F:\Ugit\WXWork\WXWork\third_party\bugly\build_crashpad\crashpad\out\x86\release\crashpad_handler_extension.pdb
Static task
static1
General
-
Target
2025-05-18_870b9b5bb21ee1eb03866d1e0ee92c9a_amadey_black-basta_cobalt-strike_elex_hijackloader_luca-stealer
-
Size
253KB
-
MD5
870b9b5bb21ee1eb03866d1e0ee92c9a
-
SHA1
eb2185dd93d61357c5aa6a0ae320a3d3b1b18f04
-
SHA256
62a3266f5fe8ffc5ce1a1b9e0fdcf75f1fae2ad40fe5c4f3c02d406ea64abda1
-
SHA512
3117fe660445ac01e0c272a41af6e8e2f0320ba18aad32828e4b4eff444dacc9c0c3a53032dee32b3888f93e537355641d2e4cd5fb4095f6679f1f1c7e23a21b
-
SSDEEP
6144:tvV4ykqpI2Egr8CIp0MuaP/e6lkBLIvbR7cxI:th51Ibp0Mua+IDR7cx
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2025-05-18_870b9b5bb21ee1eb03866d1e0ee92c9a_amadey_black-basta_cobalt-strike_elex_hijackloader_luca-stealer
Files
-
2025-05-18_870b9b5bb21ee1eb03866d1e0ee92c9a_amadey_black-basta_cobalt-strike_elex_hijackloader_luca-stealer.exe windows:6 windows x86 arch:x86
c8ab36bbb3af1cb5f117b3a1b17a8312
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
dbgeng
DebugCreate
ole32
StringFromCLSID
CoCreateGuid
CoTaskMemFree
shlwapi
PathFileExistsW
kernel32
TerminateProcess
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryDosDeviceW
FindFirstVolumeW
WriteFile
CreateFileW
GetLastError
GetDiskFreeSpaceExW
CloseHandle
FindVolumeClose
GetVolumePathNamesForVolumeNameW
FindNextVolumeW
ReadFile
WritePrivateProfileStringW
SwitchToThread
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
GetCurrentThreadId
SetLastError
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
WriteConsoleW
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
GetFileType
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
ReadConsoleW
user32
EnumWindows
GetWindowThreadProcessId
GetWindowTextW
GetWindowLongW
GetClassNameW
EnumChildWindows
Sections
.text Size: 182KB - Virtual size: 182KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 43KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.zero Size: 4KB - Virtual size: 3KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ