aurora | 2012-54-0x0000000000400000-0x0000000000747000-memory[.]dmp | Triage

Sharing

General

Target

2012-54-0x0000000000400000-0x0000000000747000-memory.dmp
Size

3.3MB
MD5

17d249e9e7fcdbe84b712f217524b8ce
SHA1

9feb0cff89e7a2f1a142c0b8b96be01bac0c17b2
SHA256

8cd3555f2b57aee6a81990f120c933f1eed73a7b935195e0af2fd986215494d5
SHA512

3fb853ad0ac594ca5b8dec2f217b6568c59f689724f8c183bb47e38e52dd714ea4342f1391f69ab0e7f9fefc7fa71602f740ba2fb9520c930d3d6406b5bf552b
SSDEEP

49152:UB0tIiOrWHvdG3qkS5t1xdf5k6N21D5MMCC2i2adSv46k1nk/:UaeHrMaNS5DF+Syk/

Score

10^/10

Malware Config

Extracted

Family

aurora

C2

45.15.157.130:8081

Signatures

Aurora family
aurora
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

2012-54-0x0000000000400000-0x0000000000747000-memory.dmp

Files

2012-54-0x0000000000400000-0x0000000000747000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 286KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ