amadey | 1772-2-0x0000000000B20000-0x0000000000FD8000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1772-2-0x0000000000B20000-0x0000000000FD8000-memory.dmp
Size

4.7MB
MD5

d09bccb824349e1daf30c9c3cd6c9d0e
SHA1

111181f61b2c50c5ad5df9e71424f1ea39b8a99e
SHA256

46daca40d0922563b9f56ebc4ca7d0f4d506eac895cb2f003aca348b4661bea8
SHA512

de797d7b15bd095a3104515882ff8dfd6e924a706e3350463d7951075f84b7303c29aa016815fc04b14bd89141cd38890452d9717d6801c4d4fac66e850f58ca
SSDEEP

98304:ILhJoGGN5WKPsvo+ltktdc9NC+tzkh50BOvkvRNq3GeEmxE0XT:o9WaNCwADf4rqpxE0D

Score

10^/10

amadey

Malware Config

Extracted

Family

amadey

Version

4.18

C2

http://193.233.132.56

Attributes

install_dir
09fd851a4f
install_file
explorha.exe
strings_key
443351145ece4966ded809641c77cfa8
url_paths
/Pneh2sXQk0/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1772-2-0x0000000000B20000-0x0000000000FD8000-memory.dmp

Files

1772-2-0x0000000000B20000-0x0000000000FD8000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 186KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

deohpzaw
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

efxlahfi
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE