2025-04-04_78dfec6ddd2c58a0aa59da00ce4c56d4_amadey_black-basta_floxif_hijackloader_luca-stealer

Sharing

Copy URL

Twitter E-mail

General

Target

2025-04-04_78dfec6ddd2c58a0aa59da00ce4c56d4_amadey_black-basta_floxif_hijackloader_luca-stealer
Size

205KB
MD5

78dfec6ddd2c58a0aa59da00ce4c56d4
SHA1

e541f0c4aea4143a892e5d6133b1e5e4cd0fb163
SHA256

1c31cd6ceb0f20e03cc52c12d984913ce100720fa1cd51186053b2f8d82d37f2
SHA512

418079e262154006d531ba2bb1e24544e19d52b3f105e676d6fd86a485ad0fcd773e8b93498a5daede8443b4e256549d1fff0c93e138079f879a92e67440648e
SSDEEP

6144:QW+YGMXaNUEoquNFqxrrigl2BV+UdvrEFp7hKvH:QW+YTXamuuNFqxr+gl2BjvrEH7AH

Score

1^/10

Malware Config

Signatures

Files

2025-04-04_78dfec6ddd2c58a0aa59da00ce4c56d4_amadey_black-basta_floxif_hijackloader_luca-stealer
.exe windows:5 windows x86 arch:x86

0949c553a7354916e8a532372bb157de

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:67:7f:d1:0e:6a:15:0b:07:49:44:bc:3b:3e:67:c6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

23/08/2022, 00:00

Not After

23/08/2023, 23:59

Subject

SERIALNUMBER=91370112MA94LXCF0B,CN=Shandong ZTop Microelectronics Co.\, Ltd.,O=Shandong ZTop Microelectronics Co.\, Ltd.,L=济南市,ST=山东省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e58e86e59f8ee58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e5b1b1e4b89ce79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:cb:13:ef:ab:78:f5:62:26:3b:52:7d:5f:a2:d8:68:b8:bd:07:68:3a:1a:32:db:d1:12:a9:a8:66:a0:f7:2b
Signer

Actual PE Digest

ca:cb:13:ef:ab:78:f5:62:26:3b:52:7d:5f:a2:d8:68:b8:bd:07:68:3a:1a:32:db:d1:12:a9:a8:66:a0:f7:2b

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\svn\gk_wifi\gp908x\开发\udisk\Auto_eject\Release\Auto_eject.pdb

Imports

kernel32

GetLocalTime
MapViewOfFile
UnmapViewOfFile
lstrcpyA
lstrcatA
CloseHandle
GetDriveTypeA
GetWindowsDirectoryA
GetFullPathNameA
CreateFileA
WriteConsoleW
DeviceIoControl
Sleep
OpenFileMappingA
GetLastError
SetFilePointerEx
ReadConsoleW
ReadFile
SetEndOfFile
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
CreateFileW
GetProcessHeap
GetStringTypeW
SetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CompareStringW
LCMapStringW
DecodePointer

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA

setupapi

CM_Get_Device_ID_List_SizeA
CM_Get_Device_ID_ListA
CM_Get_Child
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
CM_Locate_DevNodeA
SetupDiDestroyDeviceInfoList
SetupGetStringFieldA
SetupFindNextLine
SetupFindFirstLineA
SetupCloseInfFile
SetupOpenInfFileA
SetupDiEnumDeviceInterfaces

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0949c553a7354916e8a532372bb157de

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:67:7f:d1:0e:6a:15:0b:07:49:44:bc:3b:3e:67:c6Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

ca:cb:13:ef:ab:78:f5:62:26:3b:52:7d:5f:a2:d8:68:b8:bd:07:68:3a:1a:32:db:d1:12:a9:a8:66:a0:f7:2bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

setupapi

Sections

.text Size: 82KB - Virtual size: 82KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 4KB - Virtual size: 4KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:67:7f:d1:0e:6a:15:0b:07:49:44:bc:3b:3e:67:c6
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

ca:cb:13:ef:ab:78:f5:62:26:3b:52:7d:5f:a2:d8:68:b8:bd:07:68:3a:1a:32:db:d1:12:a9:a8:66:a0:f7:2b
Signer

.text
Size: 82KB - Virtual size: 82KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 4KB - Virtual size: 4KB