Behavioral task
behavioral1
Sample
12d3dc8a4fd8a2ebe6a839cce59920156d55e8d06fe2a5c95ad60419086877bb.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
12d3dc8a4fd8a2ebe6a839cce59920156d55e8d06fe2a5c95ad60419086877bb.exe
Resource
win10v2004-20240412-en
General
-
Target
a66dbe6506867f6ab03251cb0b56456792a9bab4f1dcc6c33d08e1efb1b919a1
-
Size
28KB
-
MD5
732f2b92c380c5cd4061d6bfc9712a0f
-
SHA1
ece7940bf490b9610bd4426e6399c5846fcfd033
-
SHA256
a66dbe6506867f6ab03251cb0b56456792a9bab4f1dcc6c33d08e1efb1b919a1
-
SHA512
4669357b9dc0f51c1c4877023bff27dc492d1e2ed2f8cc7da04e33e766fc312960fd3d023b5e07be5ba975dd792c78167cd943f19271d2a5aa5e55394c6fcccb
-
SSDEEP
768:3VMIpk80aX5wPHfQimm0q5ct8ava8dBgqffpjdxZ:SIHKmAevjhF
Malware Config
Signatures
-
Smokeloader family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/12d3dc8a4fd8a2ebe6a839cce59920156d55e8d06fe2a5c95ad60419086877bb.exe
Files
-
a66dbe6506867f6ab03251cb0b56456792a9bab4f1dcc6c33d08e1efb1b919a1.zip
Password: infected
-
12d3dc8a4fd8a2ebe6a839cce59920156d55e8d06fe2a5c95ad60419086877bb.exe.exe windows:1 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE