Extracted

• • Target

    2fab011378c2afbf4ece666058049c2bffcde77dddf420f661599d2b7613465a

  • Size

    1.6MB

  • MD5

    6e7509886f8664d045b09398f1e4b2be

  • SHA1

    2b93a153ba5d452ebbb717015f9cc1512b1dba84

  • SHA256

    2fab011378c2afbf4ece666058049c2bffcde77dddf420f661599d2b7613465a

  • SHA512

    613b06828fe6f8e0a0326725998936b2d463a2f151ee8ba33e45722c7ecb3fec00f5dda01cf08dd91ce4c3c6755e474cb3cb75e7b53be727249c19be326de2d9

  • SSDEEP

    49152:lK85HlR16qS4w8VJzJtXgdLd+Gd7cYTEA:b16lZULlYTEA

  Score

  10^/10

  amadey18befcevasionthemidatrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Checks whether UAC is enabled

    evasiontrojan
  behavioral1behavioral2