numando | cdf4b776599edc5640c53c2ecdf0959b24d49245e6fae4d1ec57c03cf3660ae9 | Triage

Sharing

General

Target

cdf4b776599edc5640c53c2ecdf0959b24d49245e6fae4d1ec57c03cf3660ae9
Size

3.5MB
MD5

c0a26edbd8e0bb5ba4e32eb3fceb250b
SHA1

a6dfd89164d12ffb403c57a22c65fcbe43bd873d
SHA256

cdf4b776599edc5640c53c2ecdf0959b24d49245e6fae4d1ec57c03cf3660ae9
SHA512

de2cfeadf4b3eb2e5e2bffdf048bcdbfc67622f2befd1391407a00c07e38c0c80ce497060d70f6ce1b797012c795f515d880ceb984c82824c3c92ea7144d2695
SSDEEP

49152:dpbXzr0yWKZloS8qiiuAeGAVSa5HZCDxihAbVvTZtvr4yubWAu:dpbDrmK8AeGAVZvCDxiSpXkyau

Score

10^/10

numando

Malware Config

Signatures

Detect Numando Payload 1 IoCs

resource	yara_rule
sample	family_numando

Numando family
numando

Files

cdf4b776599edc5640c53c2ecdf0959b24d49245e6fae4d1ec57c03cf3660ae9
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TERCEIRIZADA
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ