�C��t�mJ��"���[�_����i�)͂�u�0�A�^��W������qv��nA/�02_��YT����&�c�}�}��Vv�u���@bԧ[�;�C�+��:����u��ǔ��e��rB#�� ��pBɞq��l���3*�X,�[�A��u6�\?����6U�M oܥ��-k,��t�����hʆVN�W�2����M�51��W�& ���++b���15� � ���HW�oFڒ ���C�ܟZl4�"�1vm�g�u�d�8��,�����p�B��!��a]=��E�8ic�:�GE5[ҔuN9�Vxx���?{a��9����������+2~~m��4=9��䨐F~)Ec�䮃�|�+Z�!'̴���;\?��GqS��,Ơ�,�Wڱ�_�����b'��M?�a:@��oT�v��!�+^C�t_�g�ջ���eCd� ��E�(�!=��e�e$�ooʖsi���Ϊ6"@�_9 ��@ʲ#��{ۭ8�O��4dbiG�l������\�|�:~�X�Sg�yfb@�3x�Ch��$�h1�m��v��yw�{�I2��؞Y���g�J�����s駚FK�k-9�]8z�/���%Jzm��:�������[�Q�q��¹�X��}��A�d� L?ZF��X��� �T�$Q ��g��\m)�h�����^K� l.��DA� ��4KY�=ؔ}S�5�E���_��Bq�!\����4(^1�h�m{�ڂTSGͳ*^�� �b)��j��*��\���w�rB�Lx��8�ا;��Ḛ��Xl�����1m(_2�g���(��oD=,C�5)�b��8��a��%��}F�%�z�Jw�&1)�#B��F1ǖ��l��G�L4�n&`7f(r��I8�[䥭ѡs�Á�� ��'�.29��¸<���]0ևE���E��*�w���T0�C�������D����#�ޤ�Xc�݈WE�Xc)EN��l�`� X9h���U.K�z�O�H#�w��"�$&� \�Y���*�%_!$>���q\�+��U�*�-�M�А32�Ur&Uk��6�l��^��ܝ�M\��*��0��+`���X�uq4}�T�x�ޣ�����y�^�6�ǻ|���t��ŵ�� ms^F���p��"�r~^�Q�O�3 �9%�ѻ�y���f2h�� ��zƤ�����`w@��¸��s���L����z�>��U�S7��-���P�0UEإŝ�JT���B��f)F�4�nI��q��&tLCN�@?m�*]�fOu�B�GR�_�J��$�8�#�x�` �a���B�T:w�@�sD\3(���s2ک=1yV�|FUk�l^ �+��(��+�Ԡ�m������Ɛ�A2�%kڔZ(I�>��1}�u��O<����Z!�oyͶŒu����f0Al�U�˓I�b+�PjH@'�������q;�Y%��ϯ-4�Z��Ϟ O�c�55����X��"*3B�����A����r��o��[��a�H�r����AP�[�|�δ2�H�G����~�S_;��f1��w�����,���7:��,c���q�N�9/�"$,���7㓺K�y�z���\��`Z6����Vp+JpR�s/et�k���3WBDWjS�9\�I��+�@:�88?=AC�vTR8n9o9�Yb���v�tߓzKܖwo��_��(�����X.��A���`��-�c�AE�x��ǫ����u�,E��n��2�m�bS���ܑ=����q*�M�>�=� =���4O�Cos`1���K��髅 H���TWAz���2�G �B�x|�;���;B(ț��H�C����P��r�&�ubċ������/ղ_����˔�Gk"��!D���!,�Q�������7|�D��H5��3�ݼ��Lĝ��G�m�� Zf�D��6��nG�H���8!�Q��ʝ�_��3���-��ID$x9�[��O��)�������;�������dZ��&��w�-2"��[,����4פir}(K�p���7��79�(���UJ2�ϕW�Y��[V��7�z�����==��7!y2y������E=VП���J�����p;�˘�q+t����4 o��K?M~H�n �x��l�95�5��c�}�?�0������L�`��~W�3�d��Q�llЉ8D�c��_* ���a[[%�D�3^��Q+�N�|8�����翷OV�9@����"jm��GA��)�B[^����f�M3�Aݳ�;}I��4q��ū�̿���g����^w�U;~ӽ�p���W�{%��9 ���Sb��"F�/�nj�`3�����p#�W���hv�4L��> :��N�m~������4��v�+X�,���>Fv�qK��6�c�YnKL��#�nEs���s�0K4�S�{h�%���U��c;mmh9�p�_�eO������!9O=se�9$G]UP���������0\p��tn�˿��T\g�5t��8����۞�c��t��{[�ٓd���ߥ�v]�=�˅��]���܋n)ɟ��=��-��y{D�?t��1���E� ���} �E���V_�".ni?�����}x�Q;^�ɔ��*VZ���?;O�Rxy�Li�~���Àv��z{�W����1���8�y����P�Y܆MM��Ù��ﶫ����&T��a���9c�F sq�s���X]6�7j��l!Cn -4��̋�$���䧿5� t�.A�"�G� ���0D� ";�|�tલ�g&�N�9Gw�T����@��_*g��O�]���Xt^<��t��Z�r�0��J�SX�������'Ȗ��!۟0�M�"E�ٸ�.�`սs�i�`�P��~X9����r>���B���3�K!�'P}O\��'��>5�?r�3����ʜ�cզbk��6�,�� ��1��3`��&<��Z�������\��.}�#{%�*�l4p!>��9ޜ+t�mė�#������_��$H�:h�ڌ���`��4,j<�l�3��=/$��R� ='|������5�f��Fgz���bF}�!pDz�/u۱�
Static task
static1
Behavioral task
behavioral1
Sample
2025-07-03_86395a666e3902f585b2803038ac91b1_amadey_elex_smoke-loader_stop.exe
Resource
win10v2004-20250610-en
General
-
Target
2025-07-03_86395a666e3902f585b2803038ac91b1_amadey_elex_smoke-loader_stop
-
Size
10.0MB
-
MD5
86395a666e3902f585b2803038ac91b1
-
SHA1
32d52779b066726ab110b055732c0a3b1eb97583
-
SHA256
cb5a1efea7f704b7e5ded2304bd279f577c2f1b8a1a2e6c774281c8953d8a5d3
-
SHA512
d444d5241105d3b8898f6fddca97ebd8d9d4a63a6c76fe5a928ddd8ca58bb79531b02d40994d1945d53dd1f3d244fe1bd4bcff04a6027db52f5d6de2febf5656
-
SSDEEP
196608:XZGmu+sR2/LGPLCXOKODxH5qFlXS47dV2MANpvrjVbEKGWT:XZGn+sREJLODBWlX3d+NpvdHT
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2025-07-03_86395a666e3902f585b2803038ac91b1_amadey_elex_smoke-loader_stop
Files
-
2025-07-03_86395a666e3902f585b2803038ac91b1_amadey_elex_smoke-loader_stop.exe windows:5 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Exports
Exports
Sections
.text Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 264KB - Virtual size: 262KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 80KB - Virtual size: 227KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
oiNRhy0 Size: 6.6MB - Virtual size: 6.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
oiNRhy1 Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 180KB - Virtual size: 178KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ