Trojan Amadey Malware Analysis
| Online Virus Checker | v.1.0.138.174 |
| DB Version: | 2023-09-10 23:01:43 |
| Available languages: |        |
Scan Your File
Analyze suspicious files to detect malware and automatically share them with our team. You can compress your file into a zip archive (if needed, we use the password "infected" to extract before checking).
Trojan.Win32.Amadey.bot
Amadey is a formidable Windows infostealer threat, characterized by its persistence mechanisms, modular design, and ability to execute various malicious tasks. It typically infiltrates systems through phishing emails or malicious downloads. Once inside a system, Amadey can capture sensitive information such as login credentials, personal data, and financial details. Its modular structure allows threat actors to customize its functionality, making it a versatile tool in cybercriminal arsenals.
| Checked: | 2023-09-10 20:45:43 |
| MD5: | 8272138b479bdc5487bb277b1f3ff625 |
| SHA1: | 3ec0eef344e645442bf9155dfffe3ad6c2685ed6 |
| SHA256: | 993ecd415c45de47bd720d22005f5588238bcb4a054f0a82eb83a06357b755cd |
| SHA512: | a5d482a1cf7e73430a386e1d299a8aea7bd42a4db311cad49fc9d5ca46c758bad94a118b74b0306b36d2f1d0ca5730d95013baa45034c6b342371f3d390254a7 |
| Imphash: | b371a654456d34022f3f69293c8f272c |
| File Size: | 1463296 bytes |
Trojan.Win32.Amadey.bot Removal
Gridinsoft has the capability to identify and eliminate Trojan.Win32.Amadey.bot without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
Portable Executable Info
| Image Base: | 0x00400000 |
| Entry Point: | 0x0040a3a6 |
| Compilation: | 2023-09-09 19:40:53 |
| Checksum: | 0x00000000 (Actual: 0x0016f296) |
| OS Version: | 6.0 |
| PEiD: | PE32 executable (GUI) Intel 80386, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 5 |
| Imports: | USER32, ADVAPI32, KERNEL32, |
| Exports: | 0 |
| Resources: | 0 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00026b24 | 0x00026c00 | d316d66a45a976ca57a24858feaea8a4 | 6.73 |
| .rdata | 0x00028000 | 0x0000d8e0 | 0x0000da00 | f5a21d8f38765e10420498b33af291fa | 5.53 |
| .data | 0x00036000 | 0x00001db8 | 0x00001000 | 666347d7797d4e56aa626e6600e65430 | 3.06 |
| .Bss | 0x00038000 | 0x0012da04 | 0x0012dc00 | efaead335bae93eb3fb9337c7a0057e6 | 7.95 |
| .reloc | 0x00166000 | 0x00001c8c | 0x00001e00 | d429b922de46414fa8f3aaec4a85ce69 | 6.43 |
