amadey | 2600-0-0x0000000000700000-0x0000000000BB8000-memory[.]dmp | Triage

Sharing

General

Target

2600-0-0x0000000000700000-0x0000000000BB8000-memory.dmp
Size

4.7MB
MD5

cf64012553e33c82d3948c700a1f5f8c
SHA1

ff59e6879893fd3634627638dc1e8737b4113af7
SHA256

947d01fb6fc2510b2f1d5cc0fed70036b26a0fa642276ceab73e7e2eb703299e
SHA512

c90ba4f3b2875616fb2d36ee61e58179544cd0b5dc155a873b619e4a93ad9f124d3f84d96885f23fb6324c7e5ee5973e1fa479eed3cd512ed98152e53f8b2b32
SSDEEP

6144:8K14r3ug3v5vtGWtNGJDtIS7i+bK1TC6:8Xegf5HUJ8+bK/

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2600-0-0x0000000000700000-0x0000000000BB8000-memory.dmp

Files

2600-0-0x0000000000700000-0x0000000000BB8000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 183KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fuhcsxne
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qdaswgfq
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE