rhadamanthys | 2176-135-0x00000000001D0000-0x000000000024E000-memory[.]dmp | Triage

Sharing

General

Target

2176-135-0x00000000001D0000-0x000000000024E000-memory.dmp
Size

504KB
MD5

88a5af7cfc8128628ccd51e0f93cd5cc
SHA1

38e5706c20c188781043c2c9006ee2e9450386e1
SHA256

6be15ce2cb38128f895eac2689e6b5e2a3e51fc54359a915c4fb0719436f8e15
SHA512

2db05f98905095eafe46d14015a9b4bfa763ebeb370a2d1e7ebdc0da324ba49f6e4adce078b7e81f1d00be749fc3c5c97b12215bcffac7d4c0b18b21ab2df0cc
SSDEEP

12288:JWBqf/qq3R5W8ZB4zmRzbauOTG55TUF9:J9f93PW8ZBS+zbXMw4

Score

10^/10

rhadamanthys

Malware Config

Signatures

Rhadamanthys family
rhadamanthys

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2176-135-0x00000000001D0000-0x000000000024E000-memory.dmp

Files

2176-135-0x00000000001D0000-0x000000000024E000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ