8c3965d361ea415c308d1bd1caa151fb4ead7b0922de711bbc791e60b74cfbae

Sharing

Copy URL Twitter E-mail

General

Target

8c3965d361ea415c308d1bd1caa151fb4ead7b0922de711bbc791e60b74cfbae
Size

1.4MB
MD5

ebbc9f539d8ac02bf6e9112084368daa
SHA1

0380aaa155aff18cdbe50f879b9dde9b06d6618a
SHA256

8c3965d361ea415c308d1bd1caa151fb4ead7b0922de711bbc791e60b74cfbae
SHA512

6a40cd7b9e916e6eae3bfb229b09fa22748a0b12c97298b7e88c0774612f7330a613488f83bb0a01faab942e4a9be11ef5d0a5bd7d7a050ffe1d946ef6632d9a
SSDEEP

24576:jRmJkcoQricOIQxiZY1WNPw0h2nT3BXTYY7B:QJZoQrbTFZY1WNP

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Files

8c3965d361ea415c308d1bd1caa151fb4ead7b0922de711bbc791e60b74cfbae
.exe windows x86

Code Sign

10
Certificate

Issuer

SERIALNUMBER=16,CN=eSignature Basic,OU=eSignature Basic,O=Telekom Austria AG,C=AT

Not Before

05/05/2006, 10:13

Not After

05/05/2026, 10:13

Subject

SERIALNUMBER=16,CN=eSignature Basic,OU=eSignature Basic,O=Telekom Austria AG,C=AT

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9c:c6
Certificate

Issuer

SERIALNUMBER=16,CN=eSignature Basic,OU=eSignature Basic,O=Telekom Austria AG,C=AT

Not Before

22/02/2010, 09:24

Not After

22/02/2015, 15:24

Subject

SERIALNUMBER=40134,CN=Christine Foitik,C=AT,1.2.840.113549.1.9.1=#0c0f6e6f74617240666f6974696b2e6174

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageDataEncipherment
KeyUsageKeyAgreement

03:95:1b:c5:48:e2:94:5c:6f:d0:c5:fd:77:35:77:f4:00:3b:23:11
Signer

Actual PE Digest

03:95:1b:c5:48:e2:94:5c:6f:d0:c5:fd:77:35:77:f4:00:3b:23:11

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=40134,CN=Christine Foitik,C=AT,1.2.840.113549.1.9.1=#0c0f6e6f74617240666f6974696b2e6174

17/11/2022, 13:17
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 373KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

10Certificate

Key Usages

9c:c6Certificate

Key Usages

03:95:1b:c5:48:e2:94:5c:6f:d0:c5:fd:77:35:77:f4:00:3b:23:11Signer

Signature Validations

Verification

17/11/2022, 13:17 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 514KB - Virtual size: 513KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 26KB - Virtual size: 105KB

.rsrc Size: 373KB - Virtual size: 373KB

10
Certificate

9c:c6
Certificate

03:95:1b:c5:48:e2:94:5c:6f:d0:c5:fd:77:35:77:f4:00:3b:23:11
Signer

17/11/2022, 13:17
Valid: false

.text
Size: 514KB - Virtual size: 513KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 373KB - Virtual size: 373KB