Resubmissions
04/10/2023, 02:00
231004-cfccyage9x 5Static task
static1
General
-
Target
3a6e2de5b3de6e67229b11f6d74a4f9af70ccec85c2573a905df5a1f84a35446
-
Size
1.9MB
-
MD5
a60735b5a5b696fbfa037eab3d9a0e4e
-
SHA1
88e4d477025130959a9855c8674e785948ba3a27
-
SHA256
519e960ecdae898da854f7fb9f16d3ad6e029d5a53dfadedf6148405f101eb64
-
SHA512
1c57cb901f4e2c0376ffcf59b26e6ce7699d5a85c7338dfb0c9f790917411b377db7ff9b40171ef28534bd59b34b3fc1646b4483df5e4199b20f4a451e0f2573
-
SSDEEP
24576:9tb20pkaCqT5TBWgNjVYz0VTPIMeYyBMLlQjzCEzKJ9TtLzxwn1jAh0zQJ9TtDRD:uVg5tjVYzUKjY5u1jAF5h
Malware Config
Signatures
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule sample autoit_exe -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3a6e2de5b3de6e67229b11f6d74a4f9af70ccec85c2573a905df5a1f84a35446
Files
-
3a6e2de5b3de6e67229b11f6d74a4f9af70ccec85c2573a905df5a1f84a35446.exe windows:5 windows x86 arch:x86
Password: infected
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 557KB - Virtual size: 557KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 179KB - Virtual size: 179KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 24KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ