2025-03-29_dc327c59164dbdefe299df64868cd71a_amadey_smoke-loader

Sharing

Copy URL

Twitter E-mail

General

Target

2025-03-29_dc327c59164dbdefe299df64868cd71a_amadey_smoke-loader
Size

1.9MB
MD5

dc327c59164dbdefe299df64868cd71a
SHA1

5016093fb68bad4029528b27946d3d19ace979db
SHA256

815196f48cb3c971a8ac255edc13da5c05e254c7882e8a493e26628e7533fc1e
SHA512

5549279f2e648cc57a4d722d9f92d4290cc6b558af2866c1cc508d86c0740a6254f6d01eb9e9a4efd60b6446cab2533f463159b04ae448ccb04e788761c00878
SSDEEP

24576:ieXpNYNyBvGt7SJ5XqZeQ7o7/XakILfyZFOBz:1pNo7SJN0a7/XRIOX

Score

1^/10

Malware Config

Signatures

Files

2025-03-29_dc327c59164dbdefe299df64868cd71a_amadey_smoke-loader
.exe windows:5 windows x86 arch:x86

015974618e9105226f001019d35e62e5

Code Sign

fd:8c:46:8c:c1:b4:5c:9c:fb:41:cb:d8:c8:35:cc:9e
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/10/2020, 00:00

Not After

30/10/2021, 23:59

Subject

CN=Pivo ZLoun s.r.o.,O=Pivo ZLoun s.r.o.,POSTALCODE=440 01,STREET=Rybalkova 1267,L=Louny,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d5:fc:24:2c:19:0d:9d:eb:6e:1a:6a:48:49:43:55:19:19:36:24:18
Signer

Actual PE Digest

d5:fc:24:2c:19:0d:9d:eb:6e:1a:6a:48:49:43:55:19:19:36:24:18

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetLocaleInfoA
HeapSize
CreateFileW
RtlUnwind
HeapReAlloc
GetCommandLineA
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc

user32

DefWindowProcA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
BeginPaint
GetClientRect
DrawTextA
EndPaint
PostQuitMessage

gdi32

GetStockObject

winmm

PlaySoundA

Sections

.text
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

015974618e9105226f001019d35e62e5

Code Sign

fd:8c:46:8c:c1:b4:5c:9c:fb:41:cb:d8:c8:35:cc:9eCertificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

d5:fc:24:2c:19:0d:9d:eb:6e:1a:6a:48:49:43:55:19:19:36:24:18Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winmm

Sections

.text Size: 252KB - Virtual size: 252KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 6KB

fd:8c:46:8c:c1:b4:5c:9c:fb:41:cb:d8:c8:35:cc:9e
Certificate

01
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

d5:fc:24:2c:19:0d:9d:eb:6e:1a:6a:48:49:43:55:19:19:36:24:18
Signer

.text
Size: 252KB - Virtual size: 252KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 6KB