amadey | 2148-2-0x00000000003F0000-0x00000000008A8000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2148-2-0x00000000003F0000-0x00000000008A8000-memory.dmp
Size

4.7MB
MD5

e240f67a9e63dffb4177d5ca463cd422
SHA1

d561445b5160fa4ab3795f2a0aa06480fc457d82
SHA256

2f185dca2226500af10aa0c0c73cc20308465af39ada25b12e539ec4c50464ec
SHA512

1f80243f82e5e8ebed3c34fb55324d1c10dff030d04fb4c9c7992e9d65f354a9c8862fb116a69b1c9a779b087bdebd69140de0286d641a3d8a15a1825c7fd58d
SSDEEP

98304:U0aGhq4EqWjSw7j1HKQf66ds616D8iMeOIuGdVFeIvxbC:/F266D1E0IuGJll

Score

10^/10

amadey

Malware Config

Extracted

Family

amadey

Version

4.18

C2

http://193.233.132.56

Attributes

install_dir
09fd851a4f
install_file
explorha.exe
strings_key
443351145ece4966ded809641c77cfa8
url_paths
/Pneh2sXQk0/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2148-2-0x00000000003F0000-0x00000000008A8000-memory.dmp

Files

2148-2-0x00000000003F0000-0x00000000008A8000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 186KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qygfsyuy
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ixersrmr
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE