danabot | JaffaCakes118_6b0a1df3fd9dd5b4d66286977cc692067c5bf349d3436f82952b1aa9f02c4909 | Triage

Sharing

General

Target

JaffaCakes118_6b0a1df3fd9dd5b4d66286977cc692067c5bf349d3436f82952b1aa9f02c4909
Size

1.9MB
MD5

9534b1f998451f0653b4f62284e10f3f
SHA1

79c1461ad0f9ff800167bac05f0075d0dfca83fe
SHA256

6b0a1df3fd9dd5b4d66286977cc692067c5bf349d3436f82952b1aa9f02c4909
SHA512

df4e1409d8fd5a9bdbd74f19774138b2ae1baf2e9b17da1e0a209eca57ecbef7b913b831c3fd336cc0e24f62dfe8fbb0a97d70128dea21996d6475ea768a5266
SSDEEP

49152:zXaTqDex/I7eOGGte4eCwMYVE/rIYmHm8jDE+12a0:zXgzote8YVE/rIvHm8t12a

Score

10^/10

danabot

Malware Config

Signatures

Danabot family
danabot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6b0a1df3fd9dd5b4d66286977cc692067c5bf349d3436f82952b1aa9f02c4909

Files

JaffaCakes118_6b0a1df3fd9dd5b4d66286977cc692067c5bf349d3436f82952b1aa9f02c4909
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ