2025-03-29_a7bbb40aef72cf06d1a8c5b0e66dbe48_amadey_smoke-loader

Sharing

Copy URL

Twitter E-mail

General

Target

2025-03-29_a7bbb40aef72cf06d1a8c5b0e66dbe48_amadey_smoke-loader
Size

5.4MB
MD5

a7bbb40aef72cf06d1a8c5b0e66dbe48
SHA1

d1798214be8fc9560171cf7f494d74fae8068690
SHA256

71480badcc77eecc234eb1e084998cd39d6a6615405c8d49a573dcb9ad1eea0e
SHA512

d9f9c301a04705d16187333a4e336d1bfa3a10ea3acd7062bbd26bda8de721c7d64ad97e125bcbb010a7c378ea8e1627f603e3bbf5d3f0752b469231722160e4
SSDEEP

98304:NUhKCJRKdY/HOJMWrPvNXe74KpIREQuvcJZG1b4g0:SjKdjWWrPVGU3g

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-03-29_a7bbb40aef72cf06d1a8c5b0e66dbe48_amadey_smoke-loader

Files

2025-03-29_a7bbb40aef72cf06d1a8c5b0e66dbe48_amadey_smoke-loader
.exe windows:5 windows x86 arch:x86

2960d0d5556da3111d7597a88d34a9b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

reactordll

?reactor_LoadVfBox@@YAHPAD@Z
?reactor_GetParamLabel@@YA?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?reactor_ReInitGraph@@YAXXZ
?reactor_SetParam01@@YAXHN@Z
?reactor_GetParam01@@YANH@Z
?reactor_SetParams@@YAXHN@Z
?reactor_GetAllParams@@YAXHAAHAAN111@Z
?reactor_GetNumParams@@YAHXZ
?reactor_IsFinalImage@@YAHXZ
?reactor_SetMessages@@YAXIII@Z
?reactor_GrabCurrentNode@@YAXPAVCDC@@PAEHHIKHH@Z
?reactor_GetDrawFlow@@YAXPAEHH@Z
?reactor_GetDrawSize@@YAXAAH0@Z
?reactor_ProcessFullImageNoMT@@YAHPAEHHPAVCWnd@@@Z
?reactor_TestProcessNoMT@@YAHXZ
?reactor_GetOutputSize@@YAXAAH0@Z
?reactor_GetOutputBuffer@@YAHPAEHH@Z
?reactor_ProcessQuickImageNoMT@@YAHPAEHHPAVCWnd@@N@Z
?reactor_CleanMemory@@YAXXZ
?reactor_Initialize@@YAXXZ
?reactor_DeInitialize@@YAXXZ

kernel32

SetFileTime
GetFileSizeEx
GetFileTime
InterlockedExchange
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
VirtualProtect
GetTempFileNameA
GetDiskFreeSpaceA
InterlockedIncrement
GetModuleHandleW
LocalAlloc
GlobalHandle
LocalReAlloc
SystemTimeToFileTime
GetCPInfo
GetOEMCP
SetErrorMode
FindResourceExA
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
ExitThread
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetACP
IsValidCodePage
HeapCreate
VirtualFree
GetStdHandle
LCMapStringA
LCMapStringW
SetHandleCount
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
LocalFileTimeToFileTime
GetFileAttributesExA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
GetShortPathNameA
GetFullPathNameA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
GetThreadLocale
GetStringTypeExA
GetProfileIntA
MoveFileA
lstrcmpA
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetVersionExA
FormatMessageA
LocalFree
lstrlenW
ExitProcess
GlobalSize
GetFileSize
FlushFileBuffers
GetFileType
SetFilePointer
ReadFile
CreateEventA
ResumeThread
ResetEvent
SetEvent
TlsFree
GetLocalTime
TlsAlloc
QueryPerformanceCounter
GlobalReAlloc
OutputDebugStringA
IsBadWritePtr
TlsGetValue
TlsSetValue
HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc
lstrcpynA
MultiByteToWideChar
CreateDirectoryA
GetCurrentDirectoryA
GlobalAlloc
GetDriveTypeA
FreeLibrary
GetVolumeInformationA
GetFileAttributesA
GlobalFree
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
DeleteFileA
GlobalLock
GlobalUnlock
VerSetConditionMask
VerifyVersionInfoW
SetThreadPriority
CopyFileA
CreateMutexA
WaitForMultipleObjects
TerminateThread
CreateThread
InterlockedExchangeAdd
SetFileAttributesA
CreateFileA
WriteFile
lstrcatA
lstrlenA
WinExec
lstrcpyA
CloseHandle
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
GetTempPathA
FreeResource
MulDiv
lstrcmpiA
GetLastError
SetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetTickCount
Sleep
GlobalFlags
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CreatePopupMenu
BringWindowToTop
TranslateAcceleratorA
SetWindowContextHelpId
ShowOwnedPopups
GetAsyncKeyState
PostQuitMessage
DestroyMenu
GetMenuItemInfoA
GetKeyNameTextA
CharUpperA
CreateDialogIndirectParamA
GetWindowThreadProcessId
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
EndPaint
BeginPaint
GetWindowDC
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetMenu
GetScrollRange
MessageBoxA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
DeferWindowPos
CallWindowProcA
GetMenu
IsIconic
GetWindowPlacement
GetWindowTextLengthA
IsDialogMessageA
SetDlgItemTextA
InsertMenuItemA
SendDlgItemMessageA
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
GetMenuItemCount
DrawTextExW
SetWindowPos
MonitorFromWindow
GetMonitorInfoA
SetParent
EndDialog
SetFocus
GetWindowTextA
GetDlgItem
SetWindowTextA
DestroyIcon
GetIconInfo
CreateIconIndirect
LoadIconA
DrawFrameControl
DrawStateA
LoadBitmapA
MapVirtualKeyA
MapDialogRect
SetForegroundWindow
RemoveMenu
InsertMenuA
FillRect
ShowScrollBar
OpenClipboard
GetClipboardData
GetWindowRect
GetClientRect
RedrawWindow
EnableWindow
CloseClipboard
IsClipboardFormatAvailable
SendInput
PeekMessageA
MsgWaitForMultipleObjects
RegisterWindowMessageA
GetLastActivePopup
GetActiveWindow
RegisterClassExA
CreateWindowExA
DestroyWindow
SendNotifyMessageA
GetDC
ReleaseDC
GetDesktopWindow
LoadAcceleratorsA
ReuseDDElParam
UnpackDDElParam
IsZoomed
GetSysColorBrush
UnregisterClassA
DeleteMenu
CharNextA
CopyAcceleratorTableA
SetRect
ValidateRect
GetSystemMenu
RegisterClipboardFormatA
GetDCEx
LockWindowUpdate
PostThreadMessageA
IsWindow
InflateRect
InvalidateRect
SetTimer
KillTimer
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
IsRectEmpty
CopyRect
GetFocus
SendMessageA
PtInRect
PostMessageA
TranslateMDISysAccel
DrawMenuBar
DefFrameProcA
GetClipboardFormatNameA
GetMenuCheckMarkDimensions
GetKeyboardLayout
MapVirtualKeyExA
IsCharLowerA
SetWindowRgn
SetCursorPos
CloseWindow
HideCaret
ShowCaret
IsMenu
EmptyClipboard
GetMenuDefaultItem
SetWindowLongA
LoadImageA
DestroyCursor
SetCursor
LoadCursorA
GetCapture
GetMessageA
ScreenToClient
SetScrollRange
SetScrollPos
GetScrollPos
UpdateWindow
EqualRect
SetRectEmpty
GetDoubleClickTime
GetScrollInfo
UnionRect
MessageBeep
DefWindowProcA
IsWindowEnabled
GetClassNameA
GetTopWindow
GetDlgCtrlID
InvalidateRgn
GetWindow
TranslateMessage
DispatchMessageA
GetCursorPos
GetSystemMetrics
GetKeyState
GetSysColor
SystemParametersInfoA
EnumChildWindows
GetNextDlgGroupItem
ShowWindow
MoveWindow
GetWindowLongA
WindowFromPoint
GetNextDlgTabItem
IsWindowVisible
ClientToScreen
LoadMenuA
GetSubMenu
DrawFocusRect
SetClipboardData
IntersectRect
OffsetRect
DrawIconEx
CopyIcon
InvertRect
wsprintfA
DestroyAcceleratorTable
SetCapture
GetParent
ReleaseCapture
MessageBoxW
CharUpperBuffW

gdi32

CreateFontA
GetTextExtentPoint32A
GetObjectA
GetPixel
CombineRgn
CreateRectRgn
CreateRectRgnIndirect
SetDIBitsToDevice
Ellipse
GetCurrentObject
DeleteDC
StretchDIBits
CreatePatternBrush
CreateBitmap
Rectangle
PatBlt
GetDIBits
GdiFlush
GetDeviceCaps
Polyline
BeginPath
SelectClipRgn
SetTextColor
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
ScaleViewportExtEx
SetWindowOrgEx
ScaleWindowExtEx
ExtSelectClipRgn
GetTextMetricsA
GetBkColor
GetCharWidthA
SetBkColor
CreateSolidBrush
SetPixel
GetTextColor
CreateFontIndirectA
CreatePen
GetStockObject
CreateDIBSection
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
StretchBlt
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetStretchBltMode
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetROP2
RestoreDC
SaveDC
GetClipBox
CopyMetaFileA
PlayEnhMetaFile
GetEnhMetaFileA
GetMetaFileA
GetMetaFileBitsEx
DeleteMetaFile
GetWinMetaFileBits
GetEnhMetaFileHeader
CreateEnhMetaFileA
SetWindowExtEx
SetViewportExtEx
CloseEnhMetaFile
GetEnhMetaFileBits
DeleteEnhMetaFile
SetWinMetaFileBits
SetMapMode
GetSystemPaletteEntries
SelectPalette
SetBkMode
DPtoLP
GetRgnBox
CreatePolygonRgn
SetPixelV
CreateDIBitmap
RealizePalette
ExtCreatePen
EnumFontFamiliesExA
RoundRect
CreatePalette
CreateDCA
Polygon
GetTextCharsetInfo
SetDIBits
ExtFloodFill
SelectObject
GetMapMode
DeleteObject
StrokeAndFillPath
EndPath
CloseFigure
SetTextAlign

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
GetFileSecurityA
SetFileSecurityA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyA
RegSetValueA
RegQueryValueExA
RegCreateKeyExA
RegQueryValueA

shell32

SHGetFileInfoA
DragAcceptFiles
DragFinish
DragQueryFileA
SHGetPathFromIDListA
SHBrowseForFolderA
ExtractIconA
ShellExecuteA
SHChangeNotify
SHGetMalloc

comctl32

_TrackMouseEvent
PropertySheetA

shlwapi

PathIsUNCA
PathRemoveFileSpecW
PathFindExtensionA
PathStripToRootA
PathFindFileNameA

oledlg

ord1
ord8

ole32

OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromString
CoRegisterMessageFilter
CoInitializeEx
CoCreateInstance
CoUninitialize
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CLSIDFromProgID
StgCreateDocfileOnILockBytes
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop

oleaut32

SysAllocString
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
LoadTypeLi
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
OleLoadPicturePath

urlmon

ObtainUserAgentString

qhtm

ord1

wininet

HttpQueryInfoA
InternetConnectA
HttpSendRequestA
InternetSetOptionA
InternetOpenA
InternetReadFile
HttpOpenRequestA
InternetCloseHandle
InternetCrackUrlA

ws2_32

htonl
ntohs
ntohl
htons

winmm

PlaySoundA

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 636KB - Virtual size: 636KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.DAPSHAR
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 628KB - Virtual size: 628KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 415KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp3
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2960d0d5556da3111d7597a88d34a9b5

Headers

DLL Characteristics

File Characteristics

Imports

reactordll

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

qhtm

wininet

ws2_32

winmm

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 636KB - Virtual size: 636KB

.data Size: 72KB - Virtual size: 464KB

.DAPSHAR Size: 512B - Virtual size: 512B

.vmp1 Size: 628KB - Virtual size: 628KB

.vmp0 Size: 238KB - Virtual size: 238KB

.data Size: 14KB - Virtual size: 14KB

.vmp2 Size: 415KB - Virtual size: 415KB

.vmp3 Size: 63KB - Virtual size: 62KB

.reloc Size: 171KB - Virtual size: 171KB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 636KB - Virtual size: 636KB

.data
Size: 72KB - Virtual size: 464KB

.DAPSHAR
Size: 512B - Virtual size: 512B

.vmp1
Size: 628KB - Virtual size: 628KB

.vmp0
Size: 238KB - Virtual size: 238KB

.data
Size: 14KB - Virtual size: 14KB

.vmp2
Size: 415KB - Virtual size: 415KB

.vmp3
Size: 63KB - Virtual size: 62KB

.reloc
Size: 171KB - Virtual size: 171KB

.rsrc
Size: 18KB - Virtual size: 18KB