Behavioral task
behavioral1
Sample
2200-0-0x0000000000400000-0x0000000000409000-memory.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2200-0-0x0000000000400000-0x0000000000409000-memory.exe
Resource
win10v2004-20230915-en
General
-
Target
2200-0-0x0000000000400000-0x0000000000409000-memory.dmp
-
Size
36KB
-
MD5
c0403905c8a221c5c7203d201696331c
-
SHA1
52485797f8cc6bc9ccbacbafba8788591ef08bdb
-
SHA256
9fc0963f0d5d9348e4798855b19369c32871218b98d41484853d3421ee169f3f
-
SHA512
230013ad7a12d20771ceab5f03f3095db9c73e18a2433acc0d9da57847dfa676271693ea75104fbbcff85764213bed184ff562c3d52408b337128e5cf86cb6c4
-
SSDEEP
768:OkUqYDNyKIoKpDd1KM02kQhx4hOtFceWzYqvz:zLi8KLKtd1PBkQD4UtFceWnz
Malware Config
Signatures
-
Smokeloader family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2200-0-0x0000000000400000-0x0000000000409000-memory.dmp
Files
-
2200-0-0x0000000000400000-0x0000000000409000-memory.dmp.exe windows:1 windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE