anchordns | 13d4e3de896371db26a29b73f7d5e24f4f2a916da8deb0f249b8f604656bedd6 | Triage

Sharing

General

Target

13d4e3de896371db26a29b73f7d5e24f4f2a916da8deb0f249b8f604656bedd6
Size

164KB
MD5

db998ff70608040dcd06e0fc3fba1704
SHA1

1bca38d4c1f0a2f00a164687685186e02da61468
SHA256

13d4e3de896371db26a29b73f7d5e24f4f2a916da8deb0f249b8f604656bedd6
SHA512

1d7c0697cc1fd6283a4e554ec4293d34d9b0cfee7946559022b30dd37c5cdd81a02593e6b601513002731b1aed71ee55c74ffa6594833eaf0c8234df8402b5b8
SSDEEP

3072:MRc7eVFbPbB4CFK2m6U9eHZd+QDK/BZ6WCw/u9fWuxkb:y0eVFbV/E76UMZd+QDm4ZDx

Score

10^/10

backdoor anchordns

Malware Config

Signatures

Anchordns family
anchordns
Detected AnchorDNS Backdoor 1 IoCs
Sample triggered yara rules associated with the AnchorDNS malware family.
backdoor

Processes:

resource yara_rule

sample family_anchor_dns

Files

13d4e3de896371db26a29b73f7d5e24f4f2a916da8deb0f249b8f604656bedd6
.dll windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ