amadey | 2504-0-0x0000000001050000-0x0000000001523000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2504-0-0x0000000001050000-0x0000000001523000-memory.dmp
Size

4.8MB
MD5

ec4eecc28ecef320b961d33e1becd4ae
SHA1

efb1ff1054b619b199ee756b42f974057ae96a9f
SHA256

b16456aef4ef450011b46516fe1c07872e2c42c30a64c61395f3eb2302e88719
SHA512

036fb2fa85cfe9246c6700267f0dc2e2a1b8fae612d9667132cea36f398bde700f47f308d66ac3d977111fda237e72d57dca09590d9ed188bfe51d36fca26ac1
SSDEEP

24576:cEHygCF5s8azecHRME0RcO8lA5bhc0Lre9NFVel9rVPMP:ckydc8aKcHyM1+7PM

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2504-0-0x0000000001050000-0x0000000001523000-memory.dmp

Files

2504-0-0x0000000001050000-0x0000000001523000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 181KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ugcwqbdk
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uxycrqyf
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE