bf25d8c92dcc9501d82e33611f41c318 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf25d8c92dcc9501d82e33611f41c318
Size

2.2MB
MD5

bf25d8c92dcc9501d82e33611f41c318
SHA1

24075776f63cf1a70adea3e43e5bf9aa52e4f350
SHA256

3dc9e0d3862b256c29913ca00a0675c24abd4dd51ec23f603f7b0b887e0d61ae
SHA512

d46f7adc84fe59ef5f6e2b142ca719b65b1c9b82fbddd1d7fe0c74088b6371cf4c47d91245b7bd09557c181973b15a7cf5a7ef58006357ce1a575e883f75663d
SSDEEP

49152:Dh+ZkldoPKsachSR/EzWWK5rUO75FE/dvWK5rUO75FE/8hgpv:s2cPKs+FEzWWK5I45FcWK5I45F

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf25d8c92dcc9501d82e33611f41c318

Files

bf25d8c92dcc9501d82e33611f41c318
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ