Windows Analysis Report
SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe

Overview

General Information

Sample name: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe
Analysis ID: 1468057
MD5: 1028a0939cb0ce3475e93dcab08ebba8
SHA1: cabea9297663f49fc202440b4744c2e68f34e85b
SHA256: 7582cef6803deddb7d58cf0dc862c1c12d5b1f3cd796990f81bc99da42e6fbd8
Tags: AgentTeslaexe
Errors
  • Unable to connect to analysis machine: w10x64, esxi07-W10x64_Office_01, timeout exceeded, no analysis of the sample was performed
  • No process behavior to analyse as no analysis process or sample was found

Detection

Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Binary is likely a compiled AutoIt script file
Machine Learning detection for sample
Uses 32bit PE files

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe ReversingLabs: Detection: 60%
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe Virustotal: Detection: 69% Perma Link
Machine Learning detection for sample
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

System Summary
barindex
Binary is likely a compiled AutoIt script file
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe String found in binary or memory: This is a third-party compiled AutoIt script. memstr_761df45c-8
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer memstr_d5b206a2-2
Uses 32bit PE files
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engine Classification label: mal64.winEXE@0/0@0/0
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe ReversingLabs: Detection: 60%
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe Virustotal: Detection: 69%
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe Static file information: File size 1065984 > 1048576
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe Binary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning

No Screenshots

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1468057 Sample: SecuriteInfo.com.Trojan.Aut... Startdate: 05/07/2024 Architecture: WINDOWS Score: 64 5 Antivirus / Scanner detection for submitted sample 2->5 7 Multi AV Scanner detection for submitted file 2->7 9 Binary is likely a compiled AutoIt script file 2->9 11 Machine Learning detection for sample 2->11
No contacted IP infos