Trojan Amadey Malware Analysis
| Online Virus Checker | v.1.0.139.174 |
| DB Version: | 2023-09-20 11:06:23 |
| Available languages: |        |
Scan Your File
Analyze suspicious files to detect malware and automatically share them with our team. You can compress your file into a zip archive (if needed, we use the password "infected" to extract before checking).
Trojan.Win32.Amadey.bot
Amadey is a formidable Windows infostealer threat, characterized by its persistence mechanisms, modular design, and ability to execute various malicious tasks. It typically infiltrates systems through phishing emails or malicious downloads. Once inside a system, Amadey can capture sensitive information such as login credentials, personal data, and financial details. Its modular structure allows threat actors to customize its functionality, making it a versatile tool in cybercriminal arsenals.
| Checked: | 2023-09-20 08:52:29 |
| MD5: | d70b094c07e8a8be61b00e8c0e2c6757 |
| SHA1: | 3c80130e047383dfc77fbf64b2ccb290aede347d |
| SHA256: | e08085f8aca8a5c305279a9acd498ccad799dd8f02ec8b68eea50cb14ac70d97 |
| SHA512: | 1b98c6f49f4e4247a1ac014548ff85293bb2435c4c5f6e4af380e299ee5864d236350b6fda26dfb2f39705e408dabaa2f5d47bcc1761cd90a0954e846a077c29 |
| Imphash: | f6040bff5e7406bf13febce5512b9888 |
| File Size: | 2997112 bytes |
Trojan.Win32.Amadey.bot Removal
Gridinsoft has the capability to identify and eliminate Trojan.Win32.Amadey.bot without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
Signers
| DigiCert Trusted Root G4 | DigiCert, Inc. (US) |
| DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 | Spotify AB (SE) |
| Verification | The expected hash does not match the digest in SpcInfo |
Portable Executable Info
| Image Base: | 0x00400000 |
| Entry Point: | 0x004011cc |
| Compilation: | 2023-09-20 01:51:41 |
| Checksum: | 0x00000000 (Actual: 0x002e1f2a) |
| OS Version: | 6.0 |
| PDB Path: | C:\jvrxi6t9\Ghost.pdb |
| PEiD: | PE32 executable (console) Intel 80386, for MS Windows |
| Sign: | The expected hash does not match the digest in SpcInfo |
| Sections: | 7 |
| Imports: | GDI32, KERNEL32, |
| Exports: | 0 |
| Resources: | 0 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x000b63f7 | 0x000b6400 | aaae55aef16f0f3805b820a11317b1ce | 5.86 |
| .rdata | 0x000b8000 | 0x0001bcfb | 0x0001be00 | fdb2576edbfea965a3270a30756af5e1 | 4.41 |
| .data | 0x000d4000 | 0x00003e18 | 0x00002200 | 5c929a2f781f0f624fa7c17bb8f6dfe3 | 3.25 |
| .idata | 0x000d8000 | 0x00000cdb | 0x00000e00 | e5b230185b91da6746fa69ff5e5e0a08 | 4.47 |
| .BSS | 0x000d9000 | 0x001fcdd1 | 0x001fce00 | c8cb59598e5f5aeaf1a9417ae381d549 | 7.27 |
| .00cfg | 0x002d6000 | 0x0000010e | 0x00000200 | 50ab8d6e881ce156770a612be7ce2795 | 0.11 |
| .reloc | 0x002d7000 | 0x00006b16 | 0x00006c00 | 2b418b694fbfd10b2991aab8e0c9ff3a | 5.30 |
