Malicious
Malicious

fd4805fa7ff642f047d98d738fd129ab

AutoIt Compiled Script
|
MD5: fd4805fa7ff642f047d98d738fd129ab
|
Size: 1.46 MB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
fd4805fa7ff642f047d98d738fd129ab
Sha1
472eaf55bf5f4b08c01bd8dd6bfcc36d4a0ff009
Sha256
dc9cf86ceacb019977da48abbf347e054a430a97ab28a96fa30305d2a2f84dfb
Sha384
82f8ff15cc4f213226b13c1e167df7282c3ad1acbaa33de514d1b3dafe7445a3d70efd40628ccb639944ffd6113b504e
Sha512
5abe9261730918d967df256c380095c2c96955d436e29e85e4eab0b9eb628f4cf9bdbf61bd835dcf41613223e63962eca2f0f3520128f5af14cdd3390fac856e
SSDeep
24576:nu6J3xO0c+JY5UZ+XCHkGsoEAdx20W4njUprvVcC1f2o5RRfgdWY8:ho0c++OCokGs7Adgrd1f26RNY8
TLSH
4565BF52E38EC2F0DE165172BA7DF73A1E3B3C254530B9566FC5ED3AAD21021112DAA3

PeID

Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ 7.0 - 8.0
Microsoft Visual C++ 8
Microsoft Visual C++ 8
Microsoft Visual C++ v6.0 DLL
VC8 -> Microsoft Corporation
File Structure
fd4805fa7ff642f047d98d738fd129ab
Malicious
aut5FDC.tmp.tok
Malicious
[Cleaned].au3
Malicious
Overlay_e1bbfc0c.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
.htext
Resources
RT_ICON
ID:0001
ID:2057
ID:0002
ID:2057
RT_DIALOG
ID:0000
ID:0
RT_STRING
ID:0007
ID:2057
ID:0008
ID:2057
ID:0009
ID:2057
ID:000A
ID:2057
ID:000B
ID:2057
ID:000C
ID:2057
ID:0139
ID:2057
RT_RCDATA
ID:0000
ID:0
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.data
.bss
.edata
.idata
.reloc
RT_GROUP_CURSOR4
ID:0063
ID:2057
ID:00A9
ID:2057
RT_VERSION
ID:0001
ID:2057
RT_MANIFEST
ID:0001
ID:2057
Malware Configuration - NetWire config.
Config. Field
 Value
Config. Key (RC4)

B3-A7-EF-E5-80-AE-03-81-24-74-3E-FE-62-8C-58-31
Domains

Wealthy2019.com.strangled.net:20190
Domains

wealthyme.ddns.net:20190
Password

sucess
Host ID

sunshineslisa
Mutex

-
Install Path

%AppData%\Imgburn\Host.exe
Startup Name

-
ActiveX Key

-
KeyLog Dir

%AppData%\Logs\Imgburn\
Copy executable

True
Delete original

False
Lock executable

False
Registry autorun

False
ActiveX autorun

False
Use a mutex

False
Offline keylogger

True
Proxy Option

Direct connection
other Option

005
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Overlay extracted: Overlay_e1bbfc0c.bin (3410 bytes)
fd4805fa7ff642f047d98d738fd129ab (1.46 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙