2025-03-30_cd32fcd048496dbddade44d0243c8588_amadey_smoke-loader

Sharing

Copy URL

Twitter E-mail

General

Target

2025-03-30_cd32fcd048496dbddade44d0243c8588_amadey_smoke-loader
Size

1.6MB
MD5

cd32fcd048496dbddade44d0243c8588
SHA1

aaf6a684d695193dc07069ada81cda0fd31b6c80
SHA256

5edb339626b570260f0e62b5ff88fd73280ddced26270167f4911d13c962fe0f
SHA512

3cdcd7f7c378e431be6d129468dc9b2fff95d00308c011058c9fabedcdf38eac7ce439fce9631850346754e768c55fff259903c5fa9d9557cac01530875ee104
SSDEEP

49152:uW7veOclMOtZvQUPcQu7342GtULup/oFUlT7B:1dclMOtBd4zGtEa17B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-03-30_cd32fcd048496dbddade44d0243c8588_amadey_smoke-loader

Files

2025-03-30_cd32fcd048496dbddade44d0243c8588_amadey_smoke-loader
.exe windows:4 windows x86 arch:x86

b05b2c3146461f8a118b2e2df5959e93

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\svn\PCProject\ShuRuFa\程序\Branch\Develop\build\smartcloud\SCWordSvcHost.pdb

Imports

kernel32

ExpandEnvironmentStringsW
FileTimeToSystemTime
GetCurrentThreadId
GetCurrentProcess
GlobalAlloc
CreateToolhelp32Snapshot
Process32FirstW
GlobalFree
Process32NextW
CreateDirectoryW
InterlockedDecrement
MultiByteToWideChar
DeleteFileW
WideCharToMultiByte
FindFirstFileW
FindNextFileW
FindClose
GetTickCount
lstrcmpiW
FormatMessageW
DeviceIoControl
SetPriorityClass
OutputDebugStringA
CreateFileA
CreateMutexW
ReleaseMutex
lstrcpyW
GetLongPathNameW
LoadLibraryExW
GetSystemDirectoryW
lstrlenW
CreateThread
MoveFileW
HeapAlloc
GetProcessHeap
HeapFree
VirtualAlloc
VirtualFree
VirtualProtect
IsBadReadPtr
LoadLibraryA
SetConsoleMode
ReadConsoleInputA
GetFileInformationByHandle
ExitThread
CreateFileW
WaitForSingleObject
ReadFile
GetLastError
WriteFile
GetFileSize
GetTempPathW
FlushConsoleInputBuffer
GlobalMemoryStatus
GetVersion
WaitForMultipleObjects
PeekNamedPipe
GetSystemDirectoryA
SleepEx
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetFullPathNameA
GetDriveTypeA
GetVolumeInformationW
GetVersionExW
CloseHandle
GetCurrentProcessId
OpenProcess
GetModuleHandleW
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
LoadLibraryW
FreeLibrary
Sleep
GetModuleFileNameW
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetCurrentDirectoryA
GetLocaleInfoW
SetConsoleCtrlHandler
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
HeapCreate
HeapDestroy
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
InterlockedIncrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FindFirstFileA
HeapReAlloc
GetVersionExA
GetStartupInfoW
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
GetStdHandle
GetModuleFileNameA
GetACP

user32

GetDesktopWindow
wsprintfW
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
UnregisterClassA

advapi32

RevertToSelf
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyW
RegEnumKeyW
DuplicateTokenEx
OpenProcessToken
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
ImpersonateLoggedOnUser

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree

shlwapi

PathFileExistsW

urlmon

URLDownloadToFileW

iphlpapi

GetAdaptersInfo

netapi32

NetApiBufferFree
NetWkstaGetInfo

ws2_32

getservbyname
WSACleanup
WSAStartup
WSAGetLastError
closesocket
socket
recv
send
getsockname
ntohs
bind
htons
getsockopt
getpeername
setsockopt
connect
WSASetLastError
inet_addr
gethostbyname
inet_ntoa
htonl
shutdown
gethostbyaddr
getservbyport
sendto
recvfrom
accept
listen
__WSAFDIsSet
select
ioctlsocket
gethostname

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 44KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b05b2c3146461f8a118b2e2df5959e93

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

urlmon

iphlpapi

netapi32

ws2_32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 296KB - Virtual size: 295KB

.data Size: 44KB - Virtual size: 75KB

.rsrc Size: 116KB - Virtual size: 116KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 296KB - Virtual size: 295KB

.data
Size: 44KB - Virtual size: 75KB

.rsrc
Size: 116KB - Virtual size: 116KB