amadey | 3BAF8F1B9532A7ACEDBE8D5EC0922E47B232718542C6E[.]exe

General

Target

3BAF8F1B9532A7ACEDBE8D5EC0922E47B232718542C6E.exe
Size

3.7MB
MD5

31f3dee65723f26fc727d2b640b53733
SHA1

ca2676ebf7026b3bd4bc23d513811c382d67b5fc
SHA256

3baf8f1b9532a7acedbe8d5ec0922e47b232718542c6e45d9328dffeafe3d7de
SHA512

968b31a35ce4a7ddad7884db7db3426089ff21ce0da8f755e6ce1f9cf4172bab488e9155aa483d370cec190c8539cdec8ed1a3a1b32bf5d0edfaacbd7bba04b0
SSDEEP

98304:zlyRnSo1TPftn7kdXWXskxmK1STB0H6AitRGqG:KnSoRNn7cmjwBoditRGqG

Score

10^/10

themida amadey

Malware Config

Extracted

Family

amadey

Version

3.01

C2

bebraboysclub.hk/g8lvleE2z/index.php

Signatures

Amadey family
amadey

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

3BAF8F1B9532A7ACEDBE8D5EC0922E47B232718542C6E.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 267B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 166KB - Virtual size: 165KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 5KB - Virtual size: 17KB

Size: 267B - Virtual size: 480B

Size: 6KB - Virtual size: 7KB

.imports Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 4.7MB

.boot Size: 3.4MB - Virtual size: 3.4MB

.taggant Size: 8KB - Virtual size: 8KB

.text
Size: 166KB - Virtual size: 165KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 5KB - Virtual size: 17KB

.imports
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 4.7MB

.boot
Size: 3.4MB - Virtual size: 3.4MB

.taggant
Size: 8KB - Virtual size: 8KB