amadey | 2480-60-0x0000000006350000-0x0000000006711000-memory[.]dmp | Triage

Sharing

General

Target

2480-60-0x0000000006350000-0x0000000006711000-memory.dmp
Size

3.8MB
MD5

4d985b76fa3964c2ce60de4dcf08ef44
SHA1

d73a824a210d4f53098d97e5a495a47ed2a890f8
SHA256

87dbd88bc689fe4dff60f5d85771224b59dd73381781833c074d930366cac333
SHA512

e5665eae92187f0175f14e686ff4aa2789c5528f21b7e406c76805ae3c9cb3e50624a8b3afd2702d7e0671ac1ad1d8697efd4b3580dc58394390c48034c3ccec
SSDEEP

98304:kWGXQ5K9YBBYN/03tdoILDd0TrL4EYNKjBx3:pWOcCVCrL4Ajn

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2480-60-0x0000000006350000-0x0000000006711000-memory.dmp

Files

2480-60-0x0000000006350000-0x0000000006711000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 186KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wcagcaic
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

klffmwsh
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE