General
-
Target
1644-3-0x0000000000400000-0x000000000040B000-memory.dmp
-
Size
44KB
-
MD5
8d37d41360f730c8e3400c59ff77a419
-
SHA1
bc2bf45e93179b97afe7dcee3fe545aa206bbf04
-
SHA256
6ab19ad00ea87b3e86632b092cf1d960d740e121043f7795dad659c585f30dc2
-
SHA512
f81486421a0e6bd25e8440219e1414797915a9f70f3383d12d08b1e871f5b8479c33a14a186fd002960893a253306434918b07e804dcea3bf4324a7bb13bb5a8
-
SSDEEP
768:Z/8mWE+vc456DhR8ZSDc28hO3c3VgDeoVZnE:2a+0456DhR8658533s
Score
10/10
Malware Config
Extracted
Family
smokeloader
Botnet
pub2
Signatures
-
Smokeloader family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1644-3-0x0000000000400000-0x000000000040B000-memory.dmp
Files
-
1644-3-0x0000000000400000-0x000000000040B000-memory.dmp.exe windows:1 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 36KB - Virtual size: 36KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE