2025-04-04_c3eac2a507042637fe1995a67079f787_amadey_rhadamanthys_smoke-loader

Sharing

Copy URL

Twitter E-mail

General

Target

2025-04-04_c3eac2a507042637fe1995a67079f787_amadey_rhadamanthys_smoke-loader
Size

812KB
MD5

c3eac2a507042637fe1995a67079f787
SHA1

a221cb9483950632405b65a55bd831b6ba1ccd60
SHA256

8bef244d820d964c52433558f61de7b2f9b80d842273a1f7679aae88bcc90ebf
SHA512

d6d80a969b3f126bb45815df62b91ad0d56b2352d4040f88f8e5d43aaaa6ea27d983afdbab358063eb0b6eb706fbaf46d00acfc09dcd76a9581637e1fdc33c8b
SSDEEP

12288:SFkrSCa3l21ex6JRoZvxLh84NnFd6ANwyH54oGRZcNADyu6Dkkq:SFkqBkJRoZlKAF7Nwjc0sk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-04-04_c3eac2a507042637fe1995a67079f787_amadey_rhadamanthys_smoke-loader

Files

2025-04-04_c3eac2a507042637fe1995a67079f787_amadey_rhadamanthys_smoke-loader
.exe windows:5 windows x86 arch:x86

9bb258726c7b0b1d19c137786da8f3f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

CreatePropertySheetPageW

setupapi

SetupGetSourceInfoA

user32

GetDlgItemTextA
DrawCaption

gdi32

GetEnhMetaFileW

advapi32

GetLengthSid

esent

JetMove

kernel32

VirtualQuery
GetCurrencyFormatA
GetNumaHighestNodeNumber
GetModuleFileNameW
GetLastError
GetSystemInfo
VirtualProtect
GetCommandLineA
GetVersionExA
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThreadId
HeapDestroy
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
LoadLibraryExA
InitializeCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
Sleep
VirtualAlloc
HeapReAlloc
RtlUnwind
UnhandledExceptionFilter
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
TerminateProcess
GetCurrentProcess

pdh

PdhEnumObjectsW

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 152KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CRT
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hk8VH9
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9bb258726c7b0b1d19c137786da8f3f2

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

setupapi

user32

gdi32

advapi32

esent

kernel32

pdh

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 168KB - Virtual size: 164KB

.data Size: 152KB - Virtual size: 160KB

CRT Size: 244KB - Virtual size: 243KB

hk8VH9 Size: 176KB - Virtual size: 173KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 168KB - Virtual size: 164KB

.data
Size: 152KB - Virtual size: 160KB

CRT
Size: 244KB - Virtual size: 243KB

hk8VH9
Size: 176KB - Virtual size: 173KB

.rsrc
Size: 24KB - Virtual size: 23KB