AutoitFileOperations

The AutoIt script can perform multiple actions on files. This may be used for information gathering, persistence, or destruction.

AutorunString

The file has the capability to achieve persistence by using autorun mechanisms.

CodepageLookupImports

The file imports functions used to look up the codepage (location) of a running system. Malware uses this to differentiate in which country/region a system is running in to better target particular groups.

MutexImports

The file imports functions to create and manipulate mutex objects. Malware frequently uses mutexes to avoid infecting a system multiple times.

OpenSSLStatic

The file contains a version of OpenSSL compiled to appear stealthy. Malware does this to include cryptography functionality without leaving strong evidence of it.

PListString

The file has the capability to interact with property lists that are used by the operating system. This may be used to achieve persistence or to subvert various processes.

PrivEscalationCryptBase

The file shows evidence of attempting to use a privilege escalation using CryptBase. Malware uses this to gain more privileges on the affected system.

ShellCommandString

The file has the capability to use sensitive shell commands for reconnaissance, elevation of privilege, or data destruction.

SystemCallSuspicious

The file has the capability to monitor or control system and other processes, performing debug-like actions.