20ebd4df28383550c4bdd72a6e06ed1e805bfe9c7fba5e809c24c8720996f333 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20ebd4df28383550c4bdd72a6e06ed1e805bfe9c7fba5e809c24c8720996f333
Size

896KB
MD5

a1cf2bd889d73673559387430c5c37b8
SHA1

2d35ee1f575326f4d7f06140d17b8ba20bd079c7
SHA256

20ebd4df28383550c4bdd72a6e06ed1e805bfe9c7fba5e809c24c8720996f333
SHA512

652272255ef451eebc9f23b70cb127094b68fb3d70f857cab53eb9a4b081a0af602d41fa80b61a954d4f15e597b6cd5a3fa99906d9e14fc284b69830b1bde852
SSDEEP

12288:hqDEvFo+yo4DdUBSFjclwGilv+GkJo1yBXTwju/mzv05pfe4JdaDgazus/:hqDEvC8QFgCFlvkayOY5prG8azb

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20ebd4df28383550c4bdd72a6e06ed1e805bfe9c7fba5e809c24c8720996f333

Files

20ebd4df28383550c4bdd72a6e06ed1e805bfe9c7fba5e809c24c8720996f333
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 619KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ