popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Amadey.exe

Malicious Library UPX Malicious Packer PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 4, 2023, 9:34 a.m. Sept. 4, 2023, 9:37 a.m.
Size 317.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 5f7b99739158d0b321c6c1e673365956
SHA256 33cbdeba761fab35dfa4e60a03d0625ec53f77b17148385548a763b888c9b221
CRC32 E046DFCE
ssdeep 6144:bkj0Jco5KtqvwxpMlMiXXwlnnN1Rm/HoVwu00SATNVuubFD2NfJLAOMJK7Xc:oj0+oo1KlXwlnN1R2oNVuubFqNfJLKys
PDB Path D:\Mktmp\Amadey\Release\Amadey.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0
pdb_path D:\Mktmp\Amadey\Release\Amadey.pdb
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
cmdline "C:\Windows\System32\cmd.exe" /k shutdown -s -t 0
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: cmd
parameters: /k shutdown -s -t 0
filepath: cmd
1 1 0
cmdline "C:\Windows\System32\cmd.exe" /k shutdown -s -t 0
cmdline cmd /k shutdown -s -t 0
cmdline shutdown -s -t 0
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Stealer.12!c
Cynet Malicious (score: 100)
ALYac Gen:Variant.Zusy.446510
Cylance unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Riskware ( 00584baa1 )
Alibaba TrojanSpy:Win32/Stealer.7f53e1ed
K7GW Riskware ( 00584baa1 )
Cybereason malicious.39158d
BitDefenderTheta Gen:NN.ZexaF.36662.tuW@aCnjzBai
VirIT Trojan.Win32.Genus.STG
Cyren W32/Amadey.C1.gen!Eldorado
Symantec Trojan Horse
Elastic Windows.Trojan.Amadey
ESET-NOD32 a variant of Win32/TrojanDownloader.Amadey.A
APEX Malicious
Kaspersky HEUR:Trojan-Spy.Win32.Stealer.gen
BitDefender Gen:Variant.Zusy.446510
MicroWorld-eScan Gen:Variant.Zusy.446510
Avast Win32:BotX-gen [Trj]
Tencent Win32.Trojan-Spy.Stealer.Bdhl
Emsisoft Gen:Variant.Zusy.446510 (B)
F-Secure Heuristic.HEUR/AGEN.1319380
VIPRE Gen:Variant.Zusy.446510
TrendMicro Trojan.Win32.AMADEY.YXDICZ
McAfee-GW-Edition BehavesLike.Win32.Downloader.fh
Trapmine suspicious.low.ml.score
FireEye Generic.mg.5f7b99739158d0b3
Sophos Mal/Amadey-C
SentinelOne Static AI - Malicious PE
GData Win32.Trojan-Downloader.Amadey.D
Jiangmin TrojanSpy.Stealer.aiip
Webroot W32.Bot.Gen
Avira HEUR/AGEN.1319380
Antiy-AVL Trojan[Downloader]/Win32.Amadey
Gridinsoft Trojan.Win32.Amadey.bot
Arcabit Trojan.Zusy.D6D02E
SUPERAntiSpyware Trojan.Agent/Gen-Downloader
ZoneAlarm HEUR:Trojan-Spy.Win32.Stealer.gen
Microsoft Trojan:Win32/Amadey!pz
Google Detected
AhnLab-V3 Malware/Win.Trojanspy.C5238800
McAfee Downloader-FCND!5F7B99739158
MAX malware (ai score=89)
Malwarebytes Trojan.Amadey
Panda Trj/Chgt.AD
TrendMicro-HouseCall Trojan.Win32.AMADEY.YXDICZ
Rising Spyware.Agent!8.C6 (TFE:5:vioPZYstJuD)
Ikarus Trojan-Downloader.Win32.Amadey