amadey | 2248-0-0x00000000009A0000-0x0000000000E53000-memory[.]dmp | Triage

Sharing

General

Target

2248-0-0x00000000009A0000-0x0000000000E53000-memory.dmp
Size

4.7MB
MD5

59293e89b9a9308da1e932b7f1e74e39
SHA1

7cf33469cf4b2ad12eb45ad6ee821e54263a9eb5
SHA256

c01d9990f70a44cb2cffd6e6d40fa295c77d562eb95405f629805d9a029fa368
SHA512

e0adc277859315310fb0493f0bdaeaebe149b3f8b7031a4a539576fb055fc63712fbca6f0813d0b70f4b5606b6eee7a353220591eed6d600c7e6beb3bc8916fe
SSDEEP

3072:HYkA5oTS3FfJ2hXadBai2IkQcU4L8NUYBIxaLf3Z2LA/o1mXjp9wF/8C:HnA5KSLpt2IkQcUFS+h2ao1mPwj

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2248-0-0x00000000009A0000-0x0000000000E53000-memory.dmp

Files

2248-0-0x00000000009A0000-0x0000000000E53000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 186KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jgdkwfyp
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qekdqbgc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE