amadey | 0b480f3207bb8628775d3b06dbbb6f07ba21d26e7e8e059eae05db318776b867 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b480f3207bb8628775d3b06dbbb6f07ba21d26e7e8e059eae05db318776b867
Size

126KB
MD5

47225ae400ea6bf72ba06d968ba98825
SHA1

6a2e6cb3ef416426f880e8595a2f0bcb9fc8edcb
SHA256

0b480f3207bb8628775d3b06dbbb6f07ba21d26e7e8e059eae05db318776b867
SHA512

5e97c91e2fbb09c2d78b30ffbc096111e7df82c15430415d0671816a98884986e2ad5d75916ce8b9cd56f0a2cf2c7a19a9867d3f2d67aef75e9f36def75ad2a0
SSDEEP

3072:bx7p5EJTJWW6skJWwzBmY6ScG1f9b66kBLjzlGTO9:bx781WW6QwzpZ66k

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Detect Amadey credential stealer module 1 IoCs

resource	yara_rule
sample	amadey_cred_module

Files

0b480f3207bb8628775d3b06dbbb6f07ba21d26e7e8e059eae05db318776b867
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Main
Save

Sections

CODE
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 79B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ