2025-04-13_606afb9356c8795f0705cccf3b51c37a_amadey_elex_redline-stealer_rhadamanthys_smoke-loader

Sharing

Copy URL

Twitter E-mail

General

Target

2025-04-13_606afb9356c8795f0705cccf3b51c37a_amadey_elex_redline-stealer_rhadamanthys_smoke-loader
Size

778KB
MD5

606afb9356c8795f0705cccf3b51c37a
SHA1

52bac27cbbae58bc1bad63623ff77b95fea70732
SHA256

00f1f15c5750b5ec016c7182487455583f3a286185ac5370ed4660fa4b033297
SHA512

54b5637a7e580a1069a8f6a425f889a8dc532e8fda0d42e008a8d29de0680865c098440a5349d7e6406c9ab58c0bf986af390bb44ea1e60a2acfdc87e3f934da
SSDEEP

24576:r6Oa1JYHc6wdzrwQQT+47C2YEOQYAk4bOMIm:OJJDhdz0QS+42B4bu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-04-13_606afb9356c8795f0705cccf3b51c37a_amadey_elex_redline-stealer_rhadamanthys_smoke-loader

Files

2025-04-13_606afb9356c8795f0705cccf3b51c37a_amadey_elex_redline-stealer_rhadamanthys_smoke-loader
.exe windows:5 windows x86 arch:x86

ac1e699372bda563124a1034777a0949

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\weyifagi\wotogixewa62\wifoy cohafohubig.pdb

Imports

kernel32

ReadConsoleA
GetComputerNameW
GetTimeFormatA
GetFileAttributesExA
GetTickCount
FindNextVolumeMountPointA
GetConsoleTitleA
ReadConsoleW
GetConsoleAliasExesW
CreateDirectoryExW
GlobalAlloc
GlobalFindAtomA
LoadLibraryW
GetLocaleInfoW
GetConsoleAliasW
FlushFileBuffers
GetLastError
SetLastError
GetProcAddress
InterlockedIncrement
SetStdHandle
GetTempFileNameA
LoadLibraryA
WriteConsoleA
SetConsoleCtrlHandler
GetNumberFormatW
RemoveDirectoryW
GetModuleHandleA
GetVersionExA
ReadConsoleInputW
AddConsoleAliasA
GetVolumeInformationW
CreateThread
CloseHandle
SetComputerNameExA
GetConsoleAliasExesLengthA
VirtualAlloc
CreateFileA
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
HeapFree
WideCharToMultiByte
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
VirtualFree
HeapReAlloc
HeapCreate
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
InterlockedDecrement
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
HeapSize
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

CharUpperBuffA
GetAltTabInfoA
LoadKeyboardLayoutA
GetMenu

gdi32

StretchDIBits

advapi32

RegSetValueA

Sections

.text
Size: 653KB - Virtual size: 653KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 22.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac1e699372bda563124a1034777a0949

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 653KB - Virtual size: 653KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 40KB - Virtual size: 22.0MB

.rsrc Size: 62KB - Virtual size: 61KB

.text
Size: 653KB - Virtual size: 653KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 40KB - Virtual size: 22.0MB

.rsrc
Size: 62KB - Virtual size: 61KB