amadey | 1964-0-0x0000000001130000-0x0000000001449000-memory[.]dmp | Triage

Sharing

General

Target

1964-0-0x0000000001130000-0x0000000001449000-memory.dmp
Size

3.1MB
MD5

9536ef5dae0c54883b1d94df13cd8ff1
SHA1

3c68ff03a34f492a11415ff4927954408566ecb7
SHA256

f3b44c13b3676a383cdd16a850fd04950fe10055cef6b1b670c7d98b8436c564
SHA512

bfbd897c546ba913a76b7023cbb24858734678452e857e72b1b0cd30d17379091e741a310a0eb9b318c9a799a80a86ebb8e2f842c34c4cea083866ba8447ef6b
SSDEEP

6144:71aXcVpgyii1jtOPB5R2lgwg591wE0FwDZ3uHsah/CTnDkn1/I:OMghiwB5v51go3uHjcnDi/I

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1964-0-0x0000000001130000-0x0000000001449000-memory.dmp

Files

1964-0-0x0000000001130000-0x0000000001449000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 416KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

snbfnslf
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ttwcvhtl
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE