2025-03-30_278c0ec8a3d550c377f588316b2daa9a_amadey_rhadamanthys_smoke-loader

Sharing

Copy URL

Twitter E-mail

General

Target

2025-03-30_278c0ec8a3d550c377f588316b2daa9a_amadey_rhadamanthys_smoke-loader
Size

225KB
MD5

278c0ec8a3d550c377f588316b2daa9a
SHA1

7f0f151ba3ed6b96b91e046ba6ecbe90cd5e9425
SHA256

2c66741a7454ed6f9bfb29a7ac2784b0ff745a9e98a81902d54ac958482933b8
SHA512

37949609cb666ad9aba3c58d9873a448806704ff35c42799a034ed33d40efaa742f9a94a9baf633d27133638b46068a18ab9ac80860e4fd226eb3029687f9efc
SSDEEP

6144:+A2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:+ATuTAnKGwUAW3ycQqgf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-03-30_278c0ec8a3d550c377f588316b2daa9a_amadey_rhadamanthys_smoke-loader

Files

2025-03-30_278c0ec8a3d550c377f588316b2daa9a_amadey_rhadamanthys_smoke-loader
.exe windows:5 windows x86 arch:x86

eb29527bc4a3140f4ce75eb5d2954101

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_UP_SYSTEM_ONLY

Imports

kernel32

lstrcpyA
CloseHandle
CreateFileW
FlushFileBuffers
LCMapStringW
GetStringTypeW
SetStdHandle
RtlUnwind
HeapFree
HeapQueryInformation
HeapSize
HeapReAlloc
LoadLibraryW
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
SetFilePointer
WriteFile
OpenEventW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
ExitProcess
GetModuleHandleW
GetProcAddress
InterlockedDecrement
InterlockedIncrement
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
IsBadReadPtr
HeapValidate
GetModuleFileNameW
EncodePointer
DecodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
FillConsoleOutputAttribute
FindFirstChangeNotificationA
GetModuleHandleA
GetSystemInfo
FindNextChangeNotification
LockResource
GetConsoleScreenBufferInfo
GetPrivateProfileStringA
GetLastError
FillConsoleOutputCharacterA
GetStdHandle
SetCurrentDirectoryA
lstrlenW
MultiByteToWideChar
SetConsoleCursorPosition
HeapCreate
CreateEventA
SizeofResource
ReadConsoleInputA
WideCharToMultiByte
FindResourceExA
FlushConsoleInputBuffer
HeapSetInformation
GetCommandLineA
FindCloseChangeNotification
WaitForSingleObject
GetCurrentProcess
HeapAlloc
LoadResource
lstrlenA
SetLastError
RaiseException

user32

GetWindow
MoveWindow
CheckMenuItem
EndPaint
DestroyWindow
EnumDisplayMonitors
GetSystemMenu
SetTimer
ScreenToClient
GetWindowRect
RegisterClassExA
PostQuitMessage
SendDlgItemMessageA
GetWindowDC
IsIconic
FillRect
KillTimer
GetSubMenu
DrawIconEx
LoadBitmapA
GetParent
LoadIconA
wsprintfA
DrawIcon
FindWindowExA
GetClientRect
ExitWindowsEx
SetFocus
SendMessageA
BeginPaint
GetIconInfo
GetDC
TranslateMessage
GetMenu
SetRect
SetWindowLongA
MessageBoxA
UnionRect
InvalidateRect
UnregisterClassA
CreateWindowExA
PeekMessageA
ReleaseDC
GetDlgItem
EndDialog
DefWindowProcA
GetDesktopWindow
GetSysColor
SetWindowPos
GetMenuItemInfoA
CheckDlgButton
ShowWindow
IsDlgButtonChecked
IsWindow
DispatchMessageA
MessageBoxW
SystemParametersInfoA
GetSystemMetrics
SetWindowTextA
LoadImageA
UpdateWindow
LoadCursorA
SetDlgItemTextA

gdi32

BitBlt
PatBlt
GetTextExtentPoint32A
DeleteDC
CreateDIBSection
CreateFontIndirectA
DeleteObject
SelectObject
CreateCompatibleDC
DPtoLP
CreateCompatibleBitmap
CreatePen
GetObjectA
GetStockObject
CreateSolidBrush

advapi32

RegCreateKeyA
LookupPrivilegeValueA
RegQueryValueExA
RegSetValueExA
OpenProcessToken
RegCloseKey
AdjustTokenPrivileges

shell32

SHGetFolderPathW
ord727
SHGetFileInfoW
SHGetMalloc
SHGetFolderLocation
SHGetFolderPathA
SHGetDesktopFolder

ole32

CoInitialize
CoUninitialize
CoCreateInstance

odbc32

ord41

shlwapi

StrRetToBufA
PathCompactPathA

comctl32

ImageList_Create
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Add

activeds

ord17

secur32

InitSecurityInterfaceA

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb29527bc4a3140f4ce75eb5d2954101

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

odbc32

shlwapi

comctl32

activeds

secur32

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 67KB - Virtual size: 66KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 20KB - Virtual size: 19KB