bandook | 1a2ff4a809b5a3757eaa05dc362acb2b227a7d02cb13d74c17d850d44181cf04 | Triage

Sharing

General

Target

1a2ff4a809b5a3757eaa05dc362acb2b227a7d02cb13d74c17d850d44181cf04
Size

4.5MB
MD5

10188c31ac960f60430b166d3d12b07b
SHA1

3ff77fb2fa2b4b2c3e519947d8722d22c882cbde
SHA256

1a2ff4a809b5a3757eaa05dc362acb2b227a7d02cb13d74c17d850d44181cf04
SHA512

6f22a7277c27d4aa41f18af23400bd0416ee272aaf6380fa27c620a7200c601c61eae286ab4927b21f2cf4979289580d9252cd2527772cc11ce3f752efba4c05
SSDEEP

98304:Ny8dhpdcOxS1zarMeCwmCeMQeRaCNEKpQ0wpa5SwTaPlaEfdahqN6lNwWug7wKe5:gfzarMeCwmCeMQeRaCNEKpQ0wpa5SwTq

Score

10^/10

bandook

Malware Config

Signatures

Bandook family
bandook

Bandook payload 1 IoCs

resource	yara_rule
sample	family_bandook

Files

1a2ff4a809b5a3757eaa05dc362acb2b227a7d02cb13d74c17d850d44181cf04
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 540KB - Virtual size: 539KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 10.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ