snakekeylogger | 588-40-0x00000000006B0000-0x00000000006EA000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

588-40-0x00000000006B0000-0x00000000006EA000-memory.dmp
Size

232KB
MD5

355e6e0e0ec84494dcca7034101bc264
SHA1

7f0abc482c3662bfaea8f268d02a179284fc81c5
SHA256

a2fb152d7237f62d2e7a0518f0651ca1aa4b0ec424d6fe88f2a475693ba055d9
SHA512

76b0adc1cb31451317016b57439b4c7d644d1883d8ddcdc3388ae9f1372049c7b3af7939707dd98182efd5f2b3859beadc617862df6ba5b341bd1a50031179a9
SSDEEP

6144:Q3SXlJqe3Cmv67Xx09PBRMbzrzZaIDbG:Q3SXlJqe37wzkIHG

Score

10^/10

snakekeylogger

Malware Config

Signatures

Snake Keylogger payload 1 IoCs

resource	yara_rule
sample	family_snakekeylogger

Snakekeylogger family
snakekeylogger

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
588-40-0x00000000006B0000-0x00000000006EA000-memory.dmp

Files

588-40-0x00000000006B0000-0x00000000006EA000-memory.dmp
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

_.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ