIconA
ShellExecuteA
DragFinish

ole32

OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
IIDFromString
StringFromIID
CLSIDFromString
OleInitialize
CreateBindCtx
CLSIDFromProgID
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket
StringFromCLSID
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree

oleaut32

LoadRegTypeLi
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SysAllocString
OleLoadPicture
SafeArrayUnaccessData
SafeArrayAccessData
VarR4FromDec
VariantTimeToSystemTime
VariantClear
VariantCopy
VariantInit
GetActiveObject

Sections

.text
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1657ed2b06e9bc2620f042e3157e0e7

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

version

winmm

comctl32

mpr

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 397KB - Virtual size: 397KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 10KB - Virtual size: 65KB

.rsrc Size: 33KB - Virtual size: 36KB

.text
Size: 397KB - Virtual size: 397KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 10KB - Virtual size: 65KB

.rsrc
Size: 33KB - Virtual size: 36KB