Behavioral task
behavioral1
Sample
2396-0-0x0000000000FF0000-0x00000000014AE000-memory.exe
Resource
win7-20241010-en
General
-
Target
2396-0-0x0000000000FF0000-0x00000000014AE000-memory.dmp
-
Size
4.7MB
-
MD5
63f29e7e348d34170cebc35c9841b355
-
SHA1
7f7a8e74f4d902379620df749c648d1ad6667f2f
-
SHA256
bebaf3978515c3464aa11e528c90a57398d8d4c4777221973a30422f882cbfc2
-
SHA512
6d55f4eb8accbb332015f9fdeec86e5dacc4479d88a685535d890c5a24f098f7a84fd50370b905822d7e4ee28d9419fb71958f092de8795d2c65c0b588f8b807
-
SSDEEP
12288:Mi5dIJrnYtdbdH5V5LzXn5/GaNuSAXxvbMulH7H73TclvIPQj2v/wE7auo5lUo:vLirnY7BZTnTuxvbZBLjTcBvaQE2l
Malware Config
Signatures
-
Amadey family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2396-0-0x0000000000FF0000-0x00000000014AE000-memory.dmp
Files
-
2396-0-0x0000000000FF0000-0x00000000014AE000-memory.dmp.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 183KB - Virtual size: 416KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 2.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pmxtlhqp Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
zwplvqoo Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.taggant Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE