2024-12-21_e25dad8709bfd24b7b6d6d1f4fa08cad_smoke-loader_vidar_wapomi

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-21_e25dad8709bfd24b7b6d6d1f4fa08cad_smoke-loader_vidar_wapomi
Size

340KB
MD5

e25dad8709bfd24b7b6d6d1f4fa08cad
SHA1

756ef7d1b46058a8f9a0ac970d70a6b99ad7f714
SHA256

f3a03b31eab9cfe7b1fb24cabcd6636a4e6a6d4305933673f79c0c3057d5e1c2
SHA512

5b4ad8516344a93a417675f02b15b9a809362253515ec97549b1e82b99c339957ebbfd122cbca92ff0164fb926c7549b490443e0ae37c56208f186f7a576f8f0
SSDEEP

6144:NJNZY5Qyj72EDV60+Al55WmYkIcMWgwwBehAt1qh:PP4n2yDBYkIYwBeA

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-12-21_e25dad8709bfd24b7b6d6d1f4fa08cad_smoke-loader_vidar_wapomi

Files

2024-12-21_e25dad8709bfd24b7b6d6d1f4fa08cad_smoke-loader_vidar_wapomi
.exe windows:4 windows x86 arch:x86

39a4725ac6d0f62ea1ec8d89b77b7604

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\BrowserAddonsView\Release\BrowserAddonsView.pdb

Imports

msvcrt

__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_gmtime64
strftime
strcmp
strlen
qsort
_wcslwr
_itow
memmove
_wcmdln
malloc
_ultow
wcscmp
free
modf
_memicmp
_c_exit
wcstoul
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
_purecall
_wcsnicmp
exit
wcsncat
_cexit
_XcptFilter
_exit
_wtoi
_wcsicmp
_wtoi64
wcsrchr
wcslen
wcschr
wcscpy
memset
wcscat
_snwprintf
__p__fmode
__set_app_type
_controlfp
_except_handler3
_onexit
__dllonexit
memcmp
realloc

comctl32

ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount
CreateStatusWindowW
CreateToolbarEx
ImageList_ReplaceIcon

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

GetDiskFreeSpaceA
CreateFileA
GetFullPathNameA
InitializeCriticalSection
GetFullPathNameW
DeleteFileA
GetDiskFreeSpaceW
AreFileApisANSI
EnterCriticalSection
GetSystemTime
LockFileEx
Sleep
SetEndOfFile
LeaveCriticalSection
GetFileAttributesA
QueryPerformanceCounter
GetModuleHandleA
GetStartupInfoW
GetSystemInfo
FormatMessageA
GetTempPathA
GetSystemTimeAsFileTime
UnlockFileEx
FileTimeToSystemTime
SystemTimeToFileTime
CloseHandle
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
GetFileSize
CompareFileTime
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetTickCount
CreateFileW
FindResourceW
lstrcpyW
LoadResource
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
lstrlenW
GlobalAlloc
GetSystemDirectoryW
LoadLibraryExW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
GetCurrentProcess
GetLastError
GetLocaleInfoW
FindNextFileW
SizeofResource
GlobalLock
GetDateFormatW
GetTempFileNameW
FormatMessageW
FindClose
GetVersionExW
FindFirstFileW
GetWindowsDirectoryW
SetFilePointer
GetTimeFormatW
GetFileAttributesW
ReadFile
GetNumberFormatW
WriteFile
GetModuleFileNameW
LockResource
LocalFree
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetStdHandle
DeleteFileW
SetErrorMode
GetCurrentDirectoryW
ReadProcessMemory
GetCurrentProcessId
ExitProcess
OpenProcess
EnumResourceTypesW
GetFileAttributesExW
DeleteCriticalSection
InterlockedCompareExchange
UnlockFile
FlushFileBuffers
LockFile

user32

GetMonitorInfoW
MonitorFromWindow
RemoveMenu
InsertMenuW
DrawTextExW
TranslateMessage
IsDialogMessageW
DispatchMessageW
GetMessageW
SetCursor
ReleaseDC
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetDC
GetDlgItem
GetWindowRect
DrawFrameControl
GetDlgItemInt
SetWindowTextW
InvalidateRect
UpdateWindow
SendMessageW
SetWindowPlacement
SetDlgItemTextW
GetDlgItemTextW
EndPaint
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
BeginPaint
DeferWindowPos
GetClientRect
CreateWindowExW
SendDlgItemMessageW
GetWindow
EndDialog
SetWindowLongW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
SetMenu
SetWindowPos
LoadAcceleratorsW
LoadImageW
LoadIconW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetParent
KillTimer
SetTimer
GetMenu
GetSubMenu
EmptyClipboard
EnableMenuItem
InsertMenuItemW
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
CheckMenuItem
GetMenuItemCount
CloseClipboard
CheckMenuRadioItem
GetCursorPos
SetClipboardData
EnableWindow
MapWindowPoints
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
GetDesktopWindow
GetWindowTextW
LoadMenuW
SetMenuItemInfoW
GetKeyState
CreatePopupMenu
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage

gdi32

SetStretchBltMode
StretchBlt
SetBkColor
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
GetPixel
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW
GetDeviceCaps
GetTextExtentPoint32W
GetStockObject
CreateCompatibleBitmap

comdlg32

FindTextW
GetSaveFileNameW
ChooseFontW

advapi32

RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetFileInfoW
ShellExecuteW

Sections

.text
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�l��u�
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

39a4725ac6d0f62ea1ec8d89b77b7604

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 256KB - Virtual size: 256KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 3KB - Virtual size: 9KB

.rsrc Size: 23KB - Virtual size: 23KB

�l ��u� Size: 16KB - Virtual size: 20KB

.text
Size: 256KB - Virtual size: 256KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 3KB - Virtual size: 9KB

.rsrc
Size: 23KB - Virtual size: 23KB

�l��u�
Size: 16KB - Virtual size: 20KB