| File Name | 6f31b1b2b0f080c1569d5dfb2840244be2c8ef84824b0fecf686c6e42def3aa7 |
| File Type |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| Scanner Version | 1.0.171.174 |
| Database Version | 2024-04-04 15:00:12 UTC |
Malware family: Amadey
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
880a075ad80df403c769a3fe24dff9d4
|
|
| SHA1 |
de151458c131aff98d149a7c9dd4d34f9b74c8bb
|
|
| SHA256 |
6f31b1b2b0f080c1569d5dfb2840244be2c8ef84824b0fecf686c6e42def3aa7
|
|
| SHA512 |
6525f1b41415b2ee47d2804f828f5ad445272a1112e5d8756004c509da4b91388813858c93d7f1b34dcde9e4e799d48dc318bd34a5bff7be5c7e7c8cbc9e3035
|
|
| ImpHash |
2eabe9054cad5152567f0699947a2c5b
|
| Image Base | 0x00400000 |
| Entry Point | 0x008bb000 |
| Compilation Time | 2024-03-03 06:02:23 |
| Checksum | 0x001d4622 (Actual: 0x001dc998) |
| OS Version | 6.0 |
| PEiD Signatures |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| Digital Signature | The PE file does not contain a certificate table. |
| Imports |
1 libraries
kernel32 |
| Exports | 0 functions |
| Resources | 1 Resources |
| Sections | 7 Sections |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
� |
0x00001000 |
425,984 bytes | 190,976 bytes | 7.98 (Packed/Encrypted) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
8C93BB17403252A2E28DCFBD1A57FB94 |
.rsrc |
0x00069000 |
480 bytes | 512 bytes | 4.53 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
8C39EF38AC0CC0F995A723F6B6BCB474 |
.idata |
0x0006a000 |
4,096 bytes | 512 bytes | 1.02 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
17662C92043ABDE8B4B3074DCC401CA6 |
|
0x0006b000 |
2,809,856 bytes | 512 bytes | 0.26 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
E5CCE162D06D79B39466FE59921ABF1B |
scktkwxv |
0x00319000 |
1,708,032 bytes | 1,705,472 bytes | 7.95 (Packed/Encrypted) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
1A7774100CB6C140E98C26505658090B |
rdcbyvpq |
0x004ba000 |
4,096 bytes | 1,536 bytes | 5.15 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
6C3020C75B67AA4BDBE01F529DFBBD45 |
.taggant |
0x004bb000 |
12,288 bytes | 8,704 bytes | 0.74 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
2D091599815D3919287FEE7489381CAF |
2 section(s) with high entropy (≥7.5) detected - possible packing/encryption
| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| RT_MANIFEST | 1 | 381 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
The PE file does not contain a certificate table.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Gridinsoft has the capability to identify and eliminate Trojan.Win32.Amadey.tr without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system
