D:\Mktmp\Amadey\Release\Amadey.pdb
Behavioral task
behavioral1
Sample
ecc20ff68381ebcbe6c9155176288fc83e4ffa003059e41ed0c04664e017a981.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
ecc20ff68381ebcbe6c9155176288fc83e4ffa003059e41ed0c04664e017a981.exe
Resource
win10v2004-20240508-en
General
-
Target
ecc20ff68381ebcbe6c9155176288fc83e4ffa003059e41ed0c04664e017a981.exe
-
Size
204KB
-
MD5
458b136776805cb5237bb48153f8d34d
-
SHA1
13f57fb65117ce31cc2a0907ac026f6d3e39a8f9
-
SHA256
ecc20ff68381ebcbe6c9155176288fc83e4ffa003059e41ed0c04664e017a981
-
SHA512
8a1dd4bdfd7351cbd1c5fb50a248af661a323a8d917dc9d1699bdc34338d4e1f49168426307773dd3bc7c76a7e2093bcfecd04a97ad7b34e3f294c961d86c663
-
SSDEEP
3072:shMCsw9/w+A4cwP+5OzutpHKGruONM4QuZA+65bi83eILfpcJ5kmh:zCswq+AXYu7HGOSuZAleILaJ
Malware Config
Extracted
amadey
3.81
f9a925
http://77.91.124.20
-
install_dir
c3912af058
-
install_file
oneetx.exe
-
strings_key
0504ce46646b0dc397a3c30d6692ec75
-
url_paths
/store/games/index.php
Signatures
-
Amadey family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource ecc20ff68381ebcbe6c9155176288fc83e4ffa003059e41ed0c04664e017a981.exe
Files
-
ecc20ff68381ebcbe6c9155176288fc83e4ffa003059e41ed0c04664e017a981.exe.exe windows:6 windows x86 arch:x86
f8cc61ade86cb7277d0ab974de6323cb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GetFileAttributesA
CreateFileA
CloseHandle
GetSystemInfo
CreateThread
HeapAlloc
GetThreadContext
GetProcAddress
VirtualAllocEx
LocalFree
GetLastError
ReadProcessMemory
GetProcessHeap
CreateProcessA
CreateDirectoryA
SetThreadContext
WriteConsoleW
ReadConsoleW
SetEndOfFile
SetFilePointerEx
GetTempPathA
Sleep
SetCurrentDirectoryA
GetModuleHandleA
GetComputerNameExW
ResumeThread
GetVersionExW
CreateMutexA
VirtualAlloc
WriteFile
VirtualFree
HeapFree
WriteProcessMemory
GetModuleFileNameA
RemoveDirectoryA
ReadFile
HeapReAlloc
HeapSize
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
DeleteFileW
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
SetLastError
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
CompareStringW
DecodePointer
advapi32
RegCloseKey
RegQueryValueExA
GetUserNameA
RegSetValueExA
RegOpenKeyExA
ConvertSidToStringSidW
GetUserNameW
LookupAccountNameW
shell32
SHGetFolderPathA
ShellExecuteA
ord680
SHFileOperationA
wininet
HttpOpenRequestA
InternetReadFile
InternetConnectA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
InternetOpenW
InternetOpenUrlA
Sections
.text Size: 157KB - Virtual size: 156KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ