Extracted

• • Target

    8f53811c1d4a72d6a8e0aa9014a2465ccace71b1f087de4f9ddf7470a7fa3c85

  • Size

    1.5MB

  • MD5

    8581e5e4ae637dd59fc3abc0acdbcd52

  • SHA1

    2996517e9d5c65dc1f71af464b63495921d0713d

  • SHA256

    8f53811c1d4a72d6a8e0aa9014a2465ccace71b1f087de4f9ddf7470a7fa3c85

  • SHA512

    647e13e1a6befd67a4ade265ee037362a34d93ee89ac5d9e4f796ce59308c138ac3fdd2820e0f387cef8a47a27be696ef312b903ace25bb922806b067952a5c7

  • SSDEEP

    24576:4nze2JrAL+5o43HGm2RDiyVG8mo34EuYNcK5H6valfaW/p0UVvcVXZix:ce235f+0yVSIa5whaxUqVi

  Score

  10^/10

  amadey18befcevasionthemidatrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Checks whether UAC is enabled

    evasiontrojan
  behavioral1behavioral2