Static task
static1
General
-
Target
amadka.exe
-
Size
1.8MB
-
MD5
90f56fc0692b701b96bbd8799a9c6bd5
-
SHA1
3af189f844523904e15a969b4ef74a70d4624ab2
-
SHA256
3630a93eadcf4015edf8f7015a90302e54ed7841fd478e0ad5cbde835fbd6c1c
-
SHA512
383a8e3a57a5d96ae51bb61e81f87733eeb14dc8e6ae2590f85797c0e7eca527fd41a76508cd54f68cf99c5432c95a4be0bfe61c2c8a9379e396f910465ecb17
-
SSDEEP
49152:+bsj+sRSCXUewyqDx1w+hzN+C6I8gyXXbHr2SCIJ:QvCktyqFthN/H8vndnJ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource amadka.exe
Files
-
amadka.exe.exe windows:6 windows x86 arch:x86
2eabe9054cad5152567f0699947a2c5b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrcpy
Sections
Size: 182KB - Virtual size: 408KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 2.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lxdhilvs Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ritnspfk Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.taggant Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE