2025-04-04_81cf393b6f480b6f1f00e45732ca7ff9_rhadamanthys_smoke-loader

Sharing

Copy URL

Twitter E-mail

General

Target

2025-04-04_81cf393b6f480b6f1f00e45732ca7ff9_rhadamanthys_smoke-loader
Size

14.2MB
MD5

81cf393b6f480b6f1f00e45732ca7ff9
SHA1

694f9ca1d900052e7d8d208ffac9ac80acc7d059
SHA256

d32943d823d5b663c04d38b3a0ac781b99a71891e36f7c2ca53b898f1b48356f
SHA512

17cda04215e6a454634d38c60e79017948e5d9650fe7f3ebc8121ab3d5058b7c09b6f57b850e2c6ddd7583b62505c443d37a9e6af60551c996b44f3e849992b1
SSDEEP

49152:vSni2SzWzWzWzWzWzWzWzWzWzWzWzWzWzWzWzWzWzWzWzWzWzWzWzWzWzWzWzWz9:ANO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-04-04_81cf393b6f480b6f1f00e45732ca7ff9_rhadamanthys_smoke-loader

Files

2025-04-04_81cf393b6f480b6f1f00e45732ca7ff9_rhadamanthys_smoke-loader
.exe windows:5 windows x86 arch:x86

3393cad88fb0dc4ad8b02d8635bf48ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasExesLengthA
GetLogicalDriveStringsW
SetDefaultCommConfigW
GetEnvironmentStringsW
InterlockedCompareExchange
GetModuleHandleW
GetTickCount
GetConsoleAliasesA
GlobalAlloc
LoadLibraryW
GetLocaleInfoW
GetSystemWindowsDirectoryA
GetStringTypeExW
GetTimeFormatW
GetConsoleAliasW
MulDiv
WriteConsoleW
GetConsoleFontSize
GetVolumePathNameA
GetStartupInfoW
DisconnectNamedPipe
MoveFileExA
GetProcAddress
SetFileAttributesA
UnhandledExceptionFilter
InterlockedExchangeAdd
OpenWaitableTimerW
MoveFileA
GetProfileStringA
SetThreadIdealProcessor
GlobalHandle
FindAtomA
GetModuleFileNameA
GetProcessAffinityMask
BuildCommDCBA
GetShortPathNameW
OpenFileMappingA
GlobalReAlloc
CreateFileA
GetStdHandle
WriteConsoleOutputCharacterW
SetStdHandle
GetConsoleOutputCP
MultiByteToWideChar
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetLastError
Sleep
HeapSize
ExitProcess
EnterCriticalSection
LeaveCriticalSection
WriteFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
WriteConsoleA

user32

GetClassLongW
GetMonitorInfoA

gdi32

GetBoundsRect

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14.1MB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3393cad88fb0dc4ad8b02d8635bf48ac

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 119KB - Virtual size: 119KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 18KB - Virtual size: 3.9MB

.rsrc Size: 14.1MB - Virtual size: 90KB

.text
Size: 119KB - Virtual size: 119KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 18KB - Virtual size: 3.9MB

.rsrc
Size: 14.1MB - Virtual size: 90KB