amadey | 2108-0-0x0000000000120000-0x0000000000522000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2108-0-0x0000000000120000-0x0000000000522000-memory.dmp
Size

4.0MB
MD5

173b7df3d02ecd6c94a286a55da78aee
SHA1

e5aefe65015250cc3b54d7dfb227ea58cf52231f
SHA256

473e75b261dc143ac4c07292563db6905259a35c44666c4419ff367085ccb5cb
SHA512

793d643ff259db23a3b0d10bddff04c4234b1d2860da326124955465bfc8bfd9ac2fbc8eb710808bc2aa88f45e7a7981e5e2c677e3489306c07ab580203f4cb4
SSDEEP

6144:28JVIpt1Ha9ShLE3FF4tJgmirfqsfLF8pkXbAjWAVNGrLmYR1/Yzdd9mq7ugcdQ3:NJEw9SO6HsB8WAHemYRhU/mq7ugcdPy

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2108-0-0x0000000000120000-0x0000000000522000-memory.dmp

Files

2108-0-0x0000000000120000-0x0000000000522000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 143KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 26KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 191KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 978KB - Virtual size: 980KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE