amadey | 12f0ee4708ad0a8c12a7f36435d7dc09e4213bc7c31315686b0c7f76ed233463 | Triage

Sharing

General

Target

12f0ee4708ad0a8c12a7f36435d7dc09e4213bc7c31315686b0c7f76ed233463
Size

3.0MB
MD5

104b76899edfccc27df17b715f03aca8
SHA1

161bbce980ca4c4eb0629c8dd7c2dd22e56390b1
SHA256

12f0ee4708ad0a8c12a7f36435d7dc09e4213bc7c31315686b0c7f76ed233463
SHA512

4114b943a19d6cbd789fca5f5a566b1d664d8e03cd52f79859c4dca50a68dbfc2cd3be0788759e3158dbc4872d2d1da0cd547fe7d4d9c864efd7f4b2f17fa914
SSDEEP

49152:DXfY2VIUZqHFJen1dwDY9UoKg9Z6f1DA3C9PzfmZexZs5ER6Nt/D7HhYEjSUFt:D/2UZqHfk4Y9UoKg9ZIQCxz53oL3D7Br

Score

10^/10

themida amadey

Malware Config

Extracted

Family

amadey

Version

2.08

C2

194.32.77.37/pPpfs3ds3Za/index.php

Signatures

Amadey family
amadey
Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

12f0ee4708ad0a8c12a7f36435d7dc09e4213bc7c31315686b0c7f76ed233463
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ