amadey | 2372-4-0x0000000000400000-0x00000000004EE000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2372-4-0x0000000000400000-0x00000000004EE000-memory.dmp
Size

952KB
MD5

46f916b98f4e9ff9c3ec5a24d4fff9d3
SHA1

20759b7c1d868da752d095feb1a33f3e6f574153
SHA256

c8fcce41f0af1f923a5d3d5d11dc48454b86dbbc3e45d159fd1336106792f6fa
SHA512

f8a98b01062073fb6ae0f458d1db1b11b6611f932bcd07d14d7a3e21d2b58436a015527a17077e1b5813c97bdb031f9a112e87e40c11602a66ec1032d88471dd
SSDEEP

6144:XRxrjqy8ZrvEsItUahY51J16FKau+dnX9y28JM9aTV:fC58oahK8FVu+dnXfK

Score

10^/10

amadey

Malware Config

Extracted

Family

amadey

Version

3.89

C2

http://5.42.64.45/8bmeVwqx/index.php

Attributes

strings_key
0d9b6480a8b68d8bf0013e3bfc05b785

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2372-4-0x0000000000400000-0x00000000004EE000-memory.dmp

Files

2372-4-0x0000000000400000-0x00000000004EE000-memory.dmp
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ