0a646117de0690ed3ff60dc53b065c0c11cdfdb5ce0b35cb1064ff819c0bacb3 | Triage

Sharing

General

Target

0a646117de0690ed3ff60dc53b065c0c11cdfdb5ce0b35cb1064ff819c0bacb3
Size

12.0MB
MD5

5324e3594e12568357d3c8d7d9e2c95c
SHA1

0a03617ad1a8d5fe911db368fc99992bf1c4743b
SHA256

0a646117de0690ed3ff60dc53b065c0c11cdfdb5ce0b35cb1064ff819c0bacb3
SHA512

902fc19d9b7a9efd28c51d34704b32b4cf3b0e9c755ac598ea45fae2540095bd757eaf0e8f4cabfe7ecad8022c11096c81b35dd242f9a6890735d9cb6eab42f7
SSDEEP

393216:FuKcjTldw/GuKcjTA+HbKHEpNjyD/fM7TOsgh:TUd/4HbWEpB2/fc6j

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a646117de0690ed3ff60dc53b065c0c11cdfdb5ce0b35cb1064ff819c0bacb3

Files

0a646117de0690ed3ff60dc53b065c0c11cdfdb5ce0b35cb1064ff819c0bacb3
.exe windows:5 windows x64 arch:x64

234ecae781a7845c972346b1edefdddc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shlwapi

StrStrA

user32

GetDC

gdi32

BitBlt

advapi32

FreeSid

shell32

SHChangeNotify

version

VerQueryValueW

setupapi

CM_Get_Parent

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_
dllMain_Name
main
main1
main5
mainB
mainB_
mainW
main_

Sections

.MPRESS1
Size: 11.9MB - Virtual size: 11.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE