amadey | 1688-0-0x0000000000CF0000-0x000000000119E000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1688-0-0x0000000000CF0000-0x000000000119E000-memory.dmp
Size

4.7MB
MD5

81c86f6d1342bdcd682eb7095f0c5f49
SHA1

c04260ecbf5b696d3dd3403a5d6697ffbfd2c055
SHA256

106c6299303b191ae3520fd61b00fa2eef3154577eec0665fc6fd6466bffc932
SHA512

670956b39479a48c3ef0d90047bbe2677e42b6a0cd180e35b8c16cb1897d936bf746c228aa284a7b3d6610db8e6d2f256b8e2db51edbb8583378c23dbf3947e8
SSDEEP

24576:UpNurwvFUfgRmgPXHvc8n7luoTv6DDYDg+FD7rpIHDkbFnmmsBfqBf0j:UPu8XRmglG4Dg+9IjknsB

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1688-0-0x0000000000CF0000-0x000000000119E000-memory.dmp

Files

1688-0-0x0000000000CF0000-0x000000000119E000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 181KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wmiexntl
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uuiczioc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE