amadey | 1624-0-0x0000000001120000-0x0000000001B3E000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1624-0-0x0000000001120000-0x0000000001B3E000-memory.dmp
Size

10.1MB
MD5

6f9b7feb2fa9c38eb8a142e9b9b93420
SHA1

05ffef8ae9bac5b17a6a22c767e46bf518693b9c
SHA256

d91ce99799d9c0f6c5d7fc504da9fe139a783d871f247db24513d37a352d626a
SHA512

740018107f02499ad3636e512529c2e1e326461badcbc8ac33bbcf510c80ddc73e4c079ba5192cee48cce862c1573f0523a22830ee08f2fc17971c2ad8fb56a7
SSDEEP

49152:PhlBNM3uddrrBvB1vrjQV4AF3LSYr7fV8J/:1NM3ufrrNXW45YPVq

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1624-0-0x0000000001120000-0x0000000001B3E000-memory.dmp

Files

1624-0-0x0000000001120000-0x0000000001B3E000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 141KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 26KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 202KB - Virtual size: 7.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE