Extracted

• • Target

    cd673a990d839b55fca2d4a1703f965d0ae5673e0863602731d0cf0d1754bb23

  • Size

    1.8MB

  • MD5

    c4dfaabdc6dc09bb7aeeff9abc75483f

  • SHA1

    fbc974be63052fc2626794f80d6aa2443be2c7f5

  • SHA256

    cd673a990d839b55fca2d4a1703f965d0ae5673e0863602731d0cf0d1754bb23

  • SHA512

    59dfcf35d9644cf1c1246d03436b344edcac1afe4a444c2428dc04ec8a133db4b2a1790147ce8ad578835f0d386ab2c677e0079a14cc0296b1ff537229dc00e3

  • SSDEEP

    49152:wD/iIoGEF/7G1JNkNqVB1NOzv3gGqfBiSdSIrmk8Z:wbpoGExHNqVB1NOLyfMSgVk8Z

  Score

  10^/10

  amadeyevasiontrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2