Autologon64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Autologon64.exe
Size

430KB
MD5

ffca2fbcc7e4637f2acc0a8a3b0dbaaa
SHA1

3697f037e527a31c013a2ff3ee2f6c373e67a2a7
SHA256

5d96bbc4e5b726d87c7cf547f5fe98f8f05434ec2130bd60cbf5671fd3a7381b
SHA512

3d9bb3641bdb7d89d30a7d552c8eca7355ab64e56d6d1657dbfe4f4f66c93ced1aa75ffb1fc0326f5e06310bad6e51c94d57e7ef74e9db215ac2c72da1a20faf
SSDEEP

12288:WD+k3HVJ5xDfp4D7/SAOZi+5v4+rcKfth:UJVJTt4D7/SAOZi+5v48cKf3

Score

1^/10

Malware Config

Signatures

Files

Autologon64.exe
.exe windows:5 windows x64

ecfe7428cd2a05b3f34f531b0ad9ccb7

Code Sign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:b7:35:20:96:a9:f9:e4:83:1b:b3:f0:20:31:b7:ec:a4:61:b9:32:fe:d2:9a:c5:e7:c0:cb:40:17:7e:b0:7e
Signer

Actual PE Digest

19:b7:35:20:96:a9:f9:e4:83:1b:b3:f0:20:31:b7:ec:a4:61:b9:32:fe:d2:9a:c5:e7:c0:cb:40:17:7e:b0:7e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
CreateThread
HeapSize
GetOEMCP
OutputDebugStringA
CloseHandle
CreateFileW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
WriteConsoleW
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
SetConsoleCtrlHandler
FlushFileBuffers
IsValidCodePage
GetConsoleCP
OutputDebugStringW
HeapReAlloc
SetFilePointerEx
VerifyVersionInfoW
GetCurrentProcess
VerSetConditionMask
GetCommandLineW
GetModuleHandleW
GetStdHandle
GetFileType
LocalFree
LocalAlloc
GetProcAddress
GetVersionExW
LoadLibraryExW
WaitForSingleObjectEx
SetLastError
GetLocaleInfoW
LCMapStringW
CompareStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetConsoleMode
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
WriteFile
GetModuleFileNameW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetCurrentThread
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
RtlUnwind

user32

LoadIconW
OffsetRect
GetSysColor
ChildWindowFromPoint
MessageBoxW
GetWindowRect
InvalidateRect
GetSystemMetrics
GetDlgItemTextW
SetDlgItemTextW
DialogBoxParamW
CreateDialogParamW
MoveWindow
IsDialogMessageW
RegisterClassExW
PostQuitMessage
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
SendMessageW
ShowWindow

gdi32

GetObjectW
SetTextColor
SetBkMode
SelectObject
GetStockObject
CreateFontIndirectW
EndPage
StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps

comdlg32

PrintDlgW

advapi32

LsaStorePrivateData
LsaOpenPolicy
LsaClose
RegDeleteValueW
RegDeleteKeyW
LogonUserW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey

shell32

ShellExecuteW
CommandLineToArgvW

Sections

.text
Size: 297KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ecfe7428cd2a05b3f34f531b0ad9ccb7

Code Sign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

19:b7:35:20:96:a9:f9:e4:83:1b:b3:f0:20:31:b7:ec:a4:61:b9:32:fe:d2:9a:c5:e7:c0:cb:40:17:7e:b0:7eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 297KB - Virtual size: 297KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 3KB - Virtual size: 9KB

.pdata Size: 18KB - Virtual size: 17KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

19:b7:35:20:96:a9:f9:e4:83:1b:b3:f0:20:31:b7:ec:a4:61:b9:32:fe:d2:9a:c5:e7:c0:cb:40:17:7e:b0:7e
Signer

.text
Size: 297KB - Virtual size: 297KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 3KB - Virtual size: 9KB

.pdata
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB