General
-
Target
amdy.bin
-
Size
218KB
-
MD5
aa9fa7808dca4fd4cadab28cabbc3266
-
SHA1
1a45810526df332dba5003d0627d1c14bf5183ed
-
SHA256
6e01f9d1997186d06274a508bc0a511aa6fb50e430b77efca593c00d3fc62cba
-
SHA512
a5aa58e5832410d68ad8c2c0f2fd58a496ef5e79b97fe728259993b81f13bc7ef77ec26faf0410f9fa88037fcd87ca09d699ca64d7aa8b11dab83f0f42c5df5a
-
SSDEEP
6144:Q/31H3YucxpcxoLebwlAsUy8F0WEutMVPdKET:QFmxCxoakeLyw0WEutMV
Malware Config
Extracted
amadey
3.20
happyday9risce.com/gg4mn3s/index.php
xksldjf9sksdjfks.com/gg4mn3s/index.php
dhisa8f9ah02hopasiaf.com/gg4mn3s/index.php
Signatures
-
Amadey family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource amdy.bin
Files
-
amdy.bin.exe windows x86
dd9df9b9e52b22adb197dae219c6a26b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetModuleHandleA
Sleep
GetLastError
GetFileAttributesA
CreateFileA
CloseHandle
GetSystemInfo
CreateThread
HeapAlloc
GetThreadContext
GetProcAddress
ResumeThread
LocalFree
GetFileSize
ReadProcessMemory
GetProcessHeap
CreateProcessA
CreateDirectoryA
SetThreadContext
WriteConsoleW
SetEndOfFile
HeapReAlloc
HeapSize
GetTimeZoneInformation
GetComputerNameExW
SuspendThread
GetVersionExW
WaitForSingleObject
GetTempPathW
CreateMutexW
GetModuleFileNameW
VirtualAlloc
WriteFile
VirtualFree
HeapFree
WriteProcessMemory
GetModuleFileNameA
VirtualAllocEx
ReadFile
FlushFileBuffers
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleCP
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
DeleteFileW
DecodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RaiseException
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetStdHandle
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
CompareStringW
LCMapStringW
user32
GetSystemMetrics
ReleaseDC
GetDC
gdi32
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteObject
BitBlt
advapi32
RegGetValueA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
ConvertSidToStringSidW
GetUserNameW
LookupAccountNameW
RegCloseKey
shell32
ShellExecuteA
ord680
ShellExecuteExW
wininet
HttpOpenRequestA
InternetOpenUrlW
InternetReadFile
InternetConnectA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
HttpAddRequestHeadersA
HttpSendRequestExW
HttpEndRequestW
InternetOpenW
InternetOpenUrlA
InternetWriteFile
gdiplus
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
Sections
.text Size: 166KB - Virtual size: 166KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ