Source: Image Quote 011698.exe |
ReversingLabs: Detection: 55% |
Source: Image Quote 011698.exe |
Virustotal: Detection: 33% |
Perma Link |
Source: Submited Sample |
Integrated Neural Analysis Model: Matched 99.7% probability |
Source: Image Quote 011698.exe |
Joe Sandbox ML: detected |
Source: Image Quote 011698.exe |
Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
Source: Image Quote 011698.exe, 00000000.00000002.2579153279.0000000001082000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: This is a third-party compiled AutoIt script. |
memstr_12755b49-8 |
Source: Image Quote 011698.exe, 00000000.00000002.2579153279.0000000001082000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
memstr_bb84c96a-b |
Source: Image Quote 011698.exe |
String found in binary or memory: This is a third-party compiled AutoIt script. |
memstr_848e5001-e |
Source: Image Quote 011698.exe |
String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
memstr_929d7af1-9 |
Source: initial sample |
Static PE information: Filename: Image Quote 011698.exe |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FC8060 |
0_2_00FC8060 |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_01032046 |
0_2_01032046 |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_01028298 |
0_2_01028298 |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FFE4FF |
0_2_00FFE4FF |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FF676B |
0_2_00FF676B |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_01054873 |
0_2_01054873 |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FCCAF0 |
0_2_00FCCAF0 |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FECAA0 |
0_2_00FECAA0 |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FF6DD9 |
0_2_00FF6DD9 |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FDAFAC |
0_2_00FDAFAC |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FC91C0 |
0_2_00FC91C0 |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FE1394 |
0_2_00FE1394 |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FDB731 |
0_2_00FDB731 |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FE1706 |
0_2_00FE1706 |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FE781B |
0_2_00FE781B |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FE19B0 |
0_2_00FE19B0 |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FD997D |
0_2_00FD997D |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FC7920 |
0_2_00FC7920 |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FE7A4A |
0_2_00FE7A4A |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FE7CA7 |
0_2_00FE7CA7 |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FE1C77 |
0_2_00FE1C77 |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FF9EEE |
0_2_00FF9EEE |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_0104BE44 |
0_2_0104BE44 |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FCBF40 |
0_2_00FCBF40 |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FE1F32 |
0_2_00FE1F32 |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: String function: 00FCCFA0 appears 34 times |
|
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: String function: 00FE0A30 appears 46 times |
|
Source: Image Quote 011698.exe |
Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal64.winEXE@1/0@0/0 |
Source: Image Quote 011698.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: Image Quote 011698.exe |
ReversingLabs: Detection: 55% |
Source: Image Quote 011698.exe |
Virustotal: Detection: 33% |
Source: Image Quote 011698.exe |
Static file information: File size 1524736 > 1048576 |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FE0A76 push ecx; ret |
0_2_00FE0A89 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FD9339 LdrInitializeThunk, |
0_2_00FD9339 |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FE4CE8 mov eax, dword ptr fs:[00000030h] |
0_2_00FE4CE8 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: Image Quote 011698.exe |
Binary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning |
Source: C:\Users\user\Desktop\Image Quote 011698.exe |
Code function: 0_2_00FE0698 cpuid |
0_2_00FE0698 |