amadey | 356-0-0x00000000012A0000-0x0000000001F0F000-memory[.]dmp

General

Target

356-0-0x00000000012A0000-0x0000000001F0F000-memory.dmp
Size

4.5MB
MD5

f57da853affb0757b0bfba083b3353f2
SHA1

b6c0e5ad2cf4c4062fc27e33fa60f8fdc39c13aa
SHA256

f830c51ee0b3ffe6d824fa6b326c0085f25b7971b9829f4b7f5cb6e40de687b2
SHA512

98a70d880993d12d6bebcec0fa47763d4dc30b71e493f7e04e7c01a214b8c3c221081858a6ea27bf2c7e191caa0983ac55f9c17208cc85498de82853003e60c3
SSDEEP

98304:PR2yS/c9HnSUWi64hdFkAAvDQf/nCy8g7ngFgQp:JG4hziQnCMOge

Score

10^/10

amadey

Malware Config

Extracted

Family

amadey

Version

4.13

C2

http://185.172.128.5

Attributes

install_dir
4fdb51ccdc
install_file
Utsysc.exe
strings_key
11bb398ff31ee80d2c37571aecd1d36d
url_paths
/v8sjh3hs8/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
356-0-0x00000000012A0000-0x0000000001F0F000-memory.dmp

Files

356-0-0x00000000012A0000-0x0000000001F0F000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WAV^][�
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.WAV^][�
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp*C��
Size: - Virtual size: 976KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp*C��
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp*C��
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: - Virtual size: 330KB

.rdata Size: - Virtual size: 71KB

.data Size: - Virtual size: 17KB

.WAV^][� Size: - Virtual size: 3.0MB

.WAV^][� Size: - Virtual size: 1.9MB

.vmp*C�� Size: - Virtual size: 976KB

.vmp*C�� Size: 1024B - Virtual size: 580B

.vmp*C�� Size: 6.2MB - Virtual size: 6.2MB

.reloc Size: 6KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: - Virtual size: 330KB

.rdata
Size: - Virtual size: 71KB

.data
Size: - Virtual size: 17KB

.WAV^][�
Size: - Virtual size: 3.0MB

.WAV^][�
Size: - Virtual size: 1.9MB

.vmp*C��
Size: - Virtual size: 976KB

.vmp*C��
Size: 1024B - Virtual size: 580B

.vmp*C��
Size: 6.2MB - Virtual size: 6.2MB

.reloc
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 2KB