| 在线病毒检测器 | v.1.0.171.174 |
| 数据库版本: | 2024-04-04 15:00:12 |
Amadey是一种强大的Windows信息窃取威胁,以其持久性机制、模块化设计和执行各种恶意任务的能力而闻名。它通常通过钓鱼电子邮件或恶意下载方式侵入系统。一旦进入系统,Amadey可以捕获敏感信息,如登录凭据、个人数据和财务详情。其模块化结构允许威胁行为者自定义其功能,使其成为网络犯罪武器中的多功能工具。
| File | 6f31b1b2b0f080c1569d5dfb2840244be2c8ef84824b0fecf686c6e42def3aa7 |
| 已检查 | 2024-04-04 12:35:57 |
| MD5 | 880a075ad80df403c769a3fe24dff9d4 |
| SHA1 | de151458c131aff98d149a7c9dd4d34f9b74c8bb |
| SHA256 | 6f31b1b2b0f080c1569d5dfb2840244be2c8ef84824b0fecf686c6e42def3aa7 |
| SHA512 | 6525f1b41415b2ee47d2804f828f5ad445272a1112e5d8756004c509da4b91388813858c93d7f1b34dcde9e4e799d48dc318bd34a5bff7be5c7e7c8cbc9e3035 |
| Imphash | 2eabe9054cad5152567f0699947a2c5b |
| File Size | 1912320 bytes |
Gridinsoft能够识别并消除Trojan.Win32.Amadey.tr,无需进一步的用户干预。
| Image Base: | 0x00400000 |
| Entry Point: | 0x008bb000 |
| Compilation: | 2024-03-03 06:02:23 |
| Checksum: | 0x001d4622 (Actual: 0x001dc998) |
| OS Version: | 6.0 |
| PEiD: | PE32 executable (GUI) Intel 80386, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 7 |
| Imports: | kernel32, |
| Exports: | 0 |
| Resources: | 1 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | MD5 | 熵 |
|---|---|---|---|---|---|
| � | 0x00001000 | 0x00068000 | 0x0002ea00 | 8c93bb17403252a2e28dcfbd1a57fb94 | 7.98 |
| .rsrc | 0x00069000 | 0x000001e0 | 0x00000200 | 8c39ef38ac0cc0f995a723f6b6bcb474 | 4.53 |
| .idata | 0x0006a000 | 0x00001000 | 0x00000200 | 17662c92043abde8b4b3074dcc401ca6 | 1.02 |
| 0x0006b000 | 0x002ae000 | 0x00000200 | e5cce162d06d79b39466fe59921abf1b | 0.26 | |
| scktkwxv | 0x00319000 | 0x001a1000 | 0x001a0600 | 1a7774100cb6c140e98c26505658090b | 7.95 |
| rdcbyvpq | 0x004ba000 | 0x00001000 | 0x00000600 | 6c3020c75b67aa4bdbe01f529dfbbd45 | 5.15 |
| .taggant | 0x004bb000 | 0x00003000 | 0x00002200 | 2d091599815d3919287fee7489381caf | 0.74 |
