bdaejec | 058b166ed8da62d59a82d97f6b97ce9f62b2e9fdc0fb75d02ea18882b43c4acaN[.]exe | Triage

Sharing

General

Target

058b166ed8da62d59a82d97f6b97ce9f62b2e9fdc0fb75d02ea18882b43c4acaN.exe
Size

32KB
MD5

161c8cee40402c757056a3dbccf327a0
SHA1

26179c2fbb38520d6a8b0bbdb32c7173258d88a5
SHA256

058b166ed8da62d59a82d97f6b97ce9f62b2e9fdc0fb75d02ea18882b43c4aca
SHA512

386a1a14617091cd567f7f6e202beed0462824c1ffde9d57a6d8e1f3ead8aadce914af76e70cf8fb56bcbc5daf8d38344370241b4e2c8f8471b956b2b4d2d325
SSDEEP

768:WFfht504Zk7ZydrPUohGJxxbPreIQGPL4vzZq2o9W7GsxBbPr:q3504a7Zy5PUohoSDGCq2iW7z

Score

10^/10

bdaejec

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Signatures

Bdaejec family
bdaejec

Detects Bdaejec Backdoor. 1 IoCs

Bdaejec is backdoor written in C++.

resource	yara_rule
sample	family_bdaejec_backdoor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
058b166ed8da62d59a82d97f6b97ce9f62b2e9fdc0fb75d02ea18882b43c4acaN.exe

Files

058b166ed8da62d59a82d97f6b97ce9f62b2e9fdc0fb75d02ea18882b43c4acaN.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�2JG�u{
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE