amadey | 2060-0-0x0000000000EF0000-0x0000000001392000-memory[.]dmp | Triage

Sharing

General

Target

2060-0-0x0000000000EF0000-0x0000000001392000-memory.dmp
Size

4.6MB
MD5

bce4284c06c9028244af387428bf3713
SHA1

ed62e8c70a929586a9ae1e914f3738d8ac707f09
SHA256

95a37a5fb25f3c434577f4011af7321c12cf43f543064a1b02430cc26a155f2d
SHA512

7eacd7696c170d2a6e2cedd667eea7bd7fef43394b1fe6b32861b83b85b61f737318064e8e4dc916bed6cc7a2a1adfcf68644084cc8c4bee3c4c681c452836a9
SSDEEP

24576:lsDUL9LgsJGmxklxPftZgZVu97yi0WANhqY9vPawTRC9lFQI6KdWhQfbG:KwBLLnxuPXyicNAY9vP3TRC9kI6KdPG

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2060-0-0x0000000000EF0000-0x0000000001392000-memory.dmp

Files

2060-0-0x0000000000EF0000-0x0000000001392000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 186KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cwgaqviz
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xfidtzax
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE