2025-03-30_ee12a4ff337df96e36254ddef7306765_amadey_karagany_mafia_rhadamanthys_smoke-loader

Sharing

Copy URL

Twitter E-mail

General

Target

2025-03-30_ee12a4ff337df96e36254ddef7306765_amadey_karagany_mafia_rhadamanthys_smoke-loader
Size

11.1MB
MD5

ee12a4ff337df96e36254ddef7306765
SHA1

5be86f4762736106a2762e8901b0352a31ca3033
SHA256

3a26167f9e1aa82428260ee8aed579e5e484d5b2265e3a841be71cdd958de1b4
SHA512

7d7361ccb8ebab742fa6f1921242c8b8d1f2328c3dd57b4bdc507b523314999d5a2e94dc0f30b2992fbcea35fe9ee6f1f6a58bb638794763ea9b73c4d1d38e29
SSDEEP

24576:JXzqpE5DpEMMMMMMMb4zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzh:JXPVpEMMMMMMMbQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-03-30_ee12a4ff337df96e36254ddef7306765_amadey_karagany_mafia_rhadamanthys_smoke-loader

Files

2025-03-30_ee12a4ff337df96e36254ddef7306765_amadey_karagany_mafia_rhadamanthys_smoke-loader
.exe windows:5 windows x86 arch:x86

6077a8679408fb1e7e9192953a5eb2e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DnsHostnameToComputerNameW
GetProcAddress
LoadLibraryA
GetCommState
GetTempPathW
GetWindowsDirectoryW
VirtualProtect
LocalAlloc
EnumSystemCodePagesW
FindFirstFileExA
ReadConsoleW
GetSystemTimeAdjustment
GetCurrentThreadId
EndUpdateResourceW
BackupSeek
SetLocaleInfoA
FindFirstFileW
IsValidCodePage
GetTickCount
GetDiskFreeSpaceW
SetTapePosition
lstrlenW
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapReAlloc
HeapAlloc
GetStringTypeW
SetCalendarInfoW
SetThreadAffinityMask
GetCPInfo
GetVolumePathNamesForVolumeNameW
SetErrorMode
GetPrivateProfileSectionNamesW
GetSystemDefaultLCID
SetCommMask
GetProfileSectionW
HeapSize
GetVersionExA
LocalFree
SetEvent
MultiByteToWideChar
LCMapStringW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
GetCurrentThread
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
GetACP
GetOEMCP
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
HeapFree
Sleep
RtlUnwind
WideCharToMultiByte
IsValidLocale

user32

NotifyWinEvent
SetSysColors
GetCaretPos
OemToCharW
RealChildWindowFromPoint

advapi32

ObjectCloseAuditAlarmA
ObjectPrivilegeAuditAlarmW
EnumServicesStatusW
AccessCheckByTypeResultListAndAuditAlarmW
CreateProcessAsUserA
ReportEventA
RegEnumKeyExW
ReadEventLogW
GetSecurityDescriptorControl
RegOpenKeyW
AddAccessDeniedAce
LockServiceDatabase

msimg32

TransparentBlt

Exports

Exports

@Bevuzi@8
@Dotogo@12
@Tedona@8
@Yucutu@4
@Zocobo@12

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10.9MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6077a8679408fb1e7e9192953a5eb2e5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msimg32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 122KB - Virtual size: 122KB

.data Size: 7KB - Virtual size: 214KB

.idata Size: 5KB - Virtual size: 8KB

.rsrc Size: 30KB - Virtual size: 29KB

.reloc Size: 10.9MB - Virtual size: 5KB

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 122KB - Virtual size: 122KB

.data
Size: 7KB - Virtual size: 214KB

.idata
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 30KB - Virtual size: 29KB

.reloc
Size: 10.9MB - Virtual size: 5KB