File Trojan Amadey Analysis
| Online Virus Checker | v.1.0.140.174 |
| DB Version: | 2023-09-30 12:04:05 |
Trojan.Win32.Amadey.bot
Amadey is a formidable Windows infostealer threat, characterized by its persistence mechanisms, modular design, and ability to execute various malicious tasks. It typically infiltrates systems through phishing emails or malicious downloads. Once inside a system, Amadey can capture sensitive information such as login credentials, personal data, and financial details. Its modular structure allows threat actors to customize its functionality, making it a versatile tool in cybercriminal arsenals.
| File | file |
| Checked | 2023-09-30 09:23:14 |
| MD5 | 7737794b0d9818f463ed522e2cc498ae |
| SHA1 | 0b6b3d0e71204d0b0b8f3fb78eaed89afb3e9d0c |
| SHA256 | ad8b49621e35dd571c0d887af8c026f64b74b48ec1584e64844f83de023b6e96 |
| SHA512 | e3c6bfd02ddb4ea666f1225e21aa71b60b5a7dd36edd9715be7481001b3fb307ea10646dd2a602fb6cab8a7b0e17ce01ee1ad1a018c4490af98008a800760e0a |
| Imphash | a59b93a815ea9713a41e16c8d0248e4f |
| File Size | 250368 bytes |
Trojan.Win32.Amadey.bot Removal
Gridinsoft has the capability to identify and eliminate Trojan.Win32.Amadey.bot without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
File Version Information
| FileDescription | Embacucul |
| LegalCopyright | Copyright (C) 2022, Anihumusa |
| ProductsVersion | 48.78.0.28 |
| ProductName | Kuyrnagi |
| ProductionVersion | 1.28.15.189 |
| Translation | 0x25bf 0x0ad4 |
Portable Executable Info
 |
6927a5e5fb733f9b44c4045305c8038e 2c14b4b30225305ffb5f9e8b0efab552 44d8dac2a2aaaaa0 |
| Image Base: | 0x00400000 |
| Entry Point: | 0x00406b0e |
| Compilation: | 2022-10-04 21:40:15 |
| Checksum: | 0x00041fb4 (Actual: 0x00041fb4) |
| OS Version: | 5.0 |
| PDB Path: | C:\damaniyudi-viyutuferoyuf 23\tucixoza\71 wuzeza-tahumit fe.pdb |
| PEiD: | PE32 executable (GUI) Intel 80386, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 4 |
| Imports: | KERNEL32, USER32, GDI32, ADVAPI32, ole32, |
| Exports: | 0 |
| Resources: | 31 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00028fec | 0x00029000 | b52be357d3c02c4388a4daecfc421e09 | 7.56 |
| .data | 0x0002a000 | 0x0000cdc4 | 0x00002000 | bff252a8c66db618a411929e190829a7 | 2.49 |
| .rsrc | 0x00037000 | 0x00010090 | 0x00010200 | 67cb4ea75fae7f874bf2cd66b993c3db | 4.60 |
| .reloc | 0x00048000 | 0x00001ad2 | 0x00001c00 | 517c7046ff6f60d64d33b3119b9dfbe8 | 3.98 |
