2025-04-12_06491c8b15b43f9626d894cec68bfc25_elex_rhadamanthys_smoke-loader

Sharing

Copy URL

Twitter E-mail

General

Target

2025-04-12_06491c8b15b43f9626d894cec68bfc25_elex_rhadamanthys_smoke-loader
Size

12.4MB
MD5

06491c8b15b43f9626d894cec68bfc25
SHA1

bf7b53490c306009ac01efec624aa9e59f43577e
SHA256

52409bf8fbc9f914bee8e6a15dc1b679e7810dfabe928e2827813613898c7224
SHA512

69be35f15e7adcf738263b4c30b48c23549306c4f327a9f0f2dc32d4a0b6433f517e6c5ee6b49318c235c2b77547e57b0b8234ca10b27c042353ac22287ee75d
SSDEEP

49152:0/hNzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz6:0pk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-04-12_06491c8b15b43f9626d894cec68bfc25_elex_rhadamanthys_smoke-loader

Files

2025-04-12_06491c8b15b43f9626d894cec68bfc25_elex_rhadamanthys_smoke-loader
.exe windows:5 windows x86 arch:x86

7ee3bc1278a9c2e989aedb78e4046d3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleTextAttribute
ConnectNamedPipe
GetPrivateProfileStringW
CreateIoCompletionPort
PurgeComm
EnumDateFormatsExA
GetSystemWindowsDirectoryA
GetCurrentProcess
GlobalAlloc
GetFullPathNameW
GetWriteWatch
GetProcAddress
HeapReAlloc
ReadConsoleA
lstrcpyA
GetThreadSelectorEntry
GetDefaultCommConfigW
GetEnvironmentVariableW
BuildCommDCBAndTimeoutsA
GetAtomNameW
FindNextVolumeW
ProcessIdToSessionId
GetLastError
GetTickCount
lstrlenA
ClearCommError
GetVolumeNameForVolumeMountPointW
LoadResource
LoadLibraryA
CompareStringA
FlushFileBuffers
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetStartupInfoW
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapAlloc
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
HeapSize
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CloseHandle

advapi32

IsValidSid
RegisterEventSourceW
InitializeAcl
RegQueryMultipleValuesA

msimg32

AlphaBlend

Exports

Exports

@dfkvodv@0

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.poh
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sesabed
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.juju
Size: 1024B - Virtual size: 855B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rohu
Size: 512B - Virtual size: 346B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.locab
Size: 512B - Virtual size: 343B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12.1MB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ee3bc1278a9c2e989aedb78e4046d3c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msimg32

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 68KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 6KB - Virtual size: 87KB

.poh Size: 10KB - Virtual size: 10KB

.tls Size: 512B - Virtual size: 9B

.sesabed Size: 1024B - Virtual size: 1024B

.juju Size: 1024B - Virtual size: 855B

.rohu Size: 512B - Virtual size: 346B

.locab Size: 512B - Virtual size: 343B

.rsrc Size: 98KB - Virtual size: 97KB

.reloc Size: 12.1MB - Virtual size: 7KB

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 6KB - Virtual size: 87KB

.poh
Size: 10KB - Virtual size: 10KB

.tls
Size: 512B - Virtual size: 9B

.sesabed
Size: 1024B - Virtual size: 1024B

.juju
Size: 1024B - Virtual size: 855B

.rohu
Size: 512B - Virtual size: 346B

.locab
Size: 512B - Virtual size: 343B

.rsrc
Size: 98KB - Virtual size: 97KB

.reloc
Size: 12.1MB - Virtual size: 7KB