Static task
static1
General
-
Target
Fps booster.exe
-
Size
22.0MB
-
MD5
b5d319b520b57154f33bde6758b91257
-
SHA1
3acbaf5d3fabf8c6533fae4c113bf6916010ab90
-
SHA256
9edda0af617c73f312f4bb06551cf98c2ae79209205106b01924bbddfa209037
-
SHA512
ffe8d4152a6096c3e5a7959b86bbff80b58ea45ee029ccd32ab4e7c10406a6ef9f66090be329f7e51f7b8134f7f70258798b5682ca0e38080d20d76ef02c2ac6
-
SSDEEP
393216:YY2p7n9zXDFGugFqYFyOmQXwwyDk6svY+GylZvFhq4eDVTY2p7n9zXDb:Kpj9zh7gFeOs9DkDY+GylZthbYTpj9zv
Malware Config
Signatures
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule sample autoit_exe -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Fps booster.exe
Files
-
Fps booster.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 3.8MB - Virtual size: 3.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 854KB - Virtual size: 853KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 145KB - Virtual size: 474KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.enigma1 Size: 15.6MB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.enigma2 Size: 284KB - Virtual size: 284KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE