amadey | e59b1a06e20fffa3c526b89920cc92a5e186bcc2c46a04ec540357e3d1869233 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e59b1a06e20fffa3c526b89920cc92a5e186bcc2c46a04ec540357e3d1869233
Size

126KB
MD5

83d6d2070c5800bbaf7e61604273ffe2
SHA1

601568d5a02b30a302f6e3c4f9cd5ea53d9576a0
SHA256

e59b1a06e20fffa3c526b89920cc92a5e186bcc2c46a04ec540357e3d1869233
SHA512

30a46a13706ba627f5f05faf71bed26d5a63473aa7766c2fcf72f4cb5b2147e4645c678e509e28ce1c1a238f1d4aa5f67b80ad2675cb3ca91b88afac3d7204b3
SSDEEP

3072:Yx7pOYzBeka3tiINwyP7XSSJds3zhrjPcnqULv4C9:Yx7ZNha3vwyOztPc3L

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Detect Amadey credential stealer module 1 IoCs

resource	yara_rule
sample	amadey_cred_module

Files

e59b1a06e20fffa3c526b89920cc92a5e186bcc2c46a04ec540357e3d1869233
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Main
Save

Sections

CODE
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 79B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ