amadey | d6810f1cbaf9ee8a1d617434788d2f8f8d80df7f1e5ce0197bbf616e3fc5f612 | Triage

Sharing

General

Target

d6810f1cbaf9ee8a1d617434788d2f8f8d80df7f1e5ce0197bbf616e3fc5f612
Size

1.8MB
MD5

3c10abdfb171f43c29057cd1fea690e5
SHA1

80bb485d1ff48bc741e0e7d53b9c1815b93105eb
SHA256

d6810f1cbaf9ee8a1d617434788d2f8f8d80df7f1e5ce0197bbf616e3fc5f612
SHA512

79ee5ed68a6ae041d4760fd3f0992d0f2c36f800f10240022417866d814201f7b612aa6544ae98d194c23b2441bd5d08664ed03f8237bf90cd4dffb2bdbe7179
SSDEEP

49152:Lu3Dj+vVok8kzSsqyLhET3mcKZjlrHdCrZDOx14Zy/kX:L0DjIekvPqoY3tKxt9YZDOSss

Score

10^/10

Malware Config

Signatures

Amadey family
amadey
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

d6810f1cbaf9ee8a1d617434788d2f8f8d80df7f1e5ce0197bbf616e3fc5f612

Files

d6810f1cbaf9ee8a1d617434788d2f8f8d80df7f1e5ce0197bbf616e3fc5f612
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 182KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

iojtcqdm
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kjptqugi
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE