2025-03-30_5dd28166fc5dac61d79f2240608b7cd5_rhadamanthys_smoke-loader

Sharing

Copy URL

Twitter E-mail

General

Target

2025-03-30_5dd28166fc5dac61d79f2240608b7cd5_rhadamanthys_smoke-loader
Size

12.4MB
MD5

5dd28166fc5dac61d79f2240608b7cd5
SHA1

b11feac319f8dacbddd8cdcd241d4f4431c167db
SHA256

0e922b25dd21ab718e6c5ed21c1b8ca0ca0a2030b4a9be1e7665b7cfc64cac23
SHA512

cc02d00ad6a8da7eb5a50f5c110651b46b470f291cef707b743b550decebc10adb6446a6c386807fc1a51d14931f7db9459ad9b77ed3b2ba2a6553b6d486a08e
SSDEEP

49152:V/hNzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzD:VpZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-03-30_5dd28166fc5dac61d79f2240608b7cd5_rhadamanthys_smoke-loader

Files

2025-03-30_5dd28166fc5dac61d79f2240608b7cd5_rhadamanthys_smoke-loader
.exe windows:5 windows x86 arch:x86

7ee3bc1278a9c2e989aedb78e4046d3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleTextAttribute
ConnectNamedPipe
GetPrivateProfileStringW
CreateIoCompletionPort
PurgeComm
EnumDateFormatsExA
GetSystemWindowsDirectoryA
GetCurrentProcess
GlobalAlloc
GetFullPathNameW
GetWriteWatch
GetProcAddress
HeapReAlloc
ReadConsoleA
lstrcpyA
GetThreadSelectorEntry
GetDefaultCommConfigW
GetEnvironmentVariableW
BuildCommDCBAndTimeoutsA
GetAtomNameW
FindNextVolumeW
ProcessIdToSessionId
GetLastError
GetTickCount
lstrlenA
ClearCommError
GetVolumeNameForVolumeMountPointW
LoadResource
LoadLibraryA
CompareStringA
FlushFileBuffers
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetStartupInfoW
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapAlloc
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
HeapSize
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CloseHandle

advapi32

IsValidSid
RegisterEventSourceW
InitializeAcl
RegQueryMultipleValuesA

msimg32

AlphaBlend

Exports

Exports

@dfkvodv@0

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.poh
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sesabed
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.juju
Size: 1024B - Virtual size: 855B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rohu
Size: 512B - Virtual size: 346B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.locab
Size: 512B - Virtual size: 343B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12.1MB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ee3bc1278a9c2e989aedb78e4046d3c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msimg32

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 68KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 6KB - Virtual size: 87KB

.poh Size: 10KB - Virtual size: 10KB

.tls Size: 512B - Virtual size: 9B

.sesabed Size: 1024B - Virtual size: 1024B

.juju Size: 1024B - Virtual size: 855B

.rohu Size: 512B - Virtual size: 346B

.locab Size: 512B - Virtual size: 343B

.rsrc Size: 98KB - Virtual size: 97KB

.reloc Size: 12.1MB - Virtual size: 7KB

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 6KB - Virtual size: 87KB

.poh
Size: 10KB - Virtual size: 10KB

.tls
Size: 512B - Virtual size: 9B

.sesabed
Size: 1024B - Virtual size: 1024B

.juju
Size: 1024B - Virtual size: 855B

.rohu
Size: 512B - Virtual size: 346B

.locab
Size: 512B - Virtual size: 343B

.rsrc
Size: 98KB - Virtual size: 97KB

.reloc
Size: 12.1MB - Virtual size: 7KB