ammyyadmin | 85e6db3894fb7651e76abb0671ef73cf79bc84d6b3822a4ea4f4383212353bc2

General

Target

85e6db3894fb7651e76abb0671ef73cf79bc84d6b3822a4ea4f4383212353bc2
Size

976KB
MD5

ca098378b9bccd0c6c974d4007f10e92
SHA1

b34e7e690fc79af173acf4cb4e2ad7b2deedd28a
SHA256

85e6db3894fb7651e76abb0671ef73cf79bc84d6b3822a4ea4f4383212353bc2
SHA512

ceb1336e40eed4fe458d24472723f932eac82a7c5e5d9809e9756e284180c5712e3717d0fe0637f72526c0cb7eacb70597ee34392a3a05a6fa9b8e32e6d7a27c
SSDEEP

24576:eMjPJ5g9KVGrdNikfu2hBfK8ilRty5olGJsxe:bJ5gEKNikf3hBfUiWxe

Score

10^/10

ammyyadmin

Malware Config

Signatures

AmmyyAdmin payload 1 IoCs

resource	yara_rule
sample	family_ammyyadmin

Ammyyadmin family
ammyyadmin

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85e6db3894fb7651e76abb0671ef73cf79bc84d6b3822a4ea4f4383212353bc2

Files

85e6db3894fb7651e76abb0671ef73cf79bc84d6b3822a4ea4f4383212353bc2
.exe windows:5 windows x86 arch:x86

39b2903b7498188e4955572bbeb0f3fe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetMessageA
DefWindowProcA
PostQuitMessage
GetDoubleClickTime
UpdateWindow
GetQueueStatus
LoadIconA
RegisterClassA

gdi32

CreateBitmap
IntersectClipRect
ExcludeClipRect
UpdateColors
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
CreateFontIndirectA
GetTextExtentExPointA
GetTextMetricsA
CreateFontA
RealizePalette

msacm32

acmDriverID
acmStreamOpen

advapi32

RegQueryValueExA
RegOpenKeyA
GetUserNameA
CopySid
GetLengthSid

imm32

ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow

kernel32

GetModuleHandleA
GetProcAddress
HeapCreate
HeapAlloc
ExitProcess
FreeLibrary

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 512B - Virtual size: 75B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39b2903b7498188e4955572bbeb0f3fe

Headers

File Characteristics

Imports

user32

gdi32

msacm32

advapi32

imm32

kernel32

Sections

.text Size: 3KB - Virtual size: 2KB

.code Size: 512B - Virtual size: 75B

.data Size: 2KB - Virtual size: 1KB

.data2 Size: 4KB - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 3KB - Virtual size: 2KB

.code
Size: 512B - Virtual size: 75B

.data
Size: 2KB - Virtual size: 1KB

.data2
Size: 4KB - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 9KB - Virtual size: 8KB