Malicious
Malicious

3fa9ff04979f656ba3975f6ec98efcba

Share on LinkedIn
Print
AutoIt Compiled Script
MD5: 3fa9ff04979f656ba3975f6ec98efcba
Size: 1.47 MB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
MD5 3fa9ff04979f656ba3975f6ec98efcba
Sha1 5203a18ead55b15a7cfba434fcdbbd7281de8fe1
Sha256 d9824b3a6894de0606a03a23417f1c7e780ee0b5655f724dbfa455601e13eb8e
Sha384 3b6a22bbbe582b5d7bbd9333369684fca06708976661bf48fb999d587113d7f4c639000d60877ff7c634444aad1a7516
Sha512 37a61dcce6675a97f4f0f3b0951e545d38386455679340805158b295a90cf4619c637e4a8935095453f987a31cb71e7661983c0c884000ce0c24f95ce80a8b6a
SSDeep 24576:2vj0f+jhnPvPy/8tdGag0q3DAu/33bwRu+Yb6mQR5+b4qcNcjXT/:sgWjhX+8tdS0qZ8Eh6mQR56eaXT
TLSH C165232246E48517E6A40FF408FA42A30531BCE2577A91FF33C69D4C1567BE1663A3FA
PeID
Microsoft Visual C++ 8
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.data
.idata
.rsrc
.reloc
Resources
AVI
ID:0BB9
ID:1033
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:1033-preview.png
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
RT_DIALOG
ID:07D1
ID:1033
ID:07D2
ID:1033
ID:07D3
ID:1033
ID:07D4
ID:1033
ID:07D5
ID:1033
ID:07D6
ID:1033
RT_STRING
ID:003F
ID:1033
ID:004C
ID:1033
ID:004D
ID:1033
ID:0050
ID:1033
ID:0053
ID:1033
ID:0055
ID:1033
RT_RCDATA
ID:0000
RT_GROUP_CURSOR4
ID:0BB8
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
aut59AC.tmp.tok
Malicious
[Cleaned].au3
Malicious
[Authenticode]_39db20af.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:2057
ID:0002
ID:2057
ID:0003
ID:2057
ID:0004
ID:2057
ID:0005
ID:2057
ID:0006
ID:2057
ID:0007
ID:2057
ID:2057-preview.png
ID:0008
ID:2057
ID:0009
ID:2057
ID:000A
ID:2057
ID:000B
ID:2057
ID:000C
ID:2057
ID:000D
ID:2057
RT_MENU
ID:00A6
ID:2057
RT_DIALOG
ID:03E8
ID:2057
RT_STRING
ID:0007
ID:2057
ID:0008
ID:2057
ID:0009
ID:2057
ID:000A
ID:2057
ID:000B
ID:2057
ID:000C
ID:2057
ID:0139
ID:2057
RT_GROUP_CURSOR4
ID:0063
ID:2057
ID:00A2
ID:2057
ID:00A4
ID:2057
ID:00A9
ID:2057
RT_VERSION
ID:0001
ID:2057
RT_MANIFEST
ID:0001
ID:1033
STICH beta Structural Threat Infection Chain Hash

A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.

Structural branches: 7 STICH kept: 1secondary ignored: 6
bin 4img 2

Decorative / non-determinant leaves (styles, themes, media, fonts, icons, plain text…) are summarized here instead of producing STICH Paths.

STICH Path = the fingerprint (canonical chain with techniques) STICH Shape = structure only Only determinant branches produce STICH Paths.
1 / 1
Path pe:exe>pe:autoit>pe:autoit
Shape pe:exe>pe:autoit>pe:autoit
malicious 3 nodes
Name Value
Info
PE Detect: PeReader OK (file layout)
Info
PDB Path: wextract.pdb
PE Layout UNKNWOWNsuspect
Memoryhuhuhuhuhuhuhuhuhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
An error has occurred. This application may no longer respond until reloaded. Reload 🗙