6f31b1b2b0f080c1569d5dfb2840244be2c8ef84824b0fecf686c6e42def3aa7 Trojan Amadey Analysis
| Online Virus Checker | v.1.0.171.174 |
| DB Version: | 2024-04-04 12:00:12 |
Trojan.Win32.Amadey.tr
Amadey is a formidable Windows infostealer threat, characterized by its persistence mechanisms, modular design, and ability to execute various malicious tasks. It typically infiltrates systems through phishing emails or malicious downloads. Once inside a system, Amadey can capture sensitive information such as login credentials, personal data, and financial details. Its modular structure allows threat actors to customize its functionality, making it a versatile tool in cybercriminal arsenals.
| File | 6f31b1b2b0f080c1569d5dfb2840244be2c8ef84824b0fecf686c6e42def3aa7 |
| Checked | 2024-04-04 12:35:57 |
| MD5 | 880a075ad80df403c769a3fe24dff9d4 |
| SHA1 | de151458c131aff98d149a7c9dd4d34f9b74c8bb |
| SHA256 | 6f31b1b2b0f080c1569d5dfb2840244be2c8ef84824b0fecf686c6e42def3aa7 |
| SHA512 | 6525f1b41415b2ee47d2804f828f5ad445272a1112e5d8756004c509da4b91388813858c93d7f1b34dcde9e4e799d48dc318bd34a5bff7be5c7e7c8cbc9e3035 |
| Imphash | 2eabe9054cad5152567f0699947a2c5b |
| File Size | 1912320 bytes |
Trojan.Win32.Amadey.tr Removal
Gridinsoft has the capability to identify and eliminate Trojan.Win32.Amadey.tr without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
Portable Executable Info
| Image Base: | 0x00400000 |
| Entry Point: | 0x008bb000 |
| Compilation: | 2024-03-03 06:02:23 |
| Checksum: | 0x001d4622 (Actual: 0x001dc998) |
| OS Version: | 6.0 |
| PEiD: | PE32 executable (GUI) Intel 80386, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 7 |
| Imports: | kernel32, |
| Exports: | 0 |
| Resources: | 1 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| � | 0x00001000 | 0x00068000 | 0x0002ea00 | 8c93bb17403252a2e28dcfbd1a57fb94 | 7.98 |
| .rsrc | 0x00069000 | 0x000001e0 | 0x00000200 | 8c39ef38ac0cc0f995a723f6b6bcb474 | 4.53 |
| .idata | 0x0006a000 | 0x00001000 | 0x00000200 | 17662c92043abde8b4b3074dcc401ca6 | 1.02 |
| 0x0006b000 | 0x002ae000 | 0x00000200 | e5cce162d06d79b39466fe59921abf1b | 0.26 | |
| scktkwxv | 0x00319000 | 0x001a1000 | 0x001a0600 | 1a7774100cb6c140e98c26505658090b | 7.95 |
| rdcbyvpq | 0x004ba000 | 0x00001000 | 0x00000600 | 6c3020c75b67aa4bdbe01f529dfbbd45 | 5.15 |
| .taggant | 0x004bb000 | 0x00003000 | 0x00002200 | 2d091599815d3919287fee7489381caf | 0.74 |
