536980bcf6e3edcac4c0c293a1dd0a1a49c27db1fc4539e86923f278ed603cc6 Trojan Amadey Analysis
| Online Virus Checker | v.1.0.142.174 |
| DB Version: | 2023-10-05 18:06:34 |
Trojan.Win32.Amadey.bot
Amadey is a formidable Windows infostealer threat, characterized by its persistence mechanisms, modular design, and ability to execute various malicious tasks. It typically infiltrates systems through phishing emails or malicious downloads. Once inside a system, Amadey can capture sensitive information such as login credentials, personal data, and financial details. Its modular structure allows threat actors to customize its functionality, making it a versatile tool in cybercriminal arsenals.
| File | 536980bcf6e3edcac4c0c293a1dd0a1a49c27db1fc4539e86923f278ed603cc6 |
| Checked | 2023-10-05 15:22:37 |
| MD5 | b11fb1ee2295e949a2380f09fd1e5205 |
| SHA1 | 302560c09f9a773c7c2bfa65c1d4cf495c54193b |
| SHA256 | 536980bcf6e3edcac4c0c293a1dd0a1a49c27db1fc4539e86923f278ed603cc6 |
| SHA512 | 805bfe367cadb140b585fff39b5243c82404054c64fdd8621c74f3ffd076df17e9cd782bcc2e716a405e50327044feececf28cfb21b7cd22f17b9de2215221a7 |
| Imphash | 2d720d38a8fbabead5b576804bc154eb |
| File Size | 1703424 bytes |
Trojan.Win32.Amadey.bot Removal
Gridinsoft has the capability to identify and eliminate Trojan.Win32.Amadey.bot without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
Portable Executable Info
| Image Base: | 0x00400000 |
| Entry Point: | 0x00401212 |
| Compilation: | 2023-10-05 12:48:09 |
| Checksum: | 0x00000000 (Actual: 0x001a0208) |
| OS Version: | 6.0 |
| PDB Path: | C:\tb0uvbxp87c56\Teleg.pdb |
| PEiD: | PE32 executable (GUI) Intel 80386, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 7 |
| Imports: | USER32, ole32, ADVAPI32, KERNEL32, |
| Exports: | 1 |
| Resources: | 0 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x000bcf37 | 0x000bd000 | 06374cdfb75aa194817eb361a60e924e | 5.82 |
| .rdata | 0x000be000 | 0x000c8d6e | 0x000c8e00 | 85f0e291cbf64d3af61b589b0863c0c1 | 3.62 |
| .data | 0x00187000 | 0x00011bb8 | 0x0000fe00 | 9a32f6c789e751e984407864e23e95c1 | 6.41 |
| .idata | 0x00199000 | 0x00001486 | 0x00001600 | 60063ad7ad70a83de764e819baf18824 | 4.64 |
| .tls | 0x0019b000 | 0x00000309 | 0x00000400 | c573bd7cea296a9c5d230ca6b5aee1a6 | 0.01 |
| .00cfg | 0x0019c000 | 0x0000010e | 0x00000200 | e5ab7363ac653c5a1e4440a42277e207 | 0.11 |
| .reloc | 0x0019d000 | 0x000081d6 | 0x00008200 | 1059dd8543ac0b5d01a6ac1a01387c74 | 5.96 |
