amadey | 1920-57-0x00000000066C0000-0x0000000006F4D000-memory[.]dmp | Triage

Sharing

General

Target

1920-57-0x00000000066C0000-0x0000000006F4D000-memory.dmp
Size

8.6MB
MD5

ceeaeaf3051d2d9ebf0653e133a812a5
SHA1

1a6e0cf2069c7020d8c2ca81fcf0a1fa85207938
SHA256

2818a78e6dec837379382f140433e10cb14a160fc8433f73bdb14da0bdff74fa
SHA512

46c91d9426094053febf3b6cb38b80e912e5b8e8266518daf4389e1768ac51d65f3a37726c13726630b401cd27f7331fe93898ca870cb1913890853b69ba27e0
SSDEEP

98304:ncqR4p+ZRt43UAYcEHtcn3ORdeSLr4LrtwqR4p+Z4t43UAYcEHtZC3ORdeSLXVwL:nJ23OR4grSrt6fQOR4gXVzcz

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1920-57-0x00000000066C0000-0x0000000006F4D000-memory.dmp

Files

1920-57-0x00000000066C0000-0x0000000006F4D000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 416KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wzamnhka
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rnzdqiuw
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE