Static task
static1
Behavioral task
behavioral1
Sample
2025-07-04_193dadf85b1787e68da6499170e2c9b0_amadey_elex_gcleaner_rhadamanthys_smoke-loader.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
2025-07-04_193dadf85b1787e68da6499170e2c9b0_amadey_elex_gcleaner_rhadamanthys_smoke-loader.exe
Resource
win11-20250610-en
General
-
Target
2025-07-04_193dadf85b1787e68da6499170e2c9b0_amadey_elex_gcleaner_rhadamanthys_smoke-loader
-
Size
1.5MB
-
MD5
193dadf85b1787e68da6499170e2c9b0
-
SHA1
452d0e3ddee732fd95a540200f57612e53cda2e7
-
SHA256
2d6b7dca455f7a75e073d55663935933db803f60f636bb7ee8ed00107cbc8bdd
-
SHA512
5da5d841c9de7ef1c6d0b7f82f2b6bba9b3a4ab2a91e37b184c3238edf03099d2af07c7afb979fecc9ad296640d9ac65147b3d01889971fb18f8b383d7fc15e2
-
SSDEEP
24576:ht376Z3IbKp4bptWNxw4uP3ULJw9N9NI9jp4M5TYEpB2uwtNrHwF4X7Hl7aGCR4f:hF76Zba0qEu1QVd57FwDDwq7lWGPT9zt
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2025-07-04_193dadf85b1787e68da6499170e2c9b0_amadey_elex_gcleaner_rhadamanthys_smoke-loader
Files
-
2025-07-04_193dadf85b1787e68da6499170e2c9b0_amadey_elex_gcleaner_rhadamanthys_smoke-loader.exe windows:5 windows x86 arch:x86
b69c2bc82a9f0590c69411a07af9f395
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetLastError
CloseHandle
CreateFileA
GetFileSize
MapViewOfFile
UnmapViewOfFile
GetTickCount
WriteFile
SetLastError
GetProcAddress
CreateFileMappingA
GetModuleFileNameA
GetModuleHandleA
DeleteFileA
HeapReAlloc
MoveFileExA
CreateProcessW
HeapAlloc
SystemTimeToFileTime
GetCurrentProcess
HeapFree
GetProcessHeap
GetExitCodeProcess
TerminateProcess
GetTempFileNameA
GetLocalTime
LoadLibraryA
DuplicateHandle
GetTempPathA
GetFullPathNameA
GetThreadContext
GetCurrentThread
IsBadReadPtr
ExpandEnvironmentStringsA
WideCharToMultiByte
GetFileAttributesA
GetEnvironmentVariableA
MultiByteToWideChar
CreateDirectoryA
FindFirstFileA
RemoveDirectoryA
FindClose
GetCurrentDirectoryA
GetCurrentProcessId
GetVolumeInformationW
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OpenProcess
CreateFileW
GetCurrentThreadId
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapCreate
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetHandleCount
GetFileType
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
LoadLibraryW
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleW
VirtualQuery
advapi32
CheckTokenMembership
RegCloseKey
FreeSid
AllocateAndInitializeSid
RegOpenKeyExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
shell32
ShellExecuteExW
Sections
.text Size: 96KB - Virtual size: 95KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ