mylobot | 2488-5-0x0000000000400000-0x0000000000436000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2488-5-0x0000000000400000-0x0000000000436000-memory.dmp
Size

216KB
MD5

b72e1d6f29b9f4f8c2097d5d13331fde
SHA1

7c00ea5efec42b3c47c5a5e4fcbfe7df981e1e0e
SHA256

d4dbb823c553f19379e3aa25c8baec4448b3c630455c483e1b250abcf14bedc5
SHA512

7285486739a7eb61c3cf40f27edfe0b248beadbfa1de9377fe3b6acc478af4391c400b218c2b9dd32ccd160f35547fc150dd650b9b7e5b1a0102abb89a2aa995
SSDEEP

768:9yKhrvlCHbceQ22tIJOv3MfKynFcsnpS0ynV:hvlyAeiaqstBnIV

Score

10^/10

mylobot

Malware Config

Signatures

Mylobot family
mylobot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2488-5-0x0000000000400000-0x0000000000436000-memory.dmp

Files

2488-5-0x0000000000400000-0x0000000000436000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ