amadey | 2756-14-0x0000000000400000-0x000000000043C000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2756-14-0x0000000000400000-0x000000000043C000-memory.dmp
Size

240KB
MD5

cc3eb246cd1e87ddcded832fb0389ac8
SHA1

85e4dff4c6d065a1b2b3395e39c62c0c22b51b65
SHA256

54f3c2a39605e0d4d8b43ad6649e243c96f98eda7fb8dd3b7df6ec4d6ac661d9
SHA512

731762f4c01be99ef81e4e6fff3ecb2eeb5c5f837f46637b821818855056ef2c45b1e76e680554a51ac1e1b9282f184feddd4910db84c78dbaeabfb4b7571205
SSDEEP

6144:4pvr6TICDuAcPrpptxWNprSF6rBuON/uJQK:4JW81XtxWWFEBuON/u

Score

10^/10

amadey

Malware Config

Extracted

Family

amadey

Version

3.89

Attributes

install_dir
4505f042fb
install_file
nhdues.exe
strings_key
9824b07dc3e28e94cc52fdef915db5c6

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2756-14-0x0000000000400000-0x000000000043C000-memory.dmp

Files

2756-14-0x0000000000400000-0x000000000043C000-memory.dmp
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ