Extracted

• • Target

    8c005ead525ac619d2c2dbe42cc8982a7d7af252d0e6860602293c33bf651ace

  • Size

    1.5MB

  • MD5

    6bec6852c17c6815c5c284045fe249f4

  • SHA1

    75d8db0295ab42dabc0786ef2a696102d405da2f

  • SHA256

    8c005ead525ac619d2c2dbe42cc8982a7d7af252d0e6860602293c33bf651ace

  • SHA512

    779371b8d3fd5c8c78c6cf2933bc72c1a3a161f401bddaf0c9a3ebedbfa4b732b9b3c262d407ca927efe0bbad4ff26b9d26e2bbabc3023fc22fd785bb1369ea2

  • SSDEEP

    24576:zCD7a8eEHRyci1Yg92Y0KE1rFz2ECkNPW4WsgzBmP+3wsxh/u+:4aVEHR/i1Y2rE1rQ/jT9i+gsxBb

  Score

  10^/10

  amadey18befcevasionthemidatrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE

  • Loads dropped DLL

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Checks whether UAC is enabled

    evasiontrojan
  behavioral1behavioral2