amadey | 2560-37-0x0000000003A90000-0x0000000003AFD000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2560-37-0x0000000003A90000-0x0000000003AFD000-memory.dmp
Size

436KB
MD5

799802d42998b6ffb1df3d4271f1700a
SHA1

329af1f17a4053e08658fed4884ea1f4d80e05c0
SHA256

0082d0523e0d099744bbe712800876b986c285c48002d72ae0fe172fe92e7b35
SHA512

822be0ca918b3b62e3fc464a75fe4dcf16cc7982e7396d7c1e548719265750d1aef4e59de21b9266f8129ccb3628f98fb83b8f46e2fbf5779b0c4b4fb9ee021a
SSDEEP

12288:3ghmL/a+NgOGyH94xXJYtxAdbw1867s7mHmuxw6olA7gxyJNS:JNgOGyH94x5Ytx6v6QaklAdNS

Score

10^/10

amadey

Malware Config

Extracted

Family

amadey

Version

4.17

C2

http://185.196.10.34

Attributes

install_dir
eff1401c19
install_file
Dctooux.exe
strings_key
6e23b5eadc27bb0b2eaebdd4fed1beb2
url_paths
/b8sdjsdkS/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2560-37-0x0000000003A90000-0x0000000003AFD000-memory.dmp

Files

2560-37-0x0000000003A90000-0x0000000003AFD000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ