Behavioral task
behavioral1
Sample
2384-2-0x0000000000DB0000-0x00000000010D0000-memory.exe
Resource
win7-20240221-en
General
-
Target
2384-2-0x0000000000DB0000-0x00000000010D0000-memory.dmp
-
Size
3.1MB
-
MD5
8cae460cd6935edfcac166c5cebdfa00
-
SHA1
b20e8f6bd47d5a9e0e95bad1d73d8643d446ebd5
-
SHA256
55c9c1384e4143ec656c86c2d07a7623def35d265cb4791d36d7dede9e61a5c4
-
SHA512
9f7310dc4a235c066e9d75d44ca74aa8f84e280c50beaf52f6e206cd4e6b182d9b44adbda0d140f1a00a73c9f82e2028c449e9deac85cebb160b2675a95dcea5
-
SSDEEP
49152:C48SW8NgL+D964Ly3qTHdQlgEjC2cwpQeflh:bjW8NgL29rLy3qTHdQlgSC2cyQefX
Malware Config
Extracted
amadey
4.18
http://193.233.132.56
-
install_dir
09fd851a4f
-
install_file
explorha.exe
-
strings_key
443351145ece4966ded809641c77cfa8
-
url_paths
/Pneh2sXQk0/index.php
Signatures
-
Amadey family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2384-2-0x0000000000DB0000-0x00000000010D0000-memory.dmp
Files
-
2384-2-0x0000000000DB0000-0x00000000010D0000-memory.dmp.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 416KB - Virtual size: 416KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pfbejzmg Size: 2.7MB - Virtual size: 2.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
uozxfmmt Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE