Malicious
Malicious

852d9a34235fc2c168be654268ff28c3

Share on LinkedIn
Print
AutoIt Compiled Script
MD5: 852d9a34235fc2c168be654268ff28c3
Size: 2.21 MB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
MD5 852d9a34235fc2c168be654268ff28c3
Sha1 de89589ca983276dc41a74c7e8ba919c6a6ecf62
Sha256 7d09e2f4a9ee25024a1498f833448d095787e6faf8908ed9ed3fe536032c0de6
Sha384 80b7648b9ed93215d0d162ce52d98535d5632e6cdc4555591e07248d78d5480256054f7270bd03d4cd9682138a3616bf
Sha512 410e11e020b93c69d3c75451a60f35d95ea483714a211d937c8aeb74d7284fcbcb26d3780dc0a3d569b708cefa7b09a3db228e4c99589c50209bf3e6b2879be7
SSDeep 49152:AIyWYyaWqk37e+vHdDoupcwK0Kmb8w8tjEnQzPeq:AIWpAv+nwxid7e
TLSH F0A5330A96F88852D9D40B7104ED77161A32B9639B3443CB4A88CC5FBE2B8D5D6317BF
PeID
Microsoft Visual C++ 8
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.data
.idata
.rsrc
.reloc
Resources
AVI
ID:0BB9
ID:1033
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:1033-preview.png
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
RT_DIALOG
ID:07D1
ID:1033
ID:07D2
ID:1033
ID:07D3
ID:1033
ID:07D4
ID:1033
ID:07D5
ID:1033
ID:07D6
ID:1033
RT_STRING
ID:003F
ID:1033
ID:004C
ID:1033
ID:004D
ID:1033
ID:0050
ID:1033
ID:0053
ID:1033
ID:0055
ID:1033
RT_RCDATA
ID:0000
RT_GROUP_CURSOR4
ID:0BB8
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
autE898.tmp.tok
Malicious
[Cleaned].au3
Malicious
[Authenticode]_39db20af.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:2057
ID:0002
ID:2057
ID:0003
ID:2057
ID:0004
ID:2057
ID:0005
ID:2057
ID:0006
ID:2057
ID:0007
ID:2057
ID:2057-preview.png
ID:0008
ID:2057
ID:0009
ID:2057
ID:000A
ID:2057
ID:000B
ID:2057
ID:000C
ID:2057
ID:000D
ID:2057
RT_MENU
ID:00A6
ID:2057
RT_DIALOG
ID:03E8
ID:2057
RT_STRING
ID:0007
ID:2057
ID:0008
ID:2057
ID:0009
ID:2057
ID:000A
ID:2057
ID:000B
ID:2057
ID:000C
ID:2057
ID:0139
ID:2057
RT_GROUP_CURSOR4
ID:0063
ID:2057
ID:00A2
ID:2057
ID:00A4
ID:2057
ID:00A9
ID:2057
RT_VERSION
ID:0001
ID:2057
RT_MANIFEST
ID:0001
ID:1033
STICH beta Structural Threat Infection Chain Hash

A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.

Structural branches: 7 STICH kept: 1secondary ignored: 6
bin 4img 2

Decorative / non-determinant leaves (styles, themes, media, fonts, icons, plain text…) are summarized here instead of producing STICH Paths.

STICH Path = the fingerprint (canonical chain with techniques) STICH Shape = structure only Only determinant branches produce STICH Paths.
1 / 1
Path pe:exe>pe:autoit>pe:autoit
Shape pe:exe>pe:autoit>pe:autoit
malicious 3 nodes
Name Value
Info
PE Detect: PeReader OK (file layout)
Info
PDB Path: wextract.pdb
PE Layout UNKNWOWNsuspect
Memoryhuhuhuhuhuhuhuhuhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
An error has occurred. This application may no longer respond until reloaded. Reload 🗙