amadey | 2204-0-0x0000000000430000-0x00000000008ED000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2204-0-0x0000000000430000-0x00000000008ED000-memory.dmp
Size

4.7MB
MD5

988464060487750f703c2dc7f3f9a953
SHA1

5345307605e5a930ec92250bc494407ed82765c0
SHA256

bef59e457c0ec9d9a38557e357a75c6ecaca263ca94fa85716523ffff9eafd6e
SHA512

13e4ca9a1b3834229e57abaa42964918a43cf9e6341335b2331768df99dd585bf6f4bbab104c6001e7219832ef1ea992432c7f658ef4e607518a32ef17ee01a1
SSDEEP

3072:/410Ghhb6pPjOfhwlyfSnHmsEgguvnUi99Yq5xPIuNf54xL/bgarEp+RK3Fr:A10GhhVcHmsEggu8iPAY41bgafR

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2204-0-0x0000000000430000-0x00000000008ED000-memory.dmp

Files

2204-0-0x0000000000430000-0x00000000008ED000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 183KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vzmgccyl
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dwgvylat
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE