Static task
static1
Behavioral task
behavioral1
Sample
2025-07-04_e37be1089c7fab683aad8eba3d1056b1_black-basta_elex_gcleaner_hijackloader.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
2025-07-04_e37be1089c7fab683aad8eba3d1056b1_black-basta_elex_gcleaner_hijackloader.exe
Resource
win11-20250619-en
General
-
Target
2025-07-04_e37be1089c7fab683aad8eba3d1056b1_black-basta_elex_gcleaner_hijackloader
-
Size
1.7MB
-
MD5
e37be1089c7fab683aad8eba3d1056b1
-
SHA1
553834e528d3c3e08057a3825cf63fa7687c13a3
-
SHA256
273c547c2f03d92388f8b8a2c953814e2f0d850428123fe8d076976767935be8
-
SHA512
b31c32bb72f7911c8b2e3c12508d5a9e887d60eff4cfde68b374cfe3892b6490217bdd1017ed50b1e1d0d6e40386df73fa3b8b04e57e5dcd1c994060a80fe3a9
-
SSDEEP
24576:SmzSJw6X23ttqFjSxeEY3oouRRdL+wf40m9v17YDdOJyAUw61+:SmzSJw/eEY3aj5TfDm9N7GdOQZ1
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2025-07-04_e37be1089c7fab683aad8eba3d1056b1_black-basta_elex_gcleaner_hijackloader
Files
-
2025-07-04_e37be1089c7fab683aad8eba3d1056b1_black-basta_elex_gcleaner_hijackloader.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 63KB - Virtual size: 63KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 1024B - Virtual size: 528B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 52KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ