amadey | 2236-48-0x00000000009C0000-0x000000000197A000-memory[.]dmp

Sharing

Copy URL Twitter E-mail

General

Target

2236-48-0x00000000009C0000-0x000000000197A000-memory.dmp
Size

15.7MB
MD5

26a53cc5161c9e6c90fcec00aea99e50
SHA1

8baa42a21dfe0fcfdad58ace6078c608f6fb4705
SHA256

96c202fd58a64e73267bce15c85f2eef97e5840a56eb1434e1d525ce75012839
SHA512

ca7bdc697e33964406b50126933233ea4745890d9afd5788d4951a3c493e6de5e442ab1bd62d90a569544306c9480bf31abbf63308ad14906fd8230527080f66
SSDEEP

393216:PXOkFrQiFCUcA4kT1rtdxD26Wj9BYZ0hBE69u0bV1joG6:fOkZ48lo6W7Ymh6m5V1j/6

Score

10^/10

themida amadey

Malware Config

Signatures

Amadey family
amadey

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2236-48-0x00000000009C0000-0x000000000197A000-memory.dmp

Files

2236-48-0x00000000009C0000-0x000000000197A000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp±×
Size: - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp±×
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp±×
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp±×
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: - Virtual size: 330KB

Size: - Virtual size: 71KB

Size: - Virtual size: 17KB

.vmp±× Size: - Virtual size: 399KB

Size: - Virtual size: 19KB

.idata Size: - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.themida Size: - Virtual size: 5.1MB

.boot Size: - Virtual size: 2.7MB

.vmp±× Size: - Virtual size: 1.2MB

.vmp±× Size: 1024B - Virtual size: 912B

.vmp±× Size: 5.6MB - Virtual size: 5.6MB

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 348KB - Virtual size: 348KB

.vmp±×
Size: - Virtual size: 399KB

.idata
Size: - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 5.1MB

.boot
Size: - Virtual size: 2.7MB

.vmp±×
Size: - Virtual size: 1.2MB

.vmp±×
Size: 1024B - Virtual size: 912B

.vmp±×
Size: 5.6MB - Virtual size: 5.6MB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 348KB - Virtual size: 348KB