amadey | 2628-30-0x0000000000400000-0x000000000048C000-memory[.]dmp

General

Target

2628-30-0x0000000000400000-0x000000000048C000-memory.dmp
Size

560KB
MD5

fb8f635126b418a18da1482cc150e088
SHA1

2f214b480ddd705fb0c93722bfe35b15de73c7ac
SHA256

be0430f4da5dd8cb4479d286f68f53532d01276aefbd98c43d4196325520e299
SHA512

55e15a5916c793aea50c3148a6d5f8b5f927b64dc129e7cb708b5825c85bf05b0bc939e4da250413ad5a1fa70f5e4c526e096798e3056a7285b0d26adb0597a6
SSDEEP

12288:Q/zT1HFqBB2LASU1aFJ7rbnjGq88DUqQA3V8e+o+ArAsLzPstZxf7PNl:fBBjSJ7/C8DHb

Score

10^/10

3b4498 amadey

Malware Config

Extracted

Family

amadey

Version

5.03

Botnet

3b4498

C2

http://gardenhub-fitlife.com

http://gardenhub-fitlife2.com

http://gardenhub-fitlife3.com

Attributes

strings_key
8ebb4a20053589d32f9b9ccd6234230f
url_paths
/g9jvjfd73/index.php

/g9jvjfd74/index.php

/8bkjdSdfjCe/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2628-30-0x0000000000400000-0x000000000048C000-memory.dmp

Files

2628-30-0x0000000000400000-0x000000000048C000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

iowjk
Size: 103KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 316KB - Virtual size: 315KB

.rdata Size: 82KB - Virtual size: 82KB

.data Size: 11KB - Virtual size: 27KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 17KB - Virtual size: 17KB

iowjk Size: 103KB - Virtual size: 104KB

.text
Size: 316KB - Virtual size: 315KB

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 11KB - Virtual size: 27KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 17KB - Virtual size: 17KB

iowjk
Size: 103KB - Virtual size: 104KB