danabot | 2688-120-0x0000000000400000-0x0000000000C31000-memory[.]dmp

General

Target

2688-120-0x0000000000400000-0x0000000000C31000-memory.dmp
Size

8.2MB
MD5

079e9184950d00e0732a8108781f7e9b
SHA1

e1de22510b75117384444e68364b1c034164efb2
SHA256

17ef271dfabf94c70a6e914342eba3deb66dc348f6342540b3866d17b1bdd44d
SHA512

4d1ef18f59ecd0b0cfbb7a582ebdac2dc55b233587c3775e2ab6d7ba24991a4ba285ff261c0e18ce493808485c5929133b51ca5c5180899006269024e6a56e7e
SSDEEP

98304:FABI4msZF5YT9VfmqrjAL4WBELDiwQvTGbBVfT0T52q/+kBToYP:FcHZYT9VfHALDBqWvLGbvL0wudP

Score

10^/10

danabot

Malware Config

Extracted

Family

danabot

Attributes

type
loader

Signatures

Danabot family
danabot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2688-120-0x0000000000400000-0x0000000000C31000-memory.dmp

Files

2688-120-0x0000000000400000-0x0000000000C31000-memory.dmp
.exe windows:5 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 153B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 72B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 522KB - Virtual size: 522KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 7.2MB - Virtual size: 7.2MB

.itext Size: 9KB - Virtual size: 8KB

.data Size: 47KB - Virtual size: 46KB

.bss Size: - Virtual size: 27KB

.idata Size: 16KB - Virtual size: 15KB

.didata Size: 26KB - Virtual size: 25KB

.edata Size: 512B - Virtual size: 153B

.tls Size: - Virtual size: 72B

.rdata Size: 512B - Virtual size: 92B

.reloc Size: 376KB - Virtual size: 376KB

.rsrc Size: 522KB - Virtual size: 522KB

.text
Size: 7.2MB - Virtual size: 7.2MB

.itext
Size: 9KB - Virtual size: 8KB

.data
Size: 47KB - Virtual size: 46KB

.bss
Size: - Virtual size: 27KB

.idata
Size: 16KB - Virtual size: 15KB

.didata
Size: 26KB - Virtual size: 25KB

.edata
Size: 512B - Virtual size: 153B

.tls
Size: - Virtual size: 72B

.rdata
Size: 512B - Virtual size: 92B

.reloc
Size: 376KB - Virtual size: 376KB

.rsrc
Size: 522KB - Virtual size: 522KB