amadey | 349b2b47fef50fa6a1fc19d0ee4b2db8[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

349b2b47fef50fa6a1fc19d0ee4b2db8.dll
Size

126KB
MD5

349b2b47fef50fa6a1fc19d0ee4b2db8
SHA1

077f4328b3f060a9f010b1a63d9e127d24ddafd4
SHA256

5cd41f164de6f783b7da82b5f6dbd49413eccd87cc7470f2004d58ca081fb0e0
SHA512

83fd58be4c0051ed05b7a03443d256d52f09206d2f433bd302c9e9e3780b9d472e823aed1db01b5052dc8fdc63a4352beac9e399858a8252c057f11cf2bd1773
SSDEEP

3072:ox7pOYzBekTRmWDWCMq6As523HeS9FAiZ87vO2rlL3RnG9:ox7ZNhTR/dMq6AO0a7vVlT

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Detect Amadey credential stealer module 1 IoCs

resource	yara_rule
sample	amadey_cred_module

Files

349b2b47fef50fa6a1fc19d0ee4b2db8.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Main
Save

Sections

CODE
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 79B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ