amadey | 2344-0-0x00000000002F0000-0x00000000007A3000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2344-0-0x00000000002F0000-0x00000000007A3000-memory.dmp
Size

4.7MB
MD5

8716b7347179632ab4836a40e77e552c
SHA1

170fd4c49ec30934bb841499d4b3a90734933d0a
SHA256

9ffde0a985db6f7d3250c70f23ea96b84973a5dfa1bec534de0f415d0e3767ed
SHA512

240601004cc045d5ec15b2e218b0eb41ce81a906cc47c9000d957e656619bd0ea800831a72557f65af41d3dacb8b95888d87f2be6453d150098274a7f9d2e1b5
SSDEEP

24576:70RTWVzUiYx0TvhgrLxrEIHWYjXqEOL39Mhpz4hfoI2Ka:4JW5kx07hOxriNMn0D

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2344-0-0x00000000002F0000-0x00000000007A3000-memory.dmp

Files

2344-0-0x00000000002F0000-0x00000000007A3000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 181KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bekipgri
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fpsokrep
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE