| 在线病毒检测器 | v.1.0.158.174 |
| 数据库版本: | 2024-02-05 20:00:28 |
Amadey是一种强大的Windows信息窃取威胁,以其持久性机制、模块化设计和执行各种恶意任务的能力而闻名。它通常通过钓鱼电子邮件或恶意下载方式侵入系统。一旦进入系统,Amadey可以捕获敏感信息,如登录凭据、个人数据和财务详情。其模块化结构允许威胁行为者自定义其功能,使其成为网络犯罪武器中的多功能工具。
| File | dayroc.exe |
| 已检查 | 2024-02-05 18:15:51 |
| MD5 | c4580e8db0c3dbc88891842fd8a31158 |
| SHA1 | 744f03fcf10db1459d3f40beaea2bfe1b000582b |
| SHA256 | 1f435b3a62304733dce1b9caf24cfac768db739127e8ec31d466455628ec0922 |
| SHA512 | cefd412e0d5aba56d6603fdc46a056474ce387dbb220b32a9317dca0822bef9320515afacc2ab2086db46f9e01b3456c87a0dc83bd99c246550d87efd3606945 |
| Imphash | f34d5f2d4577ed6d9ceec516c1f5a744 |
| File Size | 5804544 bytes |
Gridinsoft能够识别并消除Trojan.Win32.Amadey.tr,无需进一步的用户干预。
| Translation | 0x0000 0x04b0 |
| FileDescription | |
| FileVersion | 1.0.0.0 |
| InternalName | dayroc.exe |
| LegalCopyright | |
| OriginalFilename | dayroc.exe |
| ProductVersion | 1.0.0.0 |
| Assembly Version | 1.0.0.0 |
| Image Base: | 0x00400000 |
| Entry Point: | 0x0098a70e |
| Compilation: | 2024-02-05 10:09:40 |
| Checksum: | 0x00000000 (Actual: 0x00596b4f) |
| OS Version: | 4.0 |
| PEiD: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 3 |
| Imports: | mscoree, |
| Exports: | 0 |
| Resources: | 2 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | MD5 | 熵 |
|---|---|---|---|---|---|
| .text | 0x00002000 | 0x00588714 | 0x00588800 | 380cd18ed0dc489b1762d2e254731779 | 7.89 |
| .rsrc | 0x0058c000 | 0x000004d8 | 0x00000600 | dc108891102f524c9ce41dbd56944003 | 3.72 |
| .reloc | 0x0058e000 | 0x0000000c | 0x00000200 | cbc835c36790918f4d84d61e32dce8fd | 0.10 |
