amadey | 1064-215-0x0000000000BA0000-0x0000000001461000-memory[.]dmp | Triage

Sharing

General

Target

1064-215-0x0000000000BA0000-0x0000000001461000-memory.dmp
Size

8.8MB
MD5

ae7a9d66b6491554f7701c8aa37c70ec
SHA1

1c192ae9fde01d316b8867aba6e88ebae0f7a7e8
SHA256

74a425c930f20f384790fdaa71d604507531d9ca570587724d4875307195cdf8
SHA512

6bb2203de293eb25b6ebda220c04a7ae1b9e6d605fa377ecc5e6295a8dcc7615f07099a4fa9ec0d3f1e9249f135746e6f924a520d45f3b0923c2d5d6d87ff296
SSDEEP

196608:62nE7PwbR/1G9Ml0CxCKSb1QBYrL8w/OXxlX/:6lPGR/1GaqRKlBY/8Z/

Score

10^/10

vmprotect amadey

Malware Config

Extracted

Family

amadey

Version

3.10

C2

185.215.113.38/f8dfksdj3/index.php

Signatures

Amadey family
amadey
VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

Files

1064-215-0x0000000000BA0000-0x0000000001461000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ