SANS ISC

[SANS ISC] Malicious DLL Loaded Through AutoIT

I published the following diary on isc.sans.org: “Malicious DLL Loaded Through AutoIT“:

Here is an interesting sample that I found while hunting. It started with the following URL:

hxxp://200[.]98[.]170[.]29/uiferuisdfj/W5UsPk.php?Q8T3=OQlLg3rUFVE740gn1T3LjoPCQKxAL1i6WoY34y2o73Ap3C80lvTr9FM5

The value of the parameter (‘OQlLg3rUFVE740gn1T3LjoPCQKxAL1i6WoY34y2o73Ap3C80lvTr9FM5’) is used as the key to decode the first stage. If you don’t specify it, you get garbage data… [Read more]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.