danabot | JaffaCakes118_9636f36d44d41bb910ef9921473160942e325d8bc23cbd4d4adad41a9642ada2 | Triage

Sharing

General

Target

JaffaCakes118_9636f36d44d41bb910ef9921473160942e325d8bc23cbd4d4adad41a9642ada2
Size

2.9MB
MD5

97da7d281b19cac4f2f001085123faaf
SHA1

66534e1634426a078d70ae5e5a494fd49326c287
SHA256

9636f36d44d41bb910ef9921473160942e325d8bc23cbd4d4adad41a9642ada2
SHA512

fb2f87c999d54c04e9b87954e4789092fb1511e6080d70b727d496c46e950104ff1e47ea520cc8940ff0fc2f748eed9ba0c0e7597b647707c091c53439df052a
SSDEEP

49152:Rj2aXR4JgtXRg1POB8MQ2KzfnO/RaTzND:Xh4JgtBgPOB8MQTS/RMN

Score

10^/10

danabot

Malware Config

Signatures

Danabot family
danabot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_9636f36d44d41bb910ef9921473160942e325d8bc23cbd4d4adad41a9642ada2

Files

JaffaCakes118_9636f36d44d41bb910ef9921473160942e325d8bc23cbd4d4adad41a9642ada2
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 582B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 150B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 32B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ