pandastealer | 2025-04-12_71510b548db17740339c15b6d9cac3a1_amadey_elex_smoke-loader | Triage

Sharing

General

Target

2025-04-12_71510b548db17740339c15b6d9cac3a1_amadey_elex_smoke-loader
Size

4.9MB
MD5

71510b548db17740339c15b6d9cac3a1
SHA1

4d6b2e39907b93caf01dd4951f4f69dab2dc10dc
SHA256

def94a75a253c5fbddef0423a59f8d8fd973e1808ceb24480fe7ba809f2ad0a3
SHA512

dfee37090271aba94af14c71fbf9a16aa8f6389c6a41bbeb0644eb65d5258ac46b8c432f1175fb198c91db22e37e756394a30af30c7c3091894e39c68dcbf813
SSDEEP

49152:pjLuSh3i+FtvkMzT+3HfOGlk2Ph0fhMSTuy3gwxA2IICVfUcqa7mJgxKfft:BLu13/Jk2Ph05uy3Gq

Score

10^/10

pandastealer

Malware Config

Signatures

Panda Stealer payload 1 IoCs

resource	yara_rule
sample	family_pandastealer

Pandastealer family
pandastealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-04-12_71510b548db17740339c15b6d9cac3a1_amadey_elex_smoke-loader

Files

2025-04-12_71510b548db17740339c15b6d9cac3a1_amadey_elex_smoke-loader
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\sd\Documents\SharpDevelop Projects\VirusMSILNominatusStorm\VirusMSILNominatusStorm\obj\Debug\VirusMSILNominatusStorm.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ