General
-
Target
2276-2-0x0000000000400000-0x00000000004B3000-memory.dmp.file
-
Size
235KB
-
MD5
684ad8513d66ded5a090e583b5484855
-
SHA1
9975201ecf9230947f52526bfd954f720fde5754
-
SHA256
97a3f1196983546ab7a9bdb1e84544b004fb1ccfca47e74789a637699899de9a
-
SHA512
604d08ef76b237a0460c2fc89749e5db8458283ff2de69eb19b70738b112a5008cc42f8508f0d0b0f16aafb2afb021612eb9c327b8b27c656ad6df7bf0df724a
-
SSDEEP
3072:Z0W5BDiuMi8R/rfA6nFUepMO3tQeXF7ApJhCSMQHlUiVf8k75zOQzsFfwSlfIP36:quk/fqc7AJN7ki72
Malware Config
Extracted
dridex
Signatures
-
Dridex family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2276-2-0x0000000000400000-0x00000000004B3000-memory.dmp.file
Files
-
2276-2-0x0000000000400000-0x00000000004B3000-memory.dmp.file.exe windows:6 windows x86
1e514447f004e9505dc193777ba8a65d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
OutputDebugStringA
Sleep
Sections
.text Size: 208KB - Virtual size: 207KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 640B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ