d2fc64ebe970cc5e451c7978191ee7a2c2ae8bb863bf7aecaf5ab7b2000b436a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d2fc64ebe970cc5e451c7978191ee7a2c2ae8bb863bf7aecaf5ab7b2000b436a
Size

1.5MB
MD5

ef3de78a3966cb94ff37a44ac3fdd130
SHA1

75a8365307958841d67e7006b3c3e7738f86c0d2
SHA256

d2fc64ebe970cc5e451c7978191ee7a2c2ae8bb863bf7aecaf5ab7b2000b436a
SHA512

4ef30a3f709340ec48bee38f2313e48ce9ed7849fcbe6340cf060012ea11e0f116d107f5d610aa043880aa5b8630794c6df8b8ffe3099ce988e70ebfd4781faa
SSDEEP

24576:eJeJfAqkjp98zHpieTX8Bj/DeGOxmKoc7LbvyFyK9YZmmy4AE8ZHH:UeJfAJGpLr+LeGOxmzc7MWM4Av

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2fc64ebe970cc5e451c7978191ee7a2c2ae8bb863bf7aecaf5ab7b2000b436a

Files

d2fc64ebe970cc5e451c7978191ee7a2c2ae8bb863bf7aecaf5ab7b2000b436a
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

iridt
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1004KB - Virtual size: 1008KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE