amadey | 1740-0-0x0000000000820000-0x0000000000C21000-memory[.]dmp | Triage

Sharing

General

Target

1740-0-0x0000000000820000-0x0000000000C21000-memory.dmp
Size

4.0MB
MD5

a38376faccb96eacde1670f238596eb9
SHA1

54cbc5ca0722c45659f1b14d9f620bb02233e560
SHA256

6b5db0cf162e07ffcfd046cceeeb05d74e00cdf5f67ecd62f3c795f06c454cbc
SHA512

60f78d1ebc567e1390c1ca39fbd7185c589b35d18f835a5da648dcff3d95c4397405c22dc3135cf35afdcd1f9eab37fcf40b98332024f3201b31b21e29d1eb43
SSDEEP

24576:zuyu6sBBhhuPy05JGeW/AusMSpqhPi06iBh7oqeHGNFM5GFML8BtHflIN2L2hvD:zjuXdhuamJa5p

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1740-0-0x0000000000820000-0x0000000000C21000-memory.dmp

Files

1740-0-0x0000000000820000-0x0000000000C21000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 143KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 26KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 191KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 975KB - Virtual size: 976KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE