amadey | 1704-0-0x00000000013D0000-0x000000000189B000-memory[.]dmp | Triage

Sharing

General

Target

1704-0-0x00000000013D0000-0x000000000189B000-memory.dmp
Size

4.8MB
MD5

ac73968de05f76a7b207e86bd62993da
SHA1

86bf461cc1e013ab6a1be5ab156d9041541864c2
SHA256

3c80fb961016e0a24d82f172f7ddb52fbe587d0ccaa12ba2b3ddd5f8cf13f039
SHA512

e31fc7e6219f7d19b784547cf4329d4ed6a1f3559f7e9fbdeaa86f25186957d59ff40b62c08d9b7fe8c206428f5d0e87d46713b458902a3d04b4e559fda16e8c
SSDEEP

24576:dSJjB0mRKVE7cD2l9hXUCvhnP8I8hpz6a9ioc/FZO1ROG:dQjGXE7cyl9hXUC5nPehNK9ds1

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1704-0-0x00000000013D0000-0x000000000189B000-memory.dmp

Files

1704-0-0x00000000013D0000-0x000000000189B000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 181KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ujsgxykv
Size: 1.6MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ekvdlims
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE