2025-04-04_98b2b6f0c65018f9b976770ec8915e32_rhadamanthys_smoke-loader

Sharing

Copy URL

Twitter E-mail

General

Target

2025-04-04_98b2b6f0c65018f9b976770ec8915e32_rhadamanthys_smoke-loader
Size

14.1MB
MD5

98b2b6f0c65018f9b976770ec8915e32
SHA1

a4227f3f5c8be4b94aa7d512ce2edb5fcfe47734
SHA256

a13f75159c1e37cf5e00abb4326dce505956530cb6100e4698c595bff3eb77de
SHA512

49a26282dcbd16bb25bd55f3f6e9208dae01ce198885f7fb689ca1a36b5c030d0508852653de3a39f53cb00f52c502cc10a4de82cd999138dd37761702f883b5
SSDEEP

6144:COFZnjC+veRxHUa6E8PcGQ1GNTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTG:DfnjH6m99ZaGQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-04-04_98b2b6f0c65018f9b976770ec8915e32_rhadamanthys_smoke-loader

Files

2025-04-04_98b2b6f0c65018f9b976770ec8915e32_rhadamanthys_smoke-loader
.exe windows:5 windows x86 arch:x86

6d688d9cc0f6602b42d54dce0edb5c52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

_llseek
lstrcpynA
GetConsoleAliasExesLengthA
DeleteVolumeMountPointA
InterlockedIncrement
InterlockedDecrement
GetNamedPipeHandleStateA
GetUserDefaultLCID
OpenSemaphoreA
BackupSeek
_lclose
GetModuleHandleW
GetConsoleAliasesLengthA
GetNumberFormatA
ReadConsoleW
GetWindowsDirectoryA
WaitNamedPipeW
GetUserDefaultLangID
GetCommandLineA
GetVolumePathNameW
GlobalAlloc
GetPrivateProfileIntA
SetFileShortNameW
LoadLibraryW
FatalAppExitW
GetVersionExW
SetConsoleCursorPosition
GetCompressedFileSizeA
GetOverlappedResult
lstrlenW
GetShortPathNameA
GetPrivateProfileIntW
GetLastError
AllocConsole
GetProcAddress
HeapSize
MoveFileW
RemoveDirectoryA
EnterCriticalSection
OpenWaitableTimerA
LocalAlloc
GetFileType
BuildCommDCBAndTimeoutsW
FindFirstVolumeMountPointW
GetProfileStringA
AddAtomA
FoldStringA
FindNextFileA
EnumDateFormatsA
_lread
GetModuleHandleA
FreeEnvironmentStringsW
GetStringTypeW
GetCurrentDirectoryA
PeekConsoleInputA
SetCalendarInfoA
ReadConsoleInputW
FindFirstVolumeW
GetVolumeNameForVolumeMountPointW
GetConsoleProcessList
ReadConsoleOutputCharacterW
EnumSystemLocalesW
DeleteFileA
lstrcpyA
CloseHandle
CreateFileW
WriteConsoleW
GetConsoleAliasExesA
GetFileSize
SetInformationJobObject
SetLastError
GetPrivateProfileSectionNamesW
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
WideCharToMultiByte
HeapFree
HeapAlloc
ExitProcess
MultiByteToWideChar
HeapReAlloc
HeapSetInformation
GetStartupInfoW
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
RaiseException
GetModuleFileNameA
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringW
SetStdHandle
FlushFileBuffers

user32

CharUpperW
CharUpperBuffW

gdi32

GetCharWidthA
GetCharWidthFloatW

advapi32

ReadEventLogA

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 39.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13.9MB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d688d9cc0f6602b42d54dce0edb5c52

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 148KB - Virtual size: 147KB

.data Size: 76KB - Virtual size: 39.1MB

.rsrc Size: 13.9MB - Virtual size: 22KB

.text
Size: 148KB - Virtual size: 147KB

.data
Size: 76KB - Virtual size: 39.1MB

.rsrc
Size: 13.9MB - Virtual size: 22KB