amadey | bf39cab0316d955f9390d32d9fcefc6c665969c3ce63f018d09a8fe5015a998f | Triage

Sharing

General

Target

bf39cab0316d955f9390d32d9fcefc6c665969c3ce63f018d09a8fe5015a998f
Size

1.8MB
MD5

b399ade4ccfa214269bb946c2429adbf
SHA1

327ec0d492593bfa5e4ae55ad86187e105578bba
SHA256

bf39cab0316d955f9390d32d9fcefc6c665969c3ce63f018d09a8fe5015a998f
SHA512

905c1cef696408872e0e354f10402f7871f1cb4a2711f8e6c47efbd6e43971c0f8cada6675a077b5efe8b209b911959a1e7e5cef54381983ea9188b127db91fd
SSDEEP

49152:jVDpjoTCTtlc29kOipHZzqTlbKAwqJXmSwSi:pDpXTtd9kTpHcoAw/Swp

Score

10^/10

Malware Config

Signatures

Amadey family
amadey
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

bf39cab0316d955f9390d32d9fcefc6c665969c3ce63f018d09a8fe5015a998f

Files

bf39cab0316d955f9390d32d9fcefc6c665969c3ce63f018d09a8fe5015a998f
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 182KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zwvqdoqh
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

oyowmqkw
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE