2025-01-05_d82a980ee6db919c1690f05a45296ae3_smoke-loader_wapomi

Sharing

Copy URL

Twitter E-mail

General

Target

2025-01-05_d82a980ee6db919c1690f05a45296ae3_smoke-loader_wapomi
Size

89KB
MD5

d82a980ee6db919c1690f05a45296ae3
SHA1

86f78aa7a2f50e7c8207838a0acdc2ffeddae8e9
SHA256

c4b6e077dc15c835cb22bac9d2e8ea69eb104066766e496a88c7a095f494a6f8
SHA512

a65674d5e7dfd7dc9c8f0d94bdce6d80217c18c20f294faff1f6cc9b104c6baff80a5ca93c9870b6f2b9a18fac1af3587c568856f26cc54ec59a72d75160e791
SSDEEP

1536:KMcrVadgJZ69WxVz7MW/UXVue/mSDb4kAGCq2iW7z:ncr8dgAy57elue/mSDbQGCH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-01-05_d82a980ee6db919c1690f05a45296ae3_smoke-loader_wapomi

Files

2025-01-05_d82a980ee6db919c1690f05a45296ae3_smoke-loader_wapomi
.exe windows:5 windows x86 arch:x86

d8f80d6c0748ade32a8be7361185ae4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrToIntW
PathFileExistsW

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryExW
FreeLibrary
lstrcpynW
GlobalAlloc
ExitProcess
GetPrivateProfileIntW
CloseHandle
ReadFile
CreateFileW
GetVolumeInformationW
SetErrorMode
GetDriveTypeW
lstrlenW
GetLogicalDrives
GetTickCount
CopyFileW
GetPrivateProfileStringW
GetModuleFileNameW
GetModuleHandleW
GetEnvironmentVariableW
MultiByteToWideChar
SetFilePointer

user32

SendMessageA
FindWindowA
SetForegroundWindow
GetAsyncKeyState
GetWindowTextW
FindWindowW
DispatchMessageA
GetMessageA
CreateWindowExA
MessageBoxA
RegisterClassA
RegisterWindowMessageA
CreatePopupMenu
GetCursorPos
InsertMenuItemW
SetMenuDefaultItem
EnableMenuItem
TrackPopupMenu
DestroyMenu
LoadImageW
DestroyIcon
DefWindowProcA
DestroyWindow
PostQuitMessage
CharNextW
CharPrevW
LoadStringW
LoadImageA

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegDeleteValueW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW

msvcr90

free
_vsnwprintf
memset
malloc

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�R�C�u�
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d8f80d6c0748ade32a8be7361185ae4f

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

msvcr90

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 63KB - Virtual size: 62KB

�R�C�u� Size: 16KB - Virtual size: 20KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 63KB - Virtual size: 62KB

�R�C�u�
Size: 16KB - Virtual size: 20KB