0291ed36a8478ea43085e2e214d0d9a24e3bd3e81a109d2bc5d03fa35136905a | Triage

Sharing

General

Target

0291ed36a8478ea43085e2e214d0d9a24e3bd3e81a109d2bc5d03fa35136905a
Size

1.1MB
MD5

3ee75b48bb719c95e62b7abb587081d9
SHA1

a09203a594e440ebb3e7bc204c6e948da33b4725
SHA256

0291ed36a8478ea43085e2e214d0d9a24e3bd3e81a109d2bc5d03fa35136905a
SHA512

70d27b6c285b36ce19202bd6d4c2f27318e292dd602c0379ad2b4a30766cdca28fd763c93fb8e7ed7437f8c76eaf1df0d112e57f62696627dace896e109208a8
SSDEEP

24576:iu6J33O0c+JY5UZ+XC0kGsoTGcjr1I1lOq6sb8hTH7NWYF:Eu0c++OCvkGsEGcjr1i6skHUYF

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0291ed36a8478ea43085e2e214d0d9a24e3bd3e81a109d2bc5d03fa35136905a

Files

0291ed36a8478ea43085e2e214d0d9a24e3bd3e81a109d2bc5d03fa35136905a
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 567KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 354KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ