amadey | 2616290x00000000004000000x000000000046D000memorydmp[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2616290x00000000004000000x000000000046D000memorydmp.exe
Size

436KB
MD5

a455e0f1469897b28ed1f5272086f24e
SHA1

e8440e6d6c19196f61e7ace2a204e22c3c26dfcd
SHA256

c1b062398c7b8861bd5730d74f2e1179021cc7994c2009177866857f5f02fad2
SHA512

8fc0a247c0d86f5b76a2715eda8d19f437158f5eea6ef2b798a0b6dc4095d2207d5a7b75911532c4b4be0193e5f9f4d0e4464be94f72063e62ac1037ac6157b7
SSDEEP

6144:0gYwQ6dU/yDCNZCP3zADrq62v6XblTO6boF+nT6Lx6y42mL5hqfMvmfpum+TPagP:0gYbNcyrjbuC6LcsmL7Pvmfpum+T

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2616290x00000000004000000x000000000046D000memorydmp.exe

Files

2616290x00000000004000000x000000000046D000memorydmp.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ