amadey | 2156-0-0x0000000000EF0000-0x00000000013B0000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2156-0-0x0000000000EF0000-0x00000000013B0000-memory.dmp
Size

4.8MB
MD5

e367b490e86ea4a82a22f43fec9a91e1
SHA1

dda3d075f3fe68cba86a6306ddf87eda6f528c6c
SHA256

2d4f7ead47cf3bfa1dcb2db9a46e366d86ad0dfa613dc709d3e0f7b8b5bdcbcd
SHA512

66542abaef399482e06e3282c55e20662381e1abb0b9363b96df8e1bbd2750bf6ed81f9ecd541742220546c6e0def5c00f994424c0ceb594a822d096962354b0
SSDEEP

24576:dsNswbjotx8HvpmeNcqTI7GF3TCBRJ98nwWtyyz5FkJv:dWs0ax8P/cqyBRJ98nB/kJ

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2156-0-0x0000000000EF0000-0x00000000013B0000-memory.dmp

Files

2156-0-0x0000000000EF0000-0x00000000013B0000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 181KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kpvegfsd
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

splumzwn
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE