amadey | 2888-64-0x00000000054B0000-0x00000000058B8000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2888-64-0x00000000054B0000-0x00000000058B8000-memory.dmp
Size

4.0MB
MD5

910af598859d607907180cf75f1e3031
SHA1

5fed6184bb6433a6b2b455f7fae75e31b4eb1d16
SHA256

b2632f5abce81c53d0f4d24fcf7a38a3ac0a377d1d1dd53b008f7d242e301eb5
SHA512

1361c4cd9eb46f687536e9e4abbb17373bfd4940c58a55488b9cb20a6b8dfeda288bad2aeba822ea85a9e6bc80fa3f86205775098ecf58b35df4bc8f32efbb63
SSDEEP

49152:njKTR7M1xsH6Knrzx1uuYqJ43n8lc3IHDQcql:eTR7M1xsH6KH7uuYsZcs9ql

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2888-64-0x00000000054B0000-0x00000000058B8000-memory.dmp

Files

2888-64-0x00000000054B0000-0x00000000058B8000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 143KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 26KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 617KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE