amadey | 2224-0-0x00000000004D0000-0x000000000098B000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2224-0-0x00000000004D0000-0x000000000098B000-memory.dmp
Size

4.7MB
MD5

12960335188bee7ca8a2a85527c6cbe4
SHA1

51748cf862dfeb2f3d5a952b49092d94244b0081
SHA256

df15962f24531b5df2c327d4d939bb07b2a8487304172d831eaef3183b423f6f
SHA512

7b842c5e234ece3eb9ee578afeef79a3e78268066dc498005d0da96d9981f1ffe69370d842d3444cc7f9ea0ea7abd9932388bab5b8e5c4a946a071eaaf6b10fc
SSDEEP

12288:6zT1DgB2RGiJfyZNyeTZUfBQRusBpd8c8zAAt0rr+fFsliHgzMww/AYyKUAv8Pr/:SDgB2dJqLTSiL78eNMRYYyzPV/YN

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2224-0-0x00000000004D0000-0x000000000098B000-memory.dmp

Files

2224-0-0x00000000004D0000-0x000000000098B000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 183KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gxkkbqoc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

eqeztqem
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE