Extracted

• • Target

    ef059b331095741327d4ee779f61ad65a2054e169b7310f50751c4b87bf65deaN

  • Size

    153KB

  • MD5

    d03522eb73c5821b756cad356c5c18e0

  • SHA1

    b9b07b9e9a70a236570c569ebaf4ee6cd1f7e74a

  • SHA256

    ef059b331095741327d4ee779f61ad65a2054e169b7310f50751c4b87bf65dea

  • SHA512

    309feee097f7f0b0844cc5120d7b8ed087b5d06233b6a55d15e353f39e3d7e49449bcc3cc19aa77bf5fefc0190d152ec594ffade99633a09d83693e09f6ce882

  • SSDEEP

    3072:ETYpZuF8Ztvu/pQuQweBRce7ePeQH9WW:ETDwRuhdCkPeQHv

  Score

  10^/10

  smokeloadernew2backdoordiscoverytrojanupx

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Smokeloader family

    smokeloader

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2