2025-04-03_6a422bebbf643ee5fb4092f3f49713f5_amadey_coinminer_floxif_smoke-loader

Sharing

Copy URL

Twitter E-mail

General

Target

2025-04-03_6a422bebbf643ee5fb4092f3f49713f5_amadey_coinminer_floxif_smoke-loader
Size

539KB
MD5

6a422bebbf643ee5fb4092f3f49713f5
SHA1

5fa21f8a8b3929b1f215529f56854eecaceaf6e6
SHA256

78e0fc533408076a4469c0dbdc957ccc22ff9985ec71187e8c750bdd5fff9a35
SHA512

ab576167470572a6606d67229541808d1f6dfe0a02d5389b7a7e994e83fea63dd90d8b59adc68e7cf4d026a5e51797b95dea744e190b2def05a5cf5b658eaa30
SSDEEP

12288:hTzKVQumk+3pzhWVjqdn5l4A/sQMbigvEkf/PBjvrEH71:d6tTAzAVjqd5l4BNk0rEH71

Score

1^/10

Malware Config

Signatures

Files

2025-04-03_6a422bebbf643ee5fb4092f3f49713f5_amadey_coinminer_floxif_smoke-loader
.exe windows:5 windows x86 arch:x86

ae08c75ad8e3d697b7eea8a725c26d16

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:01:8c:78:7d:34:80:ee:4c:24:f6:bd
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

30/08/2018, 09:26

Not After

30/08/2021, 05:46

Subject

SERIALNUMBER=110111-0725064,CN=HANCOM. INC\,,O=HANCOM. INC\,,STREET=Floor 10\, 49\, Daewangpangyo-ro 644beon-gil\, Bundang-gu,L=Seongnam-si,ST=Gyeonggi-do,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

28/01/2021, 11:08

Not After

01/03/2032, 11:08

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

eb:2f:0b:de:3b:91:5f:5a:fe:97:97:97:0d:26:22:8f:2d:d6:76:5c:09:82:73:db:d1:51:8e:5c:69:8a:c7:25
Signer

Actual PE Digest

eb:2f:0b:de:3b:91:5f:5a:fe:97:97:97:0d:26:22:8f:2d:d6:76:5c:09:82:73:db:d1:51:8e:5c:69:8a:c7:25

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\GitRepository\install\HOffice90\SetupDriver\Release\SetupDriver.pdb

Imports

user32

SetParent
AppendMenuA
DeleteMenu
IsRectEmpty
IsZoomed
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
GetWindowThreadProcessId
GetActiveWindow
ValidateRect
LoadAcceleratorsA
InvalidateRect
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
GetCursorPos
TranslateMessage
GetSysColorBrush
GetMessageA
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
EnableWindow
MessageBoxA
RegisterClipboardFormatA
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
wsprintfA
SetCursor
DestroyWindow
InflateRect
GetMenuItemInfoA
ReleaseCapture
PostThreadMessageA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
CharUpperA
SetCapture
LockWindowUpdate
LoadCursorA
SetRect
SetTimer
KillTimer
WindowFromPoint
GetSystemMenu
GetDCEx
GetDesktopWindow
TranslateAcceleratorA
PostQuitMessage
EndPaint
GetWindow
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
SetWindowLongA
GetWindowLongA
GetMenu
PtInRect
CallWindowProcA
DefWindowProcA
SendMessageA
GetDlgCtrlID
CopyRect
DeferWindowPos
EqualRect
ScreenToClient
GetParent
AdjustWindowRectEx
GetSysColor
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
GetMenuItemCount
GetMenuItemID
GetSubMenu
PostMessageA
GetClientRect
UpdateWindow
IsWindowVisible
SetForegroundWindow
SetMenu
GetKeyState
TrackPopupMenu
MapWindowPoints
PeekMessageA
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
GetDlgItem
EndDeferWindowPos
BeginDeferWindowPos
DispatchMessageA
SetActiveWindow
GetLastActivePopup
GetForegroundWindow
GetWindowTextA
GetWindowTextLengthA
SetFocus
IsWindow
GetFocus
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetCapture
IsChild
WinHelpA
SendDlgItemMessageA
LoadIconA
RegisterWindowMessageA
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
IsWindowEnabled
FillRect
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
UnregisterClassA

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA
GetModuleFileNameExA

kernel32

SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileSizeEx
GetFileTime
RtlUnwind
ExitProcess
GetCommandLineA
GetStartupInfoA
RaiseException
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetACP
IsValidCodePage
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetStdHandle
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
FileTimeToSystemTime
GetModuleHandleW
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GetOEMCP
GetCPInfo
InterlockedIncrement
GlobalFlags
InterlockedDecrement
GetModuleFileNameW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GlobalFree
WritePrivateProfileStringA
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
lstrlenA
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
WideCharToMultiByte
CompareStringA
SetLastError
MultiByteToWideChar
lstrcmpW
GetModuleHandleA
FindResourceA
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
GetTickCount
OpenProcess
CloseHandle
GetCurrentDirectoryA
lstrcmpA
lstrcatA
CopyFileA
Sleep
LocalAlloc
GetLastError
GetSystemTime
GetTempPathA
LocalFree
FormatMessageA
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetSystemDefaultLCID
GetVersionExA
GetModuleFileNameA

gdi32

GetRgnBox
GetTextColor
GetBkColor
PatBlt
GetMapMode
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreateFontIndirectA
GetTextExtentPoint32A
GetTextMetricsA
StretchDIBits
CreateFontA
GetCharWidthA
CreateCompatibleBitmap
CreateSolidBrush
GetDeviceCaps
GetStockObject
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
IntersectClipRect
ExcludeClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
EnumJobsA
EnumPrintersA
AddMonitorA
EnumMonitorsA
SetPrinterA
GetPrinterA
SetJobA
AddPrinterDriverExA
GetPrinterDriverDirectoryA
XcvDataW
AddPrinterA
DocumentPropertiesA
DeletePrinterDriverExA
DeleteMonitorA
DeletePrinter

advapi32

QueryServiceStatus
StartServiceA
ControlService
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
EnumDependentServicesA
QueryServiceStatusEx
RegDeleteValueA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
OpenSCManagerA
OpenServiceA
CloseServiceHandle

shell32

DragFinish
DragQueryFileA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemAlloc
CoTaskMemFree
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae08c75ad8e3d697b7eea8a725c26d16

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

54:01:8c:78:7d:34:80:ee:4c:24:f6:bdCertificate

Extended Key Usages

Key Usages

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

eb:2f:0b:de:3b:91:5f:5a:fe:97:97:97:0d:26:22:8f:2d:d6:76:5c:09:82:73:db:d1:51:8e:5c:69:8a:c7:25Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

psapi

kernel32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

version

Sections

.text Size: 282KB - Virtual size: 282KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 11KB - Virtual size: 26KB

.rsrc Size: 89KB - Virtual size: 88KB

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

54:01:8c:78:7d:34:80:ee:4c:24:f6:bd
Certificate

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

eb:2f:0b:de:3b:91:5f:5a:fe:97:97:97:0d:26:22:8f:2d:d6:76:5c:09:82:73:db:d1:51:8e:5c:69:8a:c7:25
Signer

.text
Size: 282KB - Virtual size: 282KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 11KB - Virtual size: 26KB

.rsrc
Size: 89KB - Virtual size: 88KB