amadey | 86000016[.]exe | Triage

Sharing

General

Target

86000016.exe
Size

4.7MB
MD5

50fd9d35746b8623a473d6e310f0c0ea
SHA1

e7ad74da3e2b15d8d8c7fdae64ef54ce147b4484
SHA256

100bc684d3d1ac3b2782a3013458878ab21303c834abe617aba9dacb109b5fb1
SHA512

0e3fb52eff1e4b457997786a7ee7c3848ab3b7b36d2d03de3e99e7a5fa0523da333d327e633fec96459bd0345769185d541179081ce112347cc4f4a62491a280
SSDEEP

98304:9o8cJI+ffcN9B8w1H+SRLpOYNxd7hsaMM4Ko:9J8eLpOYjATJK

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

86000016.exe

Files

86000016.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 181KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bmxbbwlu
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lzgbxedd
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE