Trojan Amadey Analysis

Trojan Amadey
Updated on 2023-09-20 (9 months ago)
Checked by Online Virus Scanner
Online Virus Checkerv.1.0.139.174
DB Version:2023-09-20 11:06:23

Trojan.Win32.Amadey.bot

Amadey is a formidable Windows infostealer threat, characterized by its persistence mechanisms, modular design, and ability to execute various malicious tasks. It typically infiltrates systems through phishing emails or malicious downloads. Once inside a system, Amadey can capture sensitive information such as login credentials, personal data, and financial details. Its modular structure allows threat actors to customize its functionality, making it a versatile tool in cybercriminal arsenals.

Checked2023-09-20 08:52:29
MD5d70b094c07e8a8be61b00e8c0e2c6757
SHA13c80130e047383dfc77fbf64b2ccb290aede347d
SHA256e08085f8aca8a5c305279a9acd498ccad799dd8f02ec8b68eea50cb14ac70d97
SHA5121b98c6f49f4e4247a1ac014548ff85293bb2435c4c5f6e4af380e299ee5864d236350b6fda26dfb2f39705e408dabaa2f5d47bcc1761cd90a0954e846a077c29
Imphashf6040bff5e7406bf13febce5512b9888
File Size2997112 bytes

Trojan.Win32.Amadey.bot Removal

Trojan.Win32.Amadey.bot Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win32.Amadey.bot without requiring further user intervention.

  • Start by downloading Gridinsoft Anti-Malware to your computer.
  • Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  • Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  • Click on the "Standard Scan" button.
  • After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  • If prompted, restart your system to complete the removal process.

Signers

DigiCert Trusted Root G4DigiCert, Inc. (US)
DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1Spotify AB (SE)
VerificationThe expected hash does not match the digest in SpcInfo

Portable Executable Info

Image Base:0x00400000
Entry Point:0x004011cc
Compilation:2023-09-20 01:51:41
Checksum:0x00000000 (Actual: 0x002e1f2a)
OS Version:6.0
PDB Path:C:\jvrxi6t9\Ghost.pdb
PEiD:PE32 executable (console) Intel 80386, for MS Windows
Sign:The expected hash does not match the digest in SpcInfo
Sections:7
Imports: GDI32, KERNEL32,
Exports: 0
Resources:0

Sections

Name Virtual Address Virtual Size Raw Size MD5 Entropy
.text 0x00001000 0x000b63f7 0x000b6400 aaae55aef16f0f3805b820a11317b1ce 5.86
.rdata 0x000b8000 0x0001bcfb 0x0001be00 fdb2576edbfea965a3270a30756af5e1 4.41
.data 0x000d4000 0x00003e18 0x00002200 5c929a2f781f0f624fa7c17bb8f6dfe3 3.25
.idata 0x000d8000 0x00000cdb 0x00000e00 e5b230185b91da6746fa69ff5e5e0a08 4.47
.BSS 0x000d9000 0x001fcdd1 0x001fce00 c8cb59598e5f5aeaf1a9417ae381d549 7.27
.00cfg 0x002d6000 0x0000010e 0x00000200 50ab8d6e881ce156770a612be7ce2795 0.11
.reloc 0x002d7000 0x00006b16 0x00006c00 2b418b694fbfd10b2991aab8e0c9ff3a 5.30

Leave a comment*

Share your thoughts or insights about this file. Do you align with our conclusion?

*Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Please Wait...

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware