amadey | acdeff96db96022adcea99804d00ae57 | Triage

Sharing

General

Target

acdeff96db96022adcea99804d00ae57
Size

4.1MB
MD5

acdeff96db96022adcea99804d00ae57
SHA1

020c83ba071e4772cec5503df3bd1f7ceee5d77d
SHA256

912d61bf59ab0277cf63e32830d47de8aad5ee7c88e5173beaf70d6a32c8f36c
SHA512

899e6a75bce86eaf33dc63c33633b6d43d9c28ceda7166ac8591ffe36e0e87839492814cdbf15554d28d70a95a3eb69ccb2a5329093d891dca321c097aa8757a
SSDEEP

24576:QbQPr5MEgw51BG71CPwDvt3uFWLn/EgVRM2N:QbQPV1G71CPwDvt3uFcdRM

Score

10^/10

cred module amadey growtopia

Malware Config

Signatures

Amadey family
amadey
Detect Amadey credential stealer module 1 IoCs
cred module

Processes:

resource yara_rule

sample amadey_cred_module
Growtopia family
growtopia
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

acdeff96db96022adcea99804d00ae57

Files

acdeff96db96022adcea99804d00ae57
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ