2024-12-26_3c9f07fe42e12769e69df75c7237d3cf_smoke-loader_wapomi

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-26_3c9f07fe42e12769e69df75c7237d3cf_smoke-loader_wapomi
Size

97KB
MD5

3c9f07fe42e12769e69df75c7237d3cf
SHA1

8b093539e667ff7ab1e0c9ed5442e5783023fa79
SHA256

de52ade1c9a21ce4c505ea7bb7d9ea353af273ae3bbd481ffc3c919c7ddf1eb8
SHA512

997c94ee7aa9d2f8f643b0c2c7b51db715d6246d3238c0a295aef449fc61ea0ef92bb9b9204d3767b0be4f10210e1b6fe53e7da9ae136ed515e829397dc1304e
SSDEEP

1536:tAqjKy4CvMHFl3LZRAAwLdn2pkhPP79+W7tduPGCq2iW7z:aqjH4Cv8NEAwLNYkhPp+W7td0GCH

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-12-26_3c9f07fe42e12769e69df75c7237d3cf_smoke-loader_wapomi

Files

2024-12-26_3c9f07fe42e12769e69df75c7237d3cf_smoke-loader_wapomi
.exe windows:4 windows x86 arch:x86

abebe9e29947f8bf8f306f257ed362cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\HandleCountersView\Release\HandleCountersView.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
__p__fmode
_onexit
__dllonexit
_wcslwr
strlen
qsort
_purecall
_wcsnicmp
memmove
free
modf
_memicmp
_wtoi
__set_app_type
_controlfp
_except_handler3
_c_exit
memcmp
wcstoul
wcsrchr
malloc
_wcsicmp
wcscmp
wcslen
_itow
??2@YAPAXI@Z
wcschr
memcpy
??3@YAXPAX@Z
_ultow
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_SetImageCount
ord17
ImageList_Add
ImageList_Create
ImageList_AddMasked
CreateToolbarEx
CreateStatusWindowW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

Process32FirstW
ExitProcess
GetCurrentProcessId
ReadProcessMemory
DeleteFileW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
GetModuleHandleW
SetErrorMode
GetStdHandle
GetTickCount
EnumResourceNamesW
LoadLibraryW
GetProcAddress
FreeLibrary
GetTempFileNameW
SizeofResource
GlobalLock
GetFileSize
FormatMessageW
GetVersionExW
CloseHandle
GetWindowsDirectoryW
GetFileAttributesW
WriteFile
ReadFile
FindResourceW
GetModuleFileNameW
LockResource
LoadResource
CreateFileW
LocalFree
lstrcpyW
GlobalAlloc
lstrlenW
LoadLibraryExW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
GetCurrentProcess
GetLastError
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW

user32

SetForegroundWindow
GetMessageW
PostQuitMessage
TrackPopupMenu
SetCursor
ReleaseDC
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetDC
GetWindow
EndDialog
DispatchMessageW
GetDlgItem
GetWindowRect
DrawFrameControl
GetDlgItemInt
SetWindowTextW
InvalidateRect
UpdateWindow
SendMessageW
SetWindowPlacement
SetDlgItemTextW
EndPaint
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
BeginPaint
DeferWindowPos
GetClientRect
CreateWindowExW
SendDlgItemMessageW
LoadAcceleratorsW
DefWindowProcW
PostMessageW
RegisterClassW
TranslateAcceleratorW
MessageBoxW
SetMenu
SetWindowPos
GetForegroundWindow
LoadImageW
GetWindowLongW
GetSysColor
SetFocus
OpenClipboard
CheckMenuItem
GetMenuStringW
GetMenuItemCount
CloseClipboard
CheckMenuRadioItem
SetClipboardData
GetCursorPos
EnableWindow
GetParent
MapWindowPoints
GetMenu
GetSubMenu
EmptyClipboard
EnableMenuItem
InsertMenuItemW
GetClassNameW
MoveWindow
EnumChildWindows
LoadStringW
DestroyWindow
GetDesktopWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
SetMenuItemInfoW
DestroyIcon
GetKeyState
CreatePopupMenu
LoadIconW
GetMonitorInfoW
SetTimer
EndDeferWindowPos
IsDialogMessageW
TranslateMessage
BeginDeferWindowPos
DrawTextExW
InsertMenuW
RemoveMenu
KillTimer
MonitorFromWindow
RegisterWindowMessageW
SetWindowLongW

gdi32

DeleteObject
GetTextExtentPoint32W
SetBkColor
GetStockObject
CreateCompatibleBitmap
SetStretchBltMode
StretchBlt
GetObjectW
GetPixel
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkMode

comdlg32

FindTextW
GetSaveFileNameW

advapi32

GetTokenInformation
OpenProcessToken

shell32

ShellExecuteExW
Shell_NotifyIconW
SHGetFileInfoW
ShellExecuteW

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

q��u
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

abebe9e29947f8bf8f306f257ed362cd

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 19KB - Virtual size: 19KB

q����u Size: 16KB - Virtual size: 20KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 19KB - Virtual size: 19KB

q��u
Size: 16KB - Virtual size: 20KB