amadey | e29bf00054e8f9f6805d9e2aff7acad5120276ac2b2dee0525031c337e1cf81d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e29bf00054e8f9f6805d9e2aff7acad5120276ac2b2dee0525031c337e1cf81d
Size

126KB
MD5

3cad42aff77fbb4d2d652146e9c77e51
SHA1

f95c2c64d2eac0d3ec2ea13f8f11c71abc8e7054
SHA256

e29bf00054e8f9f6805d9e2aff7acad5120276ac2b2dee0525031c337e1cf81d
SHA512

0b398fa3434237dc8f0f70bac795fa9fede3ea2a0388b24008edd5e71d13813bae0132d31893219840a6349dfe66d88bee48aa1d39e6172f67313035e27093ee
SSDEEP

3072:Yx7pOYzBeka3tiINwyP7XSSJds3zhrjPcnqULv4m9:Yx7ZNha3vwyOztPc3L

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Detect Amadey credential stealer module 1 IoCs

resource	yara_rule
sample	amadey_cred_module

Files

e29bf00054e8f9f6805d9e2aff7acad5120276ac2b2dee0525031c337e1cf81d
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Main
Save

Sections

CODE
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 79B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ