bdaejec | 2744-12-0x0000000000AA0000-0x0000000000AA9000-memory[.]dmp | Triage

Sharing

General

Target

2744-12-0x0000000000AA0000-0x0000000000AA9000-memory.dmp
Size

36KB
MD5

d2dfd69093fd5d405112243b51836702
SHA1

277fed3c44fb0286261a336613706d66e8221ae6
SHA256

415193872b9b2925c05fa7e4fea5ea1ea9de9fbb2114fad03e59a2c1f85c978c
SHA512

5533724b73e31fd2967955cb34ad751349e11cb5248ea0078015dfcf27374dfab9eb4b507969700ee17156cf61a6225ecb26c93fe824b164f8945cb64e70a3e7
SSDEEP

768:W3tr7Xbc4FWyAgRc586daPAP16KntHBGWxNbPr:kxXbc48yFRj6cO16KntHBp

Score

10^/10

bdaejec

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Signatures

Bdaejec family
bdaejec

Detects Bdaejec Backdoor. 1 IoCs

Bdaejec is backdoor written in C++.

resource	yara_rule
sample	family_bdaejec_backdoor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2744-12-0x0000000000AA0000-0x0000000000AA9000-memory.dmp

Files

2744-12-0x0000000000AA0000-0x0000000000AA9000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE