amadey | 1972-0-0x0000000000A00000-0x0000000000ECE000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1972-0-0x0000000000A00000-0x0000000000ECE000-memory.dmp
Size

4.8MB
MD5

163f049ce0ce4b7171a819324f22d418
SHA1

9f69dca2a4414b9d5991f751d376f60f087f911d
SHA256

3ed7a7b6fe15598d95c3aea585a2a4b1866a955e9864f9a71f76d15154d55af9
SHA512

c4cebeacb5f104943fede26d84c0a2ecce1340c96be3b6b01e7509c31a60a8107a83e44fead893ee2d983b0141e2a170a125330aa5e87950165777cb9fca8ea5
SSDEEP

24576:MMAMa/AGShZ0yH150FJ1zAdKDty3a8ODy5UKUqcejRv:g/jSgy7Kc2yK8n5DdjRv

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1972-0-0x0000000000A00000-0x0000000000ECE000-memory.dmp

Files

1972-0-0x0000000000A00000-0x0000000000ECE000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 182KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uzlflnwv
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ugrbrdbs
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE