amadey | spicis4[.]amdy[.]plat | Triage

Sharing

General

Target

spicis4.amdy.plat
Size

2.8MB
MD5

26fa97abd73e1517729549b2b27d03a2
SHA1

f74d14de09519cc6a8f77d867bcc20a554fabe89
SHA256

af61909e749fd00fd83ae0da3caf6099ea2f7dda0a55a5e254614ad7b33bd6dc
SHA512

d16bef506d05484e146298212e9ccbc7991a78a6926388afcedff26e22659f69a978a0ffdd60660b3998a617b73ba418847050ae68fbc7cc68439988509b8c6a
SSDEEP

49152:6skDShXlT0EeNYaDbp9CN/BRh0MvaBtb6iOPXk3:VXXd0Epanp9IBRPv2tSk

Score

10^/10

themida amadey

Malware Config

Extracted

Family

amadey

Version

3.50

C2

77.73.134.68/hfk3vK9/index.php

Signatures

Amadey family
amadey

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

spicis4.amdy.plat
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE