amadey | 2244-0-0x0000000000250000-0x00000000006F2000-memory[.]dmp | Triage

Sharing

General

Target

2244-0-0x0000000000250000-0x00000000006F2000-memory.dmp
Size

4.6MB
MD5

9153558a227b5d9515154bdd71e10b30
SHA1

ff3c3e58967b74402e5664a2db90bdf7b5de4dff
SHA256

e25e8b944426160d790473b6d77284644ab2b1bbe53819fcf5d996ef9a5ff6c5
SHA512

c7556f6d53f13045a744f2df3f7f953e4cf06326e510b3d49b902fb031195cc1e1e153fdc803a0155731046dbb73c37f8343b7de2170a7356bc22ffc4c973d3a
SSDEEP

3072:mQB/1f8PFwRQz5TBUN1Z1gqfOSZ9gDOPNJRkss5xoHM8xlaoKvOaPwmF7TuSpr+z:mI1f8NwR3XfOSZ9gaNJIAPa9OaPNT8

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2244-0-0x0000000000250000-0x00000000006F2000-memory.dmp

Files

2244-0-0x0000000000250000-0x00000000006F2000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 183KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lbqaovly
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kicmpsuq
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE