2025-04-04_5eb99fd650af8d792f9071dca0df6092_amadey_black-basta_luca-stealer_remcos_smoke-loader

Sharing

Copy URL

Twitter E-mail

General

Target

2025-04-04_5eb99fd650af8d792f9071dca0df6092_amadey_black-basta_luca-stealer_remcos_smoke-loader
Size

3.2MB
MD5

5eb99fd650af8d792f9071dca0df6092
SHA1

79309db1ebbaca94ac42d6c9be926d963ccee07f
SHA256

1f1dca83f264e55aa9db9c2cdb7316a4da7dd4ed70cfb2b778a8ca7b92e45f94
SHA512

808783679c1ea803cce60804b7bb18886f003f88277048aeb0b65eb0257c2192f3598d73f02154e135201268dc7be1e1d3253e2e4a83f0773a36e3e97eb8c82e
SSDEEP

49152:gMXarEix0Q60d6InSYoRBIov+zrLAoRLhvT79Sgon2:gkBu36G6fYoYfrLcgon2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-04-04_5eb99fd650af8d792f9071dca0df6092_amadey_black-basta_luca-stealer_remcos_smoke-loader

Files

2025-04-04_5eb99fd650af8d792f9071dca0df6092_amadey_black-basta_luca-stealer_remcos_smoke-loader
.exe windows:5 windows x86 arch:x86

8c9718e2f04301345f0c09137a815959

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\pdfreader\Trunk\Bundles\JiKePDF\Temp\Release\SoftUpd.pdb

Imports

user32

GetCapture
SetCapture
ReleaseCapture
UpdateWindow
BeginPaint
EndPaint
InvalidateRect
GetCursorPos
ScreenToClient
GetClassNameW
LoadBitmapW
CreateIconFromResource
LoadImageW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
ClientToScreen
SetRect
EnableMenuItem
GetSysColor
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetSystemMetrics
IsWindowVisible
DrawTextW
SystemParametersInfoA
CharLowerBuffW
MapVirtualKeyA
UpdateLayeredWindow
IsMenu
IsWindowEnabled
CreatePopupMenu
CreateWindowExW
GetMenuItemCount
AppendMenuW
IsZoomed
GetMenuInfo
SetMenuInfo
GetMenuItemInfoW
SetMenuContextHelpId
CopyRect
SetCursor
KillTimer
SetTimer
DestroyWindow
IsWindow
DestroyCursor
LoadCursorW
RegisterClassExW
CallWindowProcW
DefWindowProcW
GetWindowLongW
GetFocus
SetFocus
DestroyIcon
CharNextW
PtInRect
EqualRect
IsIconic
SetLayeredWindowAttributes
AnimateWindow
GetKeyState
SetForegroundWindow
UnregisterClassW
wsprintfW
GetIconInfo
DrawIconEx
OffsetRect
InflateRect
ReleaseDC
GetDC
TrackMouseEvent
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
SetWindowLongW
MapWindowPoints
GetWindowRect
GetClientRect
GetActiveWindow
SystemParametersInfoW
IsRectEmpty
UnionRect
GetDlgItem
TrackPopupMenu
SetWindowPos
DestroyMenu
SendMessageW
SetWindowTextW
ShowWindow
PostQuitMessage
IntersectRect
PostMessageW

ole32

CoUninitialize
CoCreateGuid
OleLockRunning
CLSIDFromString
CLSIDFromProgID
CreateBindCtx
CoInitialize
CoCreateInstance
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoInitializeEx

shlwapi

StrToIntExW
PathFileExistsW

gdiplus

GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipGraphicsClear
GdipSaveImageToFile
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipGetImageEncoders

gdi32

GetGlyphOutlineW
GetFontData
GetCharABCWidthsW
EnumFontFamiliesExW
GetViewportOrgEx
GetCurrentObject
StretchBlt
GetOutlineTextMetricsW
GetFontUnicodeRanges
GetGlyphIndicesW
GetTextExtentPointI
AddFontMemResourceEx
RemoveFontMemResourceEx
SetTextAlign
SetTextColor
SetBkMode
Rectangle
GetStockObject
CreateCompatibleDC
DeleteDC
DeleteObject
ExtCreateRegion
IntersectClipRect
SelectClipRgn
SelectObject
SetGraphicsMode
SetWorldTransform
CreateDIBSection
GetObjectW
SetViewportOrgEx
CreateSolidBrush
GetTextMetricsW
ExtTextOutW
GetTextFaceW
CreatePen
CreateFontIndirectW
GetDeviceCaps
CreateBitmap
EnumFontsW
BitBlt
GdiFlush

wininet

HttpQueryInfoW
InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetSetOptionW
InternetQueryOptionW
InternetOpenW

kernel32

WriteFile
ReadFile
CloseHandle
GetTickCount
LoadLibraryW
OutputDebugStringA
CreateFileW
GetFileAttributesW
VirtualAlloc
VirtualFree
VirtualProtect
HeapAlloc
HeapFree
GetProcessHeap
SetLastError
LoadLibraryA
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
GetModuleFileNameW
GetModuleHandleW
SetCurrentDirectoryW
WideCharToMultiByte
GetTempPathW
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
TryEnterCriticalSection
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
FormatMessageW
GetLastError
MultiByteToWideChar
GetVersionExA
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedDecrement
TerminateProcess
GetLongPathNameW
DeleteFileW
GetTempFileNameW
CopyFileW
DecodePointer
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
LocalFree
GetSystemInfo
GetVersionExW
GetSystemDirectoryW
GetVolumeInformationW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
FindClose
lstrcpyW
FindFirstFileW
FindNextFileW
ReleaseMutex
CreateMutexW
CreateDirectoryW
GetFileSize
RemoveDirectoryW
GlobalFree
LocalAlloc
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FileTimeToSystemTime
DeviceIoControl
SetPriorityClass
FlushInstructionCache
HeapCreate
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
GetFullPathNameW
GetLocalTime
GetSystemTime
GetModuleHandleA
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
EncodePointer
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
InterlockedIncrement
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetConsoleCP
GetTimeZoneInformation
FlushFileBuffers
WriteConsoleW
SetEndOfFile
InterlockedCompareExchange
GetFileInformationByHandle
GetFileSizeEx
MapViewOfFile
UnmapViewOfFile
GetUserDefaultLCID
IsValidLocale
CreateFileMappingW
lstrlenA
ResetEvent
Sleep
GetProcAddress
FreeLibrary
GlobalUnlock
GlobalLock
GlobalAlloc
MoveFileExW
MulDiv
SleepEx
GetSystemDirectoryA
WaitForMultipleObjects
PeekNamedPipe
ExpandEnvironmentStringsW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
GetCurrentDirectoryW
IsProcessorFeaturePresent
RtlUnwind
ExitThread
GetModuleHandleExW
GetStdHandle
ExitProcess
GetACP
GetStringTypeW
GetFileType
CompareStringW
LCMapStringW
GetLocaleInfoW

advapi32

RegSetValueExW
OpenProcessToken
GetTokenInformation
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RevertToSelf
ImpersonateLoggedOnUser
RegEnumKeyW
RegOpenKeyW
GetSidSubAuthority
GetSidSubAuthorityCount
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountSidW
DuplicateTokenEx
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
SHGetFolderPathW

imm32

ImmReleaseContext
ImmAssociateContext
ImmGetContext
ImmDestroyContext
ImmCreateContext

iphlpapi

GetAdaptersInfo

oleaut32

SysFreeString
SysStringLen
SysAllocString

ws2_32

getpeername
connect
bind
socket
closesocket
WSAGetLastError
send
recv
WSACleanup
WSAStartup
getsockname
getsockopt
htons
ntohs
setsockopt
WSASetLastError
htonl
gethostname
ioctlsocket
listen
accept
sendto
recvfrom
select
__WSAFDIsSet
getservbyname
inet_addr
inet_ntoa
gethostbyaddr
gethostbyname
getservbyport

usp10

ScriptItemize
ScriptShape
ScriptFreeCache

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512KB - Virtual size: 511KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 65KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 519KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8c9718e2f04301345f0c09137a815959

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

ole32

shlwapi

gdiplus

gdi32

wininet

kernel32

advapi32

shell32

imm32

iphlpapi

oleaut32

ws2_32

usp10

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 512KB - Virtual size: 511KB

.data Size: 65KB - Virtual size: 164KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 519KB - Virtual size: 520KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 512KB - Virtual size: 511KB

.data
Size: 65KB - Virtual size: 164KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 519KB - Virtual size: 520KB