amadey | 2944-0-0x0000000000270000-0x0000000000C99000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2944-0-0x0000000000270000-0x0000000000C99000-memory.dmp
Size

10.2MB
MD5

b8a6b3b7233bf2c99a1a02853bb0b9fb
SHA1

fbc6e7cc4b6cc6dd1fdd698ab59b584f33ad6083
SHA256

9ffad0fac352b49e029c1a600a31204c46c86613402f67ecf5abf124de28b284
SHA512

b36a45ae65aa813e7691af4d0e53dad6fc77c32c25fceb56e1242a9e90b8350fb2662691a363208fe4202366809b80d8a1ff7acf876d4cf9f968360282ea3a2a
SSDEEP

12288:0EislJIctV9lXutZdUDmxw3uuvTJYDr1p:DislJ3tjGZqswXJYDrH

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2944-0-0x0000000000270000-0x0000000000C99000-memory.dmp

Files

2944-0-0x0000000000270000-0x0000000000C99000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 141KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 26KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 202KB - Virtual size: 7.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE