c:\This\Time\Path\held\Spring\cotton\areaScience.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2025-07-02_d1d467f957fb112f8d7b919f352179a4_amadey_elex_gcleaner_rhadamanthys_smoke-loader_stop.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
2025-07-02_d1d467f957fb112f8d7b919f352179a4_amadey_elex_gcleaner_rhadamanthys_smoke-loader_stop.exe
Resource
win11-20250610-en
General
-
Target
2025-07-02_d1d467f957fb112f8d7b919f352179a4_amadey_elex_gcleaner_rhadamanthys_smoke-loader_stop
-
Size
368KB
-
MD5
d1d467f957fb112f8d7b919f352179a4
-
SHA1
140920c0c65867d96d462630488601776ae18260
-
SHA256
66eecf0cc3f1f10afdb8b2aae855a0bfba0f47dfa1c354d61609614677539270
-
SHA512
f804f23fdb381df9c5ae6dc1f32137f71cdca0bbbb2fc4aec2ce88b933711b738b5612c229af26261abf9b1c2ff93365cf78354aadea1874169655bc702a5df0
-
SSDEEP
6144:sPxbrqwifQDmSAmTTIJ9YY10Abb/Sr2Txj72zltNla40Oq:sZ3HprNTTA1dbDRXQQ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2025-07-02_d1d467f957fb112f8d7b919f352179a4_amadey_elex_gcleaner_rhadamanthys_smoke-loader_stop
Files
-
2025-07-02_d1d467f957fb112f8d7b919f352179a4_amadey_elex_gcleaner_rhadamanthys_smoke-loader_stop.exe windows:4 windows x86 arch:x86
4ffe46f29ef6ead66662a5a3d383b797
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ws2_32
connect
WSAStartup
WSACleanup
bind
socket
closesocket
gethostbyaddr
accept
kernel32
GetCommandLineW
GetDateFormatW
LoadResource
GetCurrentProcess
QueryPerformanceCounter
SetEvent
GetModuleHandleW
GetSystemTimeAsFileTime
OpenProcess
LoadLibraryW
Sleep
SetSystemTimeAdjustment
GetVersionExW
CreateFileW
GetLocalTime
GetSystemTime
GetVolumeInformationW
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
HeapSize
LoadLibraryA
InitializeCriticalSection
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
Sections
.text Size: 216KB - Virtual size: 213KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 128KB - Virtual size: 125KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE