amadey | 2948-0-0x0000000000850000-0x0000000000E92000-memory[.]dmp

General

Target

2948-0-0x0000000000850000-0x0000000000E92000-memory.dmp
Size

6.3MB
MD5

13ca6d651c6f0f4562ea88668b81b03f
SHA1

427019746a555a01ca10c157cc2116a21c1f0bc5
SHA256

370065c329f64e85c88b1432dbca42afe8644eb47f057a3924a4d4a680f5a000
SHA512

7685f3b5e05414dc1e61730f8c20073c7911569583abd806c0cf0669285118d677589a86841e595b910e5d9abb8e92c0f9fc144b64d26ccf944e8765bf4d8195
SSDEEP

196608:yF3vgVyaMgqLjs0FYi7deCPfdNkXYuKw:9yaglZde

Score

10^/10

amadey

Malware Config

Extracted

Family

amadey

Version

4.13

C2

http://185.172.128.5

Attributes

install_dir
4fdb51ccdc
install_file
Utsysc.exe
strings_key
11bb398ff31ee80d2c37571aecd1d36d
url_paths
/v8sjh3hs8/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2948-0-0x0000000000850000-0x0000000000E92000-memory.dmp

Files

2948-0-0x0000000000850000-0x0000000000E92000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmpƒ@�
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmpƒ@�
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmpƒ@�
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 152KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: - Virtual size: 330KB

.rdata Size: - Virtual size: 71KB

.data Size: - Virtual size: 17KB

.vmpƒ@� Size: - Virtual size: 1.1MB

.vmpƒ@� Size: 1KB - Virtual size: 1KB

.vmpƒ@� Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 152KB - Virtual size: 1.3MB

.text
Size: - Virtual size: 330KB

.rdata
Size: - Virtual size: 71KB

.data
Size: - Virtual size: 17KB

.vmpƒ@�
Size: - Virtual size: 1.1MB

.vmpƒ@�
Size: 1KB - Virtual size: 1KB

.vmpƒ@�
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 152KB - Virtual size: 1.3MB