Behavioral task
behavioral1
Sample
bf4e0ba12be5590ba80c2d595c166a8c2d36d6baf2770c8d1da20e64ea898367.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
bf4e0ba12be5590ba80c2d595c166a8c2d36d6baf2770c8d1da20e64ea898367.exe
Resource
win10v2004-20231215-en
General
-
Target
b67151e07936533f3b38355566e47650.bin
-
Size
27KB
-
MD5
b5255c5f8e9ebdecfa256bd14c044f3b
-
SHA1
f7982b864cd94d125abf5c7fba8b651271218227
-
SHA256
4476d2f506d9dc9e9cc87a71fd8aae6ba6a3c40ee3ad531dc19d87adcec08a77
-
SHA512
2880bfbfd0a0b6bfa5ba578251aae7c6d9feb17967fd15098079a4f3d84733932e43b7da9a100210a9ce6a9ce257c52e07bdb110f45517f0b7614562515b467f
-
SSDEEP
768:QsV0OQ2BzlP3avdMo6AaHOSOiikSGN55USeYjS5DevJKd+:QfQxIdMBAauSFSaWoScvJK8
Malware Config
Signatures
-
Smokeloader family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/bf4e0ba12be5590ba80c2d595c166a8c2d36d6baf2770c8d1da20e64ea898367.exe
Files
-
b67151e07936533f3b38355566e47650.bin.zip
Password: infected
-
bf4e0ba12be5590ba80c2d595c166a8c2d36d6baf2770c8d1da20e64ea898367.exe.exe windows:1 windows x86 arch:x86
Password: infected
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE