danabot | 2768-12-0x0000000003C80000-0x0000000004B11000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2768-12-0x0000000003C80000-0x0000000004B11000-memory.dmp
Size

14.6MB
MD5

ecc458fe67ec78d4c55638e3ccc5e8f5
SHA1

79c9c099cb79eacce1bfcc1f29e4efeecdaa58c1
SHA256

8720891ba314c13d0a4d93396bcc49d97c5f26bade78025cd5537ce4ece96c5f
SHA512

50b3b7c00fa03b50975dd54146be6f9a835ee847ac4342942e596f4ab7d4f3283e262e0b25930777f9255a542bac0e217623bf6a227d1f3ad1e71ff822e9781c
SSDEEP

196608:xpLUipF5Xcu4GSOh6TALEHrcDaitwrtvF1dPj/voTeaXf6:7LZFCuzSKk2aYMF1hTvb

Score

10^/10

danabot

Malware Config

Extracted

Family

danabot

Attributes

type
loader

Signatures

Danabot family
danabot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2768-12-0x0000000003C80000-0x0000000004B11000-memory.dmp

Files

2768-12-0x0000000003C80000-0x0000000004B11000-memory.dmp
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 10.9MB - Virtual size: 10.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 107KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 169B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 812KB - Virtual size: 811KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ