Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
Avira: detected |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
ReversingLabs: Detection: 60% |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
Virustotal: Detection: 69% |
Perma Link |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
Joe Sandbox ML: detected |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
String found in binary or memory: This is a third-party compiled AutoIt script. |
memstr_761df45c-8 |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
memstr_d5b206a2-2 |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal64.winEXE@0/0@0/0 |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
ReversingLabs: Detection: 60% |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
Virustotal: Detection: 69% |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
Static file information: File size 1065984 > 1048576 |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: SecuriteInfo.com.Trojan.AutoIt.1359.1698.8779.exe |
Binary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning |