danabot | JaffaCakes118_bb3b43f782d12750e9799d20e7e8640defc9bf059e4f592b5056b169471c0453 | Triage

Sharing

General

Target

JaffaCakes118_bb3b43f782d12750e9799d20e7e8640defc9bf059e4f592b5056b169471c0453
Size

2.8MB
MD5

b9f64f81b2108284d59fc33727f63022
SHA1

246dad96f9194c265d5f95aa488432ac9a0b80ab
SHA256

bb3b43f782d12750e9799d20e7e8640defc9bf059e4f592b5056b169471c0453
SHA512

78a7f88bcf86087388e5f5e64e7cbffc49cb97afa6afcb82b5e36f1f1215e0061299e352ccaa6f01006c6899b2bb051665965373706a7bac6108950ff5507125
SSDEEP

49152:bd4yBCwntqPgeUdaSZS/zkJznHxTeKTUN9:uFcqoeIS/zkJDHtwN9

Score

10^/10

danabot

Malware Config

Signatures

Danabot family
danabot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_bb3b43f782d12750e9799d20e7e8640defc9bf059e4f592b5056b169471c0453

Files

JaffaCakes118_bb3b43f782d12750e9799d20e7e8640defc9bf059e4f592b5056b169471c0453
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 582B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 153B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 32B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ