amadey | 3064-0-0x0000000000B50000-0x0000000001004000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3064-0-0x0000000000B50000-0x0000000001004000-memory.dmp
Size

4.7MB
MD5

efe3aaed10f91a319938f4012eca40a4
SHA1

af7b64c8d79642056e646ed1d420c8d7c29de0e6
SHA256

4b15163987d3add989fe4a1d7ba2bb5ffded3a3e149b6417dcd6f8bd158fc787
SHA512

7e3d9e75ca59d5313ae0373f647ee8a9e5230fbad68de52756d11c2684551d0109be525735745fdac387570cbab714907712e7a7b46cacf66e2690194a0b995c
SSDEEP

24576:PFKtXopCzkd7yL18zNOOXKZ+KiLW9ZjtZ6bM//6V5Rf:PkoIzyyL2zAiKUKiLWKbA+

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3064-0-0x0000000000B50000-0x0000000001004000-memory.dmp

Files

3064-0-0x0000000000B50000-0x0000000001004000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 182KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

khzozcvk
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

towdhvdi
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE