Extracted

• • Target

    6e61178fd177489bb5649027222781c9b4954f8f06ff964499e3b7c3ad7604fd

  • Size

    1.8MB

  • MD5

    46ab8cbd40a60e88181fe34900137419

  • SHA1

    0e4099fef23cafdf8380e2172699e613b8dedf8f

  • SHA256

    6e61178fd177489bb5649027222781c9b4954f8f06ff964499e3b7c3ad7604fd

  • SHA512

    39d5f013c154251c642c1f9aa1b3c40a3201b7063b745cf4fc518baf185cb491818648705cb7cb8358bfac260c852d487a64f45e881d129d67d21faa1ef5556e

  • SSDEEP

    49152:DgaGZ/JARlm+yyklpfHaRKnktKQU4aJNLm1F3+hlzkQDnpYuQQk9SJIc:0aG9JARlmHHaRttKQU81FObkQmzr8Ic

  Score

  10^/10

  amadeyevasiontrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2