138a6d50aa78628e39224037de9657897aa22d0a558b66441a393e9affdac0d9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

138a6d50aa78628e39224037de9657897aa22d0a558b66441a393e9affdac0d9
Size

1.4MB
MD5

9c22f514b7f41209305778f2e7be17dd
SHA1

14c120b01cf994c6914abe4b8017cc961cb880ab
SHA256

138a6d50aa78628e39224037de9657897aa22d0a558b66441a393e9affdac0d9
SHA512

ff7bbc0ebbb761bf07871c53f13e70b4e4392e74cabfd5a92dc9ba5628444c87965b545733827e92845d2e0ff0c8689375db9e01e82b9379a6e688edb7bbbe4d
SSDEEP

24576:ORaZROMOm8FN7TjsPnzt2heeRhQbJmmOfcdkouRNG07VsxzQC5Sgfljst:EkxOm+7TjsPnztyDMYc+ouPG07yxzfSc

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
138a6d50aa78628e39224037de9657897aa22d0a558b66441a393e9affdac0d9

Files

138a6d50aa78628e39224037de9657897aa22d0a558b66441a393e9affdac0d9
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 673KB - Virtual size: 672KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 531KB - Virtual size: 530KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ