3637418034911c6dfe467192477f38b2083c8a7c4dc303d0b5ca77c4950f08f6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3637418034911c6dfe467192477f38b2083c8a7c4dc303d0b5ca77c4950f08f6
Size

1.8MB
MD5

97ce826f4944ddaac12f64cf34a4c5bd
SHA1

a04aa607b674313545a9eecddb93100d10d6f81c
SHA256

3637418034911c6dfe467192477f38b2083c8a7c4dc303d0b5ca77c4950f08f6
SHA512

ad729adaf1db29d4b3c325d7b8b15fa6a234acdebd4222f5582a2b33d8bbac233d82c549d38a45dcec68f1386c6b4580526ff1a275655d7a6778a5d934ccb414
SSDEEP

49152:HTvC/MTQYxsWPkzBN7bZCCyth1fYmuOa46sgK7VK9:zjTQYxsWPIJbZCCyf1QmuWcB

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3637418034911c6dfe467192477f38b2083c8a7c4dc303d0b5ca77c4950f08f6

Files

3637418034911c6dfe467192477f38b2083c8a7c4dc303d0b5ca77c4950f08f6
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 619KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 946KB - Virtual size: 946KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ