2024-11-21_522efb5b3cb22835440c644e61bc11d2_smoke-loader_wapomi

Sharing

Copy URL

Twitter E-mail

General

Target

2024-11-21_522efb5b3cb22835440c644e61bc11d2_smoke-loader_wapomi
Size

186KB
MD5

522efb5b3cb22835440c644e61bc11d2
SHA1

a42ad5db98986a4766a9bc5b3b4cae2b4571a98e
SHA256

7e39fbc1ee8912cfe06944f8f411415ab6c46784b05246e38ac5ea62b608f8aa
SHA512

425462ca8cd51f2be284ca1bc0e3ae3803b39bc5d80c2fbbe3a65061babdaf0a3950c5de5118bb9b3e0acb88bce4bd5757d723b4db150f971fe2029d82f07ed1
SSDEEP

3072:f1BlffKkK9lP1vnUCAy+4s1CIyc+g/HjPOnfnfOKwh8KGCH:3BK9FrAyBIy6afOvhw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-11-21_522efb5b3cb22835440c644e61bc11d2_smoke-loader_wapomi

Files

2024-11-21_522efb5b3cb22835440c644e61bc11d2_smoke-loader_wapomi
.exe windows:5 windows x86 arch:x86

6ad0bf8cef020fabf98f860e8320eb40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Build\Kies2.0\Trunk\Output\Release(x86)\Program Files\Common Files\ConnectionManager.pdb

Imports

deviceservicecbt

?NPSCBT_Open@@YAJPAEW4BTSERVICETYPE@@PA_W@Z
?NPSCBT_Search_Stop@@YAJXZ
?NPSCBT_Init@@YAJXZ
?NPSCBT_Deinit@@YAJXZ

ws2_32

WSACleanup
closesocket
WSAGetLastError
shutdown
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACloseEvent
recv
WSAStartup
inet_addr
htons
socket
connect
getsockopt
setsockopt
WSAIoctl
WSACreateEvent
WSAEventSelect
send

kernel32

EnterCriticalSection
DeleteCriticalSection
CloseHandle
SetEvent
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
ReleaseMutex
GetCurrentProcessId
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
WaitForMultipleObjects
OpenProcess
CreateThread
WaitForSingleObject
lstrlenW
GetModuleFileNameW
Sleep
GetLastError
CreateMutexW
MultiByteToWideChar
LocalFree
LocalAlloc
FormatMessageW
ResetEvent
DeviceIoControl
CreateFileW
GetDriveTypeW
WideCharToMultiByte
GetTickCount
GetVersionExW
OutputDebugStringW
GetCurrentProcess
GetProcAddress
GetModuleHandleW
FreeLibrary
WriteFile
QueryPerformanceCounter
QueryPerformanceFrequency
GetLocalTime
GetCommandLineW
PurgeComm
EscapeCommFunction
SetCommMask
ClearCommError
GetOverlappedResult
ReadFile
WaitCommEvent
SetCommTimeouts
SetCommState
GetCommState
SetupComm
GetCommModemStatus
TerminateThread
RaiseException
OutputDebugStringA
HeapFree
GetProcessHeap
LeaveCriticalSection
CreateEventW
InitializeCriticalSection
HeapDestroy
HeapAlloc
GetSystemTimeAsFileTime
HeapReAlloc
HeapSize
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

user32

DispatchMessageW
TranslateMessage
wsprintfW
PostMessageW
RegisterWindowMessageW
GetMessageW
PostThreadMessageW
CharNextW
CharUpperW

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyW

shell32

ord165
SHGetSpecialFolderPathW

ole32

CoInitialize
CoResumeClassObjects
CoSuspendClassObjects
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

RegisterTypeLi
UnRegisterTypeLi
VARIANT_UserSize
VARIANT_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserFree
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
SafeArrayCreateVector
BSTR_UserFree
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
SafeArrayCreate
SafeArrayLock
SafeArrayUnlock
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCopy
SafeArrayGetVartype
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocString
SysAllocStringLen
VariantClear
VariantInit
SysFreeString

atl90

ord23
ord61
ord31
ord17
ord32
ord30
ord67
ord49
ord56
ord68
ord64
ord20
ord58

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr90

?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_vsnwprintf_s
swscanf_s
wcscspn
wcsspn
_wtoi
swprintf_s
_wcsupr_s
wcschr
_crt_debugger_hook
_wcsicmp
_resetstkoflw
malloc
_XcptFilter
memset
calloc
_recalloc
vswprintf_s
_vscwprintf
free
memmove_s
memcpy_s
memcpy
??_V@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??3@YAXPAX@Z
_invoke_watson
_controlfp_s
wcsstr
??2@YAPAXI@Z
vsprintf_s
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
_except_handler4_common
sprintf_s
_vsnprintf_s
wcsnlen
strnlen
wcsncpy_s
wcscat_s
_vscprintf

rpcrt4

IUnknown_QueryInterface_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2
NdrCStdStubBuffer2_Release
IUnknown_AddRef_Proxy
NdrOleAllocate
NdrOleFree

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 266B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_+��u2
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6ad0bf8cef020fabf98f860e8320eb40

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

deviceservicecbt

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

atl90

setupapi

msvcp90

msvcr90

rpcrt4

Sections

.text Size: 97KB - Virtual size: 96KB

.orpc Size: 512B - Virtual size: 266B

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 15KB - Virtual size: 14KB

_+��u2 Size: 16KB - Virtual size: 20KB

.text
Size: 97KB - Virtual size: 96KB

.orpc
Size: 512B - Virtual size: 266B

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 15KB - Virtual size: 14KB

_+��u2
Size: 16KB - Virtual size: 20KB