Threat Database Adware Adware.Amonetize.FBC

Adware.Amonetize.FBC

By CagedTech in Adware

Threat Scorecard

Popularity Rank: 3,102
Threat Level: 20 % (Normal)
Infected Computers: 424
First Seen: October 9, 2023
Last Seen: April 15, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Adware.Amonetize.FBC
Packers: UPX!
Signature status: No Signature

Known Samples

MD5: b02456eda528642171b0e6cd6e4f5ee9
SHA1: 5ed6d74fd955e715ccbf577f2a65a0a0dba5c91a
File Size: 6.98 MB, 6976752 bytes
MD5: 11c0c6200687228ccf6db67db7c854e6
SHA1: c739d0795288ed6503dfeb3634340df112cea0c9
SHA256: 2BD6C33EA38DC3D14F7DA94314893CE50EDDADEBD629B1052BC347154CA5ECF0
File Size: 5.90 MB, 5896918 bytes
MD5: 62e0fa1b443def1eba14490a695f25bc
SHA1: 360b863ffa48f1ae558af0daca878c51a4761327
SHA256: F6BBE59FCCD0943F9BA21437A87845C7E2FBFA796041351DA59E07C99126552A
File Size: 7.56 MB, 7556768 bytes
MD5: 2ecd2184f8c532d9a40074c498569347
SHA1: c6fb8ba4878603d6e8c8c69c7b3a2d7547821fee
SHA256: BD0EA4B6A3A1868E701C18CD87EE686340109CCCD53440069794C43214FA1154
File Size: 6.96 MB, 6958653 bytes
MD5: ebbc5444bb79733290f7ec83910f19be
SHA1: 606b46dbddceb9e78330e19287a90982a4d8fd5b
SHA256: AF1278AAF238DF246D60553FD4BE5B8BC185536A2C5C8CC9E404105D848F9BBA
File Size: 6.59 MB, 6587920 bytes
Show More
MD5: b8a7334d94541a17a0f5c3e8a34916f0
SHA1: 855bf734712d2926c0437da26913a663197e1e71
SHA256: 03D4A3CE96EFA35D198AF7D76612F3ED7DCC9C2B51990D8022A2527CB0D274B9
File Size: 5.90 MB, 5896018 bytes
MD5: 9e43a1dd06a931afddab83d09ea22d61
SHA1: 0270a472a2a6746c57b1ed570a33bbcc8788008e
SHA256: 53902019B10E84F91C79F701C3A14A945DF30527EFAE2AB346CBA9A198FAC811
File Size: 6.25 MB, 6248720 bytes
MD5: c06b35b4a9df7dfbf61b79b12383f61b
SHA1: 1ea38c82721d532bd32944032ebfc265c03315a5
SHA256: C07166F15135831E926FA194975AEB5CA2A36DF7F336AC9E894DDD389FEE848C
File Size: 6.65 MB, 6647550 bytes
MD5: f1c7e20a50a350966bf04a5a4d7d4da2
SHA1: f8d33f9b17f5b007b26a4be1d4f6c05f9bc0a1e8
SHA256: 474529F4A15393451EEC8938FC93EAEBEC6B5E2EC20C7491FAC2223E1FBB026A
File Size: 7.03 MB, 7032688 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Comments
  • firmware_update.exe
  • firmware_upgrade_utility.exe
  • ylf_firmware_update.exe
File Description
  • 695X/693X Firmware Update Tool 2.0.5
  • 695X/693X Firmware Update Tool 2.0.6
  • YLF Firmware Update Tool 1.0.25.a
  • 固件升级程序 1.4.42
File Version
  • 4785f434f7226174cd97ac3a3a0a0f14ef804e01
  • 73ba630ba3465d34201823760f42e93f464aa0a0
  • 5c98fe4548137739973bdeb17e66552f9713ab98
  • 1.0.25.a
Internal Name
  • firmware_update.exe
  • firmware_upgrade_utility.exe
  • ylf_firmware_update.exe
Original Filename
  • firmware_update.exe
  • firmware_upgrade_utility.exe
  • ylf_firmware_update.exe
Private Build 2024/07/09 Öܶþ17:23:15.18
Product Name
  • 695X/693X Firmware Update Tool 2.0.5
  • 695X/693X Firmware Update Tool 2.0.6
  • YLF Firmware Update Tool 1.0.25.a
  • 固件升级程序 1.4.42
Product Version
  • 2.0.6.0
  • 2.0.5.0
  • 1.4.42
  • 1.0.25.a

Digital Signatures

Signer Root Status
珠海市杰理科技股份有限公司 - 核心工具部 珠海市杰理科技股份有限公司 - 核心工具部 Hash Mismatch

File Traits

  • big overlay
  • GetConsoleWindow
  • HighEntropy
  • imgui
  • packed
  • x86

Block Information

Total Blocks: 25,065
Potentially Malicious Blocks: 1,216
Whitelisted Blocks: 23,272
Unknown Blocks: 577

Visual Map

0 0 0 0 0 0 0 0 x x ? x x ? x x ? x x ? x x ? x x ? x x ? ? x x ? x x ? x x ? ? x x x ? x x ? x x ? x x ? x x ? ? ? ? ? 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 ? 0 x x 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 ? 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 x x ? 0 0 0 x x 0 0 ? x 0 0 0 x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? x x 0 0 0 ? ? x 0 0 0 0 0 0 0 0 0 0 ? ? ? x x 0 0 x 0 x 0 0 0 0 0 0 0 0 ? x 0 ? 0 0 0 0 0 x x x x ? ? ? 0 0 ? ? 0 0 0 x 0 0 0 0 x 0 x x x x 0 0 0 0 ? x x 0 ? ? ? 0 ? ? 0 ? 0 0 ? ? ? ? ? x 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x ? ? x x ? ? ? ? ? ? 0 ? 0 ? 0 0 0 ? 0 ? 0 ? ? x 0 0 0 x 0 0 0 x 0 0 x x 0 0 0 0 x 0 0 0 0 0 x 0 x x x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 x x ? ? x x x x ? ? ? ? 0 ? x 0 x 0 x 0 0 0 ? ? 0 x 0 ? ? ? x 0 ? ? 0 0 0 0 0 0 0 x x 0 0 0 0 0 x 0 0 0 x x 0 x x x x x 0 x 0 0 0 0 0 0 ? x x x 0 x 0 x ? 0 0 0 0 x 0 0 0 0 0 ? ? 0 ? ? x 0 x ? ? x 0 0 x x x 0 0 x x x x x x 0 x 0 ? x 0 0 x x 0 0 x x x 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 x x 0 x x x x x ? 0 0 ? 0 0 x x x x ? ? ? ? ? x x ? ? x 0 x 0 x x ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x 0 0 x x x 0 x x x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x 0 0 x x x x 0 x x 0 x 0 x ? x x x 0 x x x x x 0 0 0 x 0 0 0 0 0 0 0 ? ? x 0 0 0 0 0 0 0 0 0 0 x x 0 0 x x x x x x ? ? x x ? ? ? x ? ? ? ? 0 0 0 x 0 0 x 0 ? x 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x ? x 0 ? x 0 0 0 0 0 0 0 0 x x 0 0 0 0 x 0 0 0 x 0 ? ? x x x x x x x x x x x x x x x 0 0 x x 0 x x x ? 0 x 0 0 0 0 x 0 ? 0 x x 0 x x x 0 ? 0 x x ? ? ? ? ? 0 0 ? 0 0 0 0 0 x 0 0 x ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? x 0 ? ? ? x x x ? ? x ? ? 0 0 ? 0 0 ? 0 x ? ? ? ? 0 ? x ? x x 0 ? x 0 0 0 ? ? x x ? 0 ? ? 0 ? ? ? ? ? 0 ? ? ? ? x ? 0 ? ? ? 0 ? 0 0 ? 0 x x 0 0 ? ? 0 ? x x ? 0 ? x 0 x 0 x x 0 x x ? ? ? 0 x x 0 x 0 0 ? 0 ? 0 x x x x ? ? ? ? 0 ? ? 0 ? 0 ? ? ? ? ? ? 0 0 0 ? 0 0 0 ? 0 0 x ? x x 0 x 0 0 x x x ? x x 0 0 x x 0 x x 0 x 0 0 0 0 0 0 x 0 x 0 0 0 ? ? 0 x x x 0 x x ? ? ? ? ? ? ? x x 0 0 0 0 ? 0 0 0 0 x ? ? x ? x x x x x x x x x 0 ? 0 0 0 0 0 ? x 0 x x 0 0 0 x x ? x 0 x ? ? ? 0 x x x x ? x x ? x x x x ? x x x ? 0 0 0 0 x ? 0 0 0 0 0 0 x 0 0 ? ? 0 ? x x x x ? x ? ? 0 x x 0 x ? ? ? ? ? ? ? 0 x ? ? ? ? x ? x x x x x x x x ? 0 0 0 0 0 ? x 0 x x 0 0 0 x x x ? x 0 x x x x ? x x x x x x x x ? x x x ? x ? 0 0 0 0 0 0 0 0 0 x 0 ? x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x ? x x ? ? ? 0 0 0 ? ? 0 0 0 x x x x x x x 0 x x ? 0 x x 0 x x ? ? 0 0 0 ? 0 0 x x ? ? 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 x x 0 ? ? ? x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 x x x x x 0 x 0 1 ? 0 0 0 x 0 0 0 x x 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x ? 0 0 0 ? x 0 ? ? x x 0 0 0 0 0 0 ? 0 0 0 x x 0 0 ? x 0 0 0 0 ? ? ? 0 0 ? ? ? ? 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? 0 ? x ? 0 0 0 ? 0 ? 0 x 0 ? ? ? ? 0 ? x 0 0 x x 0 x x x x 0 ? 0 ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x ? ? 0 0 0 x 0 ? ? ? ? ? 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 x 0 x ? x ? ? 0 x x x 0 x 0 0 x 0 0 ? ? x 0 x x ? ? ? 0 x x 0 0 0 0 0 0 0 ? ? 0 x 0 0 0 ? x x x 0 x x ? 0 ? ? x ? 0 ? ? ? x 0 0 ? 0 ? ? 0 0 x ? x ? 0 0 x ? ? ? ? ? ? ? 0 ? ? 0 x x x ? x ? ? 0 x x ? ? ? ? 0 ? ? 0 x ? 0 ? ? ? x 0 x ? ? 0 ? ? 0 ? 0 0 0 ? 0 0 x ? ? 0 0 ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 x ? ? x 0 ? 0 ? x x x x ? ? 0 ? x x x x 0 x ? 0 0 x x 0 ? x x x 0 x x x x 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Amonetize.FBC
  • Zusy.AB
  • Zusy.AF

Files Modified

File Attributes
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\wkssvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\fu\1484\data\20210803-sp5268-a6 - o,.jocn Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\fu\1484\data\config - o,.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\fu\1484\data\config.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\fu\1484\data\ps4.jocn Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\fu\1484\data\ps4.ps4 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\fu\5468\data\bt_update_.bin Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\fu\5468\data\config.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\fu\5468\data\isd_config.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\appdata\local\temp\fu\5468\data\jl_isd.fw Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\fu\5468\data\update_.ufw Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\fu\5744\data\config.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\fu\5744\data\jl_isd.fw Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\fu\6068\data\20210803-sp5268-a6 - o,.jocn Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\fu\6068\data\20211210-sw01b-a6.jocn Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\fu\6068\data\config - o,.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\fu\6068\data\config.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\fu\6068\data\ps4.jocn Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\fu\6068\data\ps4.ps4 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\fu\6244\data\config.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\fu\6244\data\jl_isd.fw Generic Read,Write Data,Write Attributes,Write extended,Append data

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
  • OutputDebugString
User Data Access
  • GetUserObjectInformation
Other Suspicious
  • SetWindowsHookEx
Encryption Used
  • CryptAcquireContext
Cert Store Read
  • CertOpenSystemStore
Network Info Queried
  • GetAdaptersAddresses
  • GetAdaptersInfo

Trending

Most Viewed

Loading...