amadey | 2624-64-0x0000000000400000-0x0000000000471000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2624-64-0x0000000000400000-0x0000000000471000-memory.dmp
Size

452KB
MD5

bce77d53ecf03bc62f89c383763fde26
SHA1

c4e4f57998a5f1577b9b2e862c9737748bd9ba81
SHA256

f75383703532aeecc6f91b7ac2f18cc00ba58396d489caca55f9f40a0c17c1f2
SHA512

df518d0d1ecf53c9bddebdc2afb88f6ff7238e7dc4d404f8202f341094e6e0ada8d3d3e40f1a9eb58f39c926c51e662b831071469ea83255e1637623807c8b8b
SSDEEP

12288:sXLuBglhv+vNO6bVeKGA/Py3B1KuJ+NiKYUud7tnUv:OLKgHv+vNOSV/vyrnKtG5Uv

Score

10^/10

ffb1b9 amadey

Malware Config

Extracted

Family

amadey

Version

4.30

Botnet

ffb1b9

C2

http://proresupdate.com

Attributes

install_dir
4bbb72a446
install_file
Hkbsse.exe
strings_key
1ebbd218121948a356341fff55521237
url_paths
/h9fmdW5/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2624-64-0x0000000000400000-0x0000000000471000-memory.dmp

Files

2624-64-0x0000000000400000-0x0000000000471000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

ekm
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE