General
-
Target
1732-240-0x0000000000400000-0x0000000000409000-memory.dmp
-
Size
36KB
-
MD5
150e37136092447f8136084a019354d8
-
SHA1
c12d6f0a9bf293061401a63dd5d06e698249b447
-
SHA256
1dcb02475d9c35f99f8ee52a1a894d738e8ce5c21df5f573f677aec76955a882
-
SHA512
b7a33e35b03b935308702c3706d5fbfccda655494a5db159678fefee204be659877f5317e4388121f4b592e9abbb2ba80637cb62855dddc20c53f6e9be1d5b11
-
SSDEEP
768:OkUqYDNb7IoKpDd1KM02kQhx4hOtFceWzYqvz0bOS:zLi9LKtd1PBkQD4UtFceWnz
Score
10/10
Malware Config
Extracted
Family
smokeloader
Botnet
pub1
Signatures
-
Smokeloader family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1732-240-0x0000000000400000-0x0000000000409000-memory.dmp
Files
-
1732-240-0x0000000000400000-0x0000000000409000-memory.dmp.exe windows:1 windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE