Behavioral task
behavioral1
Sample
988-3-0x0000000000400000-0x0000000000472000-memory.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
988-3-0x0000000000400000-0x0000000000472000-memory.exe
Resource
win10v2004-20240611-en
General
-
Target
988-3-0x0000000000400000-0x0000000000472000-memory.dmp
-
Size
456KB
-
MD5
b9b45bd985cafd58c6a2d19727912a43
-
SHA1
55e9e6184fa353af3591e34c09d4a0046311856b
-
SHA256
5be63c1dd8d21e308f3e240f4b7e86c960b56cb2485c741ee8d6a326b600b615
-
SHA512
d7811d02496a7f6ca47e0a9bb41a0a6b91a480f072fbb65028a8d891b08bf6a79e119350b40f881e4757d9b9a96342bb04c082480aaf208c4cba82d8cda21f3f
-
SSDEEP
12288:58m7eJ8uBNne5pAeNaeLSPBWKuJ+Q8NxIvRL7:5u8uBNnopx5Sg8aRL7
Malware Config
Extracted
amadey
4.19
8fc809
http://nudump.com
http://otyt.ru
http://selltix.org
-
install_dir
b739b37d80
-
install_file
Dctooux.exe
-
strings_key
65bac8d4c26069c29f1fd276f7af33f3
-
url_paths
/forum/index.php
/forum2/index.php
/forum3/index.php
Signatures
-
Amadey family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 988-3-0x0000000000400000-0x0000000000472000-memory.dmp
Files
-
988-3-0x0000000000400000-0x0000000000472000-memory.dmp.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 329KB - Virtual size: 329KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 73KB - Virtual size: 73KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ