3a6e2de5b3de6e67229b11f6d74a4f9af70ccec85c2573a905df5a1f84a35446 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a6e2de5b3de6e67229b11f6d74a4f9af70ccec85c2573a905df5a1f84a35446
Size

1.9MB
MD5

af724219e50ea816c9d03e89a05e31c0
SHA1

4ea66dbf0bdc79119d7674dfecaf135a4a6780a4
SHA256

0edb8931623d2f3d41415128c05d2431279e3eb979bcd2a96064e2b989bb7cb9
SHA512

42cb1e55a2f04ec1e941a110318fc44fd737d020aac8bd57f15747e2d3653945cda772f4376341feacfe58ddd3be5761e67bc210752ab8fe4b086cb721ba247c
SSDEEP

24576:Etb20pkaCqT5TBWgNjVYz0VTPIMeYyBMLlQjzCEzKJ9TtLzxwn1jAh0zQJ9TtDRb:tVg5tjVYzUKjY5u1jAF5V5l

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a6e2de5b3de6e67229b11f6d74a4f9af70ccec85c2573a905df5a1f84a35446

Files

3a6e2de5b3de6e67229b11f6d74a4f9af70ccec85c2573a905df5a1f84a35446
.exe windows:5 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 557KB - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ