54654a05d3fbd9c96d3657531ad8a6a5[.]bin | Triage

Sharing

General

Target

54654a05d3fbd9c96d3657531ad8a6a5.bin
Size

390KB
MD5

ac33f4d8a4ee1d5d53046eedc567d594
SHA1

28fcf03e3b0aa150ed7f79a887bce26218cc8764
SHA256

2396708d1cdc66ad33c45e13b24adb08c7787b1ee79fde718c814a4c6cacfc24
SHA512

23357e41f762599a51b4de3f2e8ff4907c9174c35615624299cdf69c76d99d24d833b7180f7ac639fcf599a11c652b117e70d3cb4efc148b684a860bfb0d4305
SSDEEP

12288:2soNTT4OZmKnG70jKEtoXBzZGdSnWd2kg4dyO:FKn+05oXBVGd0VkN

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack001/1c8bb402bc28b60698966923293d97e3cbfb8855c09bbe22ccd9f12419c1e9f3.exe	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1c8bb402bc28b60698966923293d97e3cbfb8855c09bbe22ccd9f12419c1e9f3.exe

Files

54654a05d3fbd9c96d3657531ad8a6a5.bin
.zip

Password: infected
1c8bb402bc28b60698966923293d97e3cbfb8855c09bbe22ccd9f12419c1e9f3.exe
.exe windows:5 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 620KB - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ