| 在线病毒检测器 | v.1.0.195.174 |
| 数据库版本: | 2024-11-05 02:00:24 |
Amadey是一种强大的Windows信息窃取威胁,以其持久性机制、模块化设计和执行各种恶意任务的能力而闻名。它通常通过钓鱼电子邮件或恶意下载方式侵入系统。一旦进入系统,Amadey可以捕获敏感信息,如登录凭据、个人数据和财务详情。其模块化结构允许威胁行为者自定义其功能,使其成为网络犯罪武器中的多功能工具。
| File | file.exe |
| 已检查 | 2024-11-05 00:08:53 |
| MD5 | 4316e6bfa31a0f5639ab60ad32c2f672 |
| SHA1 | cc0a14bd5b282fa1963c11fb3a0cbf576f463357 |
| SHA256 | 28c789c3953a7383ef6d9876e2aaf5bb91393b0be4b8c8919845a2428920e751 |
| SHA512 | 1b2f69c509fc5b02494b465eab37aa2fa41bd738ba9cf4b19cdd562fd16ea10c58bbca56e2c7ffa8dc2052235b8ee6670bf8e1578faa2f1892be9f51466014fb |
| Imphash | 2eabe9054cad5152567f0699947a2c5b |
| File Size | 3288064 bytes |
Gridinsoft能够识别并消除Trojan.Win32.Amadey.tr,无需进一步的用户干预。
| Image Base: | 0x00400000 |
| Entry Point: | 0x00723000 |
| Compilation: | 2024-09-22 17:40:44 |
| Checksum: | 0x0032a91f (Actual: 0x00329de2) |
| OS Version: | 6.0 |
| PEiD: | PE32 executable (GUI) Intel 80386, for MS Windows |
| Sign: | No valid SignedData structure was found. |
| Sections: | 6 |
| Imports: | kernel32, |
| Exports: | 0 |
| Resources: | 1 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | MD5 | 熵 |
|---|---|---|---|---|---|
| � | 0x00001000 | 0x00068000 | 0x00068000 | 44bf8f2a70fab40b0a741666f7e3eb10 | 7.11 |
| .rsrc | 0x00069000 | 0x000001e0 | 0x00000200 | b7d16686b376821266a9345c26b7e6d6 | 4.72 |
| .idata | 0x0006a000 | 0x00001000 | 0x00000200 | cc76e3822efdc911f469a3e3cc9ce9fe | 1.04 |
| fknmyouv | 0x0006b000 | 0x002b7000 | 0x002b7000 | e81262a109f7c8588f9e3fdda1c7a9fa | 6.40 |
| oavxjruv | 0x00322000 | 0x00001000 | 0x00000600 | d4d77aa7bb1f3fc5116718fef4251411 | 5.16 |
| .taggant | 0x00323000 | 0x00003000 | 0x00002200 | a188b463d9ba56881569b19c023a14b3 | 0.70 |
