Malicious
Malicious

c11bc5c8ece87aa98f440777af1bc445

Share on LinkedIn
Print
AutoIt Compiled Script
MD5: c11bc5c8ece87aa98f440777af1bc445
Size: 1.43 MB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
MD5 c11bc5c8ece87aa98f440777af1bc445
Sha1 3c090ae7cecef0401963b4a509ca36139e7c5150
Sha256 7726151c760826a29ca87856f71f27cbcfbb3f3e709d0e4574387465e43dda01
Sha384 443d2e459bce3b0f0599a945bf31db8317dbe363b8d4d3945b4ce9d28f91564d326af7ba4e30f44036d790d159d23be9
Sha512 c5d6a8817d3b12bafa372ff0254bfce45d2b96483cade1fe4054c4d48b20b0062555a7c2adc18c76bc61e99a461d37025694eec4a08d0bce823ccb6bfb124ccd
SSDeep 24576:6Ey+yJmIEFj6bqrsGaocXvbX9XLd7+vuO7ilUOvPjNFd9k+FhUUBaXluaP76yGtc:6EyPmIEFj40fszV1ttV95e4a3P7lb
TLSH 9365232322C4809AFAF4EB75C8B364578871FD465BB5619F2290AD47ADB3AC3D135703
PeID
Microsoft Visual C++ 8.0 (DLL)
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.pdata
.idata
.rsrc
.reloc
Resources
AVI
ID:0BB9
ID:1033
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:1033-preview.png
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
RT_DIALOG
ID:07D1
ID:1033
ID:07D2
ID:1033
ID:07D3
ID:1033
ID:07D4
ID:1033
ID:07D5
ID:1033
ID:07D6
ID:1033
RT_STRING
ID:003F
ID:1033
ID:004C
ID:1033
ID:004D
ID:1033
ID:0050
ID:1033
ID:0053
ID:1033
ID:0055
ID:1033
RT_RCDATA
ID:0000
ID:1033
[Authenticode]_7350cba1.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
RT_GROUP_CURSOR4
ID:0BB8
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
aut9A12.tmp.tok
Malicious
[Cleaned].au3
Malicious
[Authenticode]_39db20af.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:2057
ID:0002
ID:2057
ID:0003
ID:2057
ID:0004
ID:2057
ID:0005
ID:2057
ID:0006
ID:2057
ID:0007
ID:2057
ID:2057-preview.png
ID:0008
ID:2057
ID:0009
ID:2057
ID:000A
ID:2057
ID:000B
ID:2057
ID:000C
ID:2057
ID:000D
ID:2057
RT_MENU
ID:00A6
ID:2057
RT_DIALOG
ID:03E8
ID:2057
RT_STRING
ID:0007
ID:2057
ID:0008
ID:2057
ID:0009
ID:2057
ID:000A
ID:2057
ID:000B
ID:2057
ID:000C
ID:2057
ID:0139
ID:2057
RT_GROUP_CURSOR4
ID:0063
ID:2057
ID:00A2
ID:2057
ID:00A4
ID:2057
ID:00A9
ID:2057
RT_VERSION
ID:0001
ID:2057
RT_MANIFEST
ID:0001
ID:1033
STICH beta Structural Threat Infection Chain Hash

A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.

Structural branches: 7 STICH kept: 1secondary ignored: 6
bin 4img 2

Decorative / non-determinant leaves (styles, themes, media, fonts, icons, plain text…) are summarized here instead of producing STICH Paths.

STICH Path = the fingerprint (canonical chain with techniques) STICH Shape = structure only Only determinant branches produce STICH Paths.
Path pe:exe>pe:autoit>pe:autoit
Shape pe:exe>pe:autoit>pe:autoit
malicious 3 nodes
Name Value
Info
PE Detect: PeReader OK (file layout)
Info
PDB Path: wextract.pdb
An error has occurred. This application may no longer respond until reloaded. Reload 🗙