amadey | 2012-66-0x0000000000400000-0x000000000090F000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2012-66-0x0000000000400000-0x000000000090F000-memory.dmp
Size

5.1MB
MD5

5fe6d887e46a34b2125fecf67debcda2
SHA1

55cf3e592e3bcdf5649ecaf3e86e83079504fca2
SHA256

632345416abb6f231f09dab6fccd79ea76b67ec9bb8677b4e36d3728a1ae836c
SHA512

6fde5691c57d05deb36a0600e605a2ce0941307323f1ac875a4cf06a3928c3f7f6a7c4592aef4ca5a66f9df470ad86751454c03d9bea29e8c557f30bb87b4656
SSDEEP

6144:5wcgXAHmWMaZ24RAMKwu1Cku5np5A0GMueGOvdNGf3m:qcfMaZfAUu1Cku5nvGudk/

Score

10^/10

amadey

Malware Config

Extracted

Family

amadey

Version

3.69

C2

88.218.60.230/Gb2dZz/index.php

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2012-66-0x0000000000400000-0x000000000090F000-memory.dmp

Files

2012-66-0x0000000000400000-0x000000000090F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ