a

First submission 2024-02-04 17:28:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 872.66 KB (893608 bytes)
Compile time: 2018-03-15 14:14:39
MD5: c56b5f0201a3b3de53e561fe76912bfd
SHA1: 2a4062e10a5de813f5688221dbeb3f3ff33eb417
SHA256: 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
Import Hash : 23c7b0116c8fb2e9410539ab80cfebbe
Sections 5 .text .rdata .data .rsrc .reloc
Directories 5 import resource debug relocation security
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://91.92.246.98/a VirusTotal Report 91.92.246.98 VirusTotal Report 2024-02-04 17:28:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x8e7b1 583680 8e9612760cf3d292149679485dc68b3033c590e4 37545704cd94410041e41f7b2d95d901
.rdata 0x90000 0x2fd8e 196096 9b6b4b1c8fcbd6e805199bf9b1e5504252027988 3017eb0c8a06753c1daafc504270d99d
.data 0xc0000 0x8f74 20992 93eb2b38c5ea6dd77d56e0b1ecde1235e8d2298d dcfc007fd1d97a1a6dc1794856b6d56b
.rsrc 0xc9000 0xd750 55296 66d4a7d113847c3c51599cff9da5e24c354e2a10 2f11c470f2b2e8ac0bb71e4649573b37
.reloc 0xd7000 0x71ac 29184 3bc7ebf595f4e5975a2fe92d8b2124fa20e66e73 2e5c2ba66d7b9d101e50bc3e18d0b2a5

PE Resources 7

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_UK 0xd5f38 296
RT_MENU LANG_ENGLISH SUBLANG_ENGLISH_UK 0xd6178 80
RT_DIALOG LANG_ENGLISH SUBLANG_ENGLISH_UK 0xd6078 252
RT_STRING LANG_ENGLISH SUBLANG_ENGLISH_UK 0xd61c8 344
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_UK 0xd5de0 20
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_UK 0xc9600 876
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0xd6320 1068

Meta infos 10

LegalCopyright: \xa91999-2018 Jonathan Bennett & AutoIt Team
InternalName: AutoIt3.exe
FileVersion: 3, 3, 14, 5
CompanyName: AutoIt Team
OriginalFilename: AutoIt3.exe
ProductVersion: 3, 3, 14, 5
FileDescription: AutoIt v3 Script
Translation: 0x0809 0x04b0
Comments: http://www.autoitscript.com/autoit3/
ProductName: AutoIt v3 Script

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 12

FindWindowExW
FindWindowW
GetLastError
GetWindowThreadProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
OutputDebugStringW
Process32FirstW
Process32NextW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

File signature

MD5 SHA1 Block size Virtual Address
6e63f2975f9d7c2dd3d15ebccff6323a d177d192f96df8e26997636dd35a5f818dd885e3 7336 886272

Strings analysis - File found

Library
USER32.dll
KERNEL32.dll
mscoree.dll
combase.dll
ADVAPI32.dll
SHELL32.dll
WININET.dll
OLEAUT32.dll
PSAPI.DLL
VERSION.dll
USERENV.dll
UxTheme.dll
GDI32.dll
COMCTL32.dll
COMDLG32.dll
ole32.dll
MPR.dll
IPHLPAPI.DLL
WINMM.dll
WSOCK32.dll

Strings analysis - Possible IPs found 1

255.255.255.255

Strings analysis - Possible URLs found 13

http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0<
http://crl.globalsign.com/root-r3.crl0c
https://www.autoitscript.com/autoit3/
http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
http://ocsp2.globalsign.com/rootr306
https://www.globalsign.com/repository/0
https://www.globalsign.com/repository/06
http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
http://ocsp2.globalsign.com/gscodesignsha2g30V
http://www.autoitscript.com/autoit3/
http://ocsp2.globalsign.com/gstimestampingsha2g20
http://crl.globalsign.net/root-r3.crl0
http://crl.globalsign.com/gscodesignsha2g3.crl0

Import functions