Behavioral task
behavioral1
Sample
ab99af2866f3e87cbf63d9c3200b88c16cadb2127cc1b59b788c28cfa53d33cc.exe
Resource
win7-20231215-en
General
-
Target
3766ae21daf5a63d48270894d2d264c4.bin
-
Size
27KB
-
MD5
2deec421955172bdc567cb9e26bf61be
-
SHA1
481a35ca5d1258b13bbbfed34554ccc1f9e739b5
-
SHA256
2f60509db3097dd3055cb05f24028d05e42c5a078fd991d2baa6db1a3e1a7713
-
SHA512
d5e112487b0b4652d1f66ea766ad21a5f5fee4e28752a0cad379d2b90dbe5aea12c3c302e4be8a3b6b90466b598e55da94f36ef6774792dedae7489920a9cbf1
-
SSDEEP
768:HUeJTUeMy5kNJaZhOZkarPCrVtuHrNtOd4VGl:rJxhu7aKWarPQueU2
Malware Config
Signatures
-
Smokeloader family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/ab99af2866f3e87cbf63d9c3200b88c16cadb2127cc1b59b788c28cfa53d33cc.exe
Files
-
3766ae21daf5a63d48270894d2d264c4.bin.zip
Password: infected
-
ab99af2866f3e87cbf63d9c3200b88c16cadb2127cc1b59b788c28cfa53d33cc.exe.exe windows:1 windows x86 arch:x86
Password: infected
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE