3f80e6dea24390f98ec43836dbf0d3e204957f5fbf7911ac94aa5cb918155b5c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f80e6dea24390f98ec43836dbf0d3e204957f5fbf7911ac94aa5cb918155b5c
Size

883KB
MD5

c9cee0e178591c6a1acdf35a51acc84b
SHA1

97f9d4228aef2b06b5206ea559638adb7d3cfe22
SHA256

3f80e6dea24390f98ec43836dbf0d3e204957f5fbf7911ac94aa5cb918155b5c
SHA512

534c5b4029c488f1ef4c3b0f8c94f9959d54ae699c92ac80aaf699e9c10880aaafb45adde13db5904f6c48ecae9e64340b2d1493cb087837012aec0a5cf7df29
SSDEEP

12288:GAHn2JK+HemNsqI3etnBHYPpAkApyRV3jRfP4S5LH28U3mcQuKXgoggdrtcjWp:GAHnh+eWsN3skA4RV1Hom2KXcGtcS

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f80e6dea24390f98ec43836dbf0d3e204957f5fbf7911ac94aa5cb918155b5c

Files

3f80e6dea24390f98ec43836dbf0d3e204957f5fbf7911ac94aa5cb918155b5c
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ