2024-12-15_dbc53e268807f9ac59c979a00253352b_smoke-loader_wapomi

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-15_dbc53e268807f9ac59c979a00253352b_smoke-loader_wapomi
Size

11.2MB
MD5

dbc53e268807f9ac59c979a00253352b
SHA1

74cab7dea91af5d2ba383fc7bd2395ccc058452a
SHA256

c881aa74c4a52b78c63e2913514ebc8d20b4f6e3fee3f95bceb9565ce3721b1e
SHA512

3d43d54cebaf732fb7b528cd06a1dff345745689ea409cd4197403daae11854b56e57dd62968ffdfad97a4cb4e6423917dac437737da9fdc06c71bcbfd75def1
SSDEEP

196608:6ixCfr91JP/l5iwnbF3OoPNlqkUBg6FSLuEzB3:6ixCfLZ/5nbF3O6NlqkUBgBP3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-12-15_dbc53e268807f9ac59c979a00253352b_smoke-loader_wapomi

Files

2024-12-15_dbc53e268807f9ac59c979a00253352b_smoke-loader_wapomi
.exe windows:4 windows x86 arch:x86

d3a0e2ce263915eb6eab704932dcebb1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\vss-od\Silkroad\Client\Out\SRO_Client.pdb

Imports

gdi32

CreateFontIndirectA
SetTextColor
SetBkMode
SetPixel
GetPixel
SetDIBColorTable
CreateCompatibleDC
RealizePalette
SelectPalette
SetPaletteEntries
GetTextMetricsA
CreateDIBSection
CreateFontA
GetDeviceGammaRamp
GetTextExtentPoint32W
GetTextExtentPoint32A
GetStockObject
GetDIBits
GetObjectA
SetBkColor
CreateSolidBrush
RemoveFontResourceA
AddFontResourceA
BitBlt
DeleteObject
SetDeviceGammaRamp
SelectObject
CreatePalette
GetGlyphOutlineW
DeleteDC

advapi32

GetUserNameA
OpenProcessToken
GetTokenInformation
EqualSid
RegCloseKey
RegSetValueExA
RegCreateKeyExA
FreeSid
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
AllocateAndInitializeSid

user32

CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
CreateWindowExA
IsCharAlphaW
IsCharAlphaNumericW
SetCursorPos
ScreenToClient
GetCursorPos
GetActiveWindow
SetRect
PostMessageA
GetWindowThreadProcessId
EndDialog
SetWindowPos
MessageBoxA
GetWindowRect
HideCaret
GetKeyState
SendMessageA
GetWindow
IsWindow
FindWindowA
SetFocus
CallNextHookEx
SetCursor
GetWindowTextA
wsprintfA
DefWindowProcA
PostQuitMessage
ChangeDisplaySettingsA
SystemParametersInfoA
EnumDisplaySettingsA
ClipCursor
GetClassLongA
ShowCaret
SetMenu
DestroyAcceleratorTable
LoadMenuA
RegisterClassA
DestroyMenu
GetIconInfo
EnableWindow
CheckRadioButton
SetWindowTextA
AppendMenuA
CreatePopupMenu
CreateMenu
CharNextExA
CallWindowProcA
UnhookWindowsHookEx
SetWindowLongA
GetWindowLongA
SetWindowsHookExA
PtInRect
AdjustWindowRect
GetClientRect
GetDesktopWindow
RegisterClassExA
LoadCursorA
DestroyWindow
LoadIconA
ShowWindow
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
PeekMessageA
RegisterHotKey
LoadAcceleratorsA
SetForegroundWindow
LoadStringA
MoveWindow
GetKeyboardLayout
GetFocus
GetMenu
IsDlgButtonChecked
GetDC
ReleaseDC
UpdateWindow
MessageBoxW
CharNextA
CharNextW
DialogBoxParamA
GetSystemMetrics
GetDlgItem
SetWindowTextW

imm32

ImmGetCandidateWindow
ImmSetConversionStatus
ImmGetConversionStatus
ImmNotifyIME
ImmSetCandidateWindow
ImmGetCompositionStringW
ImmGetContext
ImmReleaseContext
ImmGetProperty
ImmAssociateContext

kernel32

LCMapStringA
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetCPInfo
HeapSize
LCMapStringW
HeapCreate
HeapDestroy
HeapReAlloc
VirtualAlloc
VirtualFree
FatalAppExitA
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
SetConsoleCtrlHandler
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStdHandle
InterlockedExchange
Sleep
CloseHandle
WriteFile
CreateFileW
ReadFile
GetFileSize
CreateFileA
lstrlenA
GetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
ResetEvent
CreateEventA
DeleteFileA
CreateDirectoryA
SetCurrentDirectoryA
MultiByteToWideChar
SetEvent
WaitForSingleObject
CreateThread
OutputDebugStringA
GetTickCount
GetModuleFileNameA
VirtualQuery
lstrcmpW
GetACP
GetVersion
GlobalUnlock
GlobalLock
Beep
GetProcAddress
GetModuleHandleA
CreateMutexA
WinExec
GetCurrentProcess
GetCurrentProcessId
GetLocalTime
SetUnhandledExceptionFilter
CompareStringA
FindClose
FindFirstFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
GetSystemDirectoryA
FindNextFileA
SetFileAttributesA
GetCommandLineA
FreeLibrary
LoadLibraryA
GetLocaleInfoA
GetThreadLocale
GetVersionExA
lstrcmpA
GetSystemInfo
IsProcessorFeaturePresent
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
LockResource
LoadResource
SizeofResource
FindResourceA
FindResourceW
GetFullPathNameA
lstrcmpiA
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
TerminateProcess
GetStartupInfoA
UnhandledExceptionFilter
ExitProcess
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
GlobalFree
GlobalAlloc
GlobalMemoryStatus
SetLastError
Process32First
Process32Next
CreateToolhelp32Snapshot
Module32First
Module32Next
CopyFileA
GetFileAttributesA
GetCurrentDirectoryA
QueryPerformanceCounter
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringW
SetEnvironmentVariableA
TerminateThread
SetThreadPriority
ExitThread
lstrcpyA
lstrcatA
GetExitCodeThread
VirtualProtect
GetSystemDefaultLangID
_lwrite
QueryPerformanceFrequency
MulDiv
lstrcpynA
ResumeThread
GetWindowsDirectoryA
SuspendThread
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
FlushViewOfFile
ReleaseSemaphore
SleepEx
FlushInstructionCache
GetCurrentThreadId

shell32

ShellExecuteW
ShellExecuteA
SHGetSpecialFolderPathA
ExtractIconExA

wininet

InternetCloseHandle
InternetGetLastResponseInfoA
FtpSetCurrentDirectoryA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpDeleteFileA
FtpRenameFileA
InternetOpenA
FtpOpenFileA
FtpGetFileA
FtpGetCurrentDirectoryA
InternetFindNextFileA
FtpFindFirstFileA
DeleteUrlCacheEntry
FtpPutFileA
InternetCrackUrlA
InternetConnectA
InternetWriteFile

urlmon

URLDownloadToFileA

ws2_32

inet_ntoa
WSAGetOverlappedResult
gethostname
WSAResetEvent
WSAWaitForMultipleEvents
gethostbyaddr
ntohs
inet_addr
WSACleanup
closesocket
bind
htonl
htons
socket
WSACloseEvent
WSARecvFrom
WSASendTo
WSAStartup
getsockname
select
WSAGetLastError
connect
ioctlsocket
send
WSACreateEvent
recvfrom
gethostbyname
sendto
accept
getpeername
getsockopt
WSASend
listen
WSASocketA
shutdown
WSAIoctl
WSARecv
setsockopt
WSASetEvent

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ddraw

DirectDrawCreateEx

iphlpapi

GetAdaptersInfo
GetTcpTable

winmm

timeGetTime
mmioAscend
mmioRead
mmioDescend
mmioGetInfo
mmioCreateChunk
mmioSeek
mmioSetInfo
mmioAdvance
mmioWrite
mmioClose
mmioOpenA
timeSetEvent
timeKillEvent

d3d9

Direct3DCreate9

ole32

CoCreateGuid
CoUninitialize
CoInitialize

dsound

ord11

Exports

Exports

fcEXP

Sections

.text
Size: 9.5MB - Virtual size: 9.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 232KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

W�!�u
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d3a0e2ce263915eb6eab704932dcebb1

Headers

File Characteristics

PDB Paths

Imports

gdi32

advapi32

user32

imm32

kernel32

shell32

wininet

urlmon

ws2_32

version

ddraw

iphlpapi

winmm

d3d9

ole32

dsound

Exports

Exports

Sections

.text Size: 9.5MB - Virtual size: 9.5MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 232KB - Virtual size: 2.7MB

.rsrc Size: 276KB - Virtual size: 272KB

W�!�u Size: 20KB - Virtual size: 20KB

.text
Size: 9.5MB - Virtual size: 9.5MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 232KB - Virtual size: 2.7MB

.rsrc
Size: 276KB - Virtual size: 272KB

W�!�u
Size: 20KB - Virtual size: 20KB