Malicious
Classifications
Downloader Injector Spyware
Threat Names
SmokeLoader Gen:Variant.Babar.29261
Dynamic Analysis Report
Created on 2021-11-18T11:28:00
8696a4269e30ddb34a7e0e84629ede03.virus.exe
Windows Exe (x86-32)
Remarks (2/2)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "4 hours, 22 minutes, 11 seconds" to "22 seconds" to reveal dormant functionality.
(0x0200003A): A task was rescheduled ahead of time to reveal dormant functionality.
Remarks
(0x0200000F): 9 additional dumps were skipped because the maximum number of 512 dumps was reached.
(0x0200004A): 9 dumps were skipped because they exceeded the maximum dump size of 7 MB. The largest one was 27 MB.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\kEecfMwgj\Desktop\8696a4269e30ddb34a7e0e84629ede03.virus.exe | Sample File | Binary |
malicious
|
...
|
»
| Also Known As | C:\Users\kEecfMwgj\AppData\Roaming\ahieedr (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 278.50 KB |
| MD5 |
8696a4269e30ddb34a7e0e84629ede03
|
| SHA1 |
125198e1f636ef118e468145d02e801a3ffe2a97
|
| SHA256 |
47ec411eab0aa15619f24caa6256ed4ca5cfc695a26f5b71830b53b07c22b05b
|
| SSDeep |
3072:80Zpf7ywrLoWHdAucQoHnSzG+dWpvgne52lPxsBvBPoeg8MRkY34R3R8UJPb9wy:RIUJcQk3+WvgnJla7oe0RdIdRzYy
|
| ImpHash |
ff6439958bc7d1b926a3ea41188420fe
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
File Reputation Information
»
| Verdict |
malicious
|
AV Matches (1)
»
| Threat Name | Verdict |
|---|---|
| Gen:Variant.Babar.29261 |
malicious
|
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x417ad0 |
| Size Of Code | 0x2f200 |
| Size Of Initialized Data | 0x1b99000 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2020-09-24 04:30:42+00:00 |
Sections (4)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x2f18a | 0x2f200 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.06 |
| .data | 0x431000 | 0x1b84ac0 | 0x1400 | 0x2f600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.97 |
| .rsrc | 0x1fb6000 | 0x44c0 | 0x4600 | 0x30a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.2 |
| .reloc | 0x1fbb000 | 0x10818 | 0x10a00 | 0x35000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.96 |
Imports (5)
»
KERNEL32.dll (115)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SetWaitableTimer | - | 0x401008 | 0x2f594 | 0x2e994 | 0x4ac |
| SetDllDirectoryW | - | 0x40100c | 0x2f598 | 0x2e998 | 0x451 |
| InterlockedIncrement | - | 0x401010 | 0x2f59c | 0x2e99c | 0x2ef |
| _lwrite | - | 0x401014 | 0x2f5a0 | 0x2e9a0 | 0x53c |
| SetFirmwareEnvironmentVariableA | - | 0x401018 | 0x2f5a4 | 0x2e9a4 | 0x46c |
| GetSystemWindowsDirectoryW | - | 0x40101c | 0x2f5a8 | 0x2e9a8 | 0x27c |
| GetNamedPipeHandleStateA | - | 0x401020 | 0x2f5ac | 0x2e9ac | 0x220 |
| SetHandleInformation | - | 0x401024 | 0x2f5b0 | 0x2e9b0 | 0x470 |
| GetComputerNameW | - | 0x401028 | 0x2f5b4 | 0x2e9b4 | 0x18f |
| GetModuleHandleW | - | 0x40102c | 0x2f5b8 | 0x2e9b8 | 0x218 |
| GetTickCount | - | 0x401030 | 0x2f5bc | 0x2e9bc | 0x293 |
| GetProcessHeap | - | 0x401034 | 0x2f5c0 | 0x2e9c0 | 0x24a |
| GetConsoleAliasesLengthA | - | 0x401038 | 0x2f5c4 | 0x2e9c4 | 0x197 |
| ConvertFiberToThread | - | 0x40103c | 0x2f5c8 | 0x2e9c8 | 0x6a |
| ReadConsoleW | - | 0x401040 | 0x2f5cc | 0x2e9cc | 0x3be |
| GetCompressedFileSizeW | - | 0x401044 | 0x2f5d0 | 0x2e9d0 | 0x18b |
| GetSystemWow64DirectoryA | - | 0x401048 | 0x2f5d4 | 0x2e9d4 | 0x27d |
| TlsSetValue | - | 0x40104c | 0x2f5d8 | 0x2e9d8 | 0x4c8 |
| LoadLibraryW | - | 0x401050 | 0x2f5dc | 0x2e9dc | 0x33f |
| GetConsoleMode | - | 0x401054 | 0x2f5e0 | 0x2e9e0 | 0x1ac |
| CopyFileW | - | 0x401058 | 0x2f5e4 | 0x2e9e4 | 0x75 |
| SetVolumeMountPointA | - | 0x40105c | 0x2f5e8 | 0x2e9e8 | 0x4aa |
| GetVersionExW | - | 0x401060 | 0x2f5ec | 0x2e9ec | 0x2a4 |
| HeapCreate | - | 0x401064 | 0x2f5f0 | 0x2e9f0 | 0x2cd |
| HeapValidate | - | 0x401068 | 0x2f5f4 | 0x2e9f4 | 0x2d7 |
| GetModuleFileNameW | - | 0x40106c | 0x2f5f8 | 0x2e9f8 | 0x214 |
| CreateActCtxA | - | 0x401070 | 0x2f5fc | 0x2e9fc | 0x77 |
| GetACP | - | 0x401074 | 0x2f600 | 0x2ea00 | 0x168 |
| GetStartupInfoW | - | 0x401078 | 0x2f604 | 0x2ea04 | 0x263 |
| WritePrivateProfileStringW | - | 0x40107c | 0x2f608 | 0x2ea08 | 0x52b |
| VerifyVersionInfoW | - | 0x401080 | 0x2f60c | 0x2ea0c | 0x4e8 |
| FindFirstFileExA | - | 0x401084 | 0x2f610 | 0x2ea10 | 0x133 |
| GetLastError | - | 0x401088 | 0x2f614 | 0x2ea14 | 0x202 |
| IsDBCSLeadByteEx | - | 0x40108c | 0x2f618 | 0x2ea18 | 0x2ff |
| SetLastError | - | 0x401090 | 0x2f61c | 0x2ea1c | 0x473 |
| lstrlenA | - | 0x401094 | 0x2f620 | 0x2ea20 | 0x54d |
| GetLongPathNameA | - | 0x401098 | 0x2f624 | 0x2ea24 | 0x20c |
| CreateNamedPipeA | - | 0x40109c | 0x2f628 | 0x2ea28 | 0x9f |
| CopyFileA | - | 0x4010a0 | 0x2f62c | 0x2ea2c | 0x70 |
| FindClose | - | 0x4010a4 | 0x2f630 | 0x2ea30 | 0x12e |
| GetPrivateProfileStringA | - | 0x4010a8 | 0x2f634 | 0x2ea34 | 0x241 |
| ProcessIdToSessionId | - | 0x4010ac | 0x2f638 | 0x2ea38 | 0x399 |
| LocalAlloc | - | 0x4010b0 | 0x2f63c | 0x2ea3c | 0x344 |
| IsWow64Process | - | 0x4010b4 | 0x2f640 | 0x2ea40 | 0x30e |
| SetCurrentDirectoryW | - | 0x4010b8 | 0x2f644 | 0x2ea44 | 0x44d |
| GetVolumePathNamesForVolumeNameA | - | 0x4010bc | 0x2f648 | 0x2ea48 | 0x2ac |
| GetModuleFileNameA | - | 0x4010c0 | 0x2f64c | 0x2ea4c | 0x213 |
| SetConsoleCursorInfo | - | 0x4010c4 | 0x2f650 | 0x2ea50 | 0x42f |
| GetProcessShutdownParameters | - | 0x4010c8 | 0x2f654 | 0x2ea54 | 0x251 |
| FreeEnvironmentStringsW | - | 0x4010cc | 0x2f658 | 0x2ea58 | 0x161 |
| WriteProfileStringW | - | 0x4010d0 | 0x2f65c | 0x2ea5c | 0x532 |
| BuildCommDCBA | - | 0x4010d4 | 0x2f660 | 0x2ea60 | 0x3a |
| VirtualProtect | - | 0x4010d8 | 0x2f664 | 0x2ea64 | 0x4ef |
| CompareStringA | - | 0x4010dc | 0x2f668 | 0x2ea68 | 0x61 |
| GetSystemRegistryQuota | - | 0x4010e0 | 0x2f66c | 0x2ea6c | 0x276 |
| ReadConsoleInputW | - | 0x4010e4 | 0x2f670 | 0x2ea70 | 0x3b8 |
| FileTimeToLocalFileTime | - | 0x4010e8 | 0x2f674 | 0x2ea74 | 0x124 |
| CreateWaitableTimerA | - | 0x4010ec | 0x2f678 | 0x2ea78 | 0xbf |
| GetSystemTime | - | 0x4010f0 | 0x2f67c | 0x2ea7c | 0x277 |
| TlsFree | - | 0x4010f4 | 0x2f680 | 0x2ea80 | 0x4c6 |
| CommConfigDialogW | - | 0x4010f8 | 0x2f684 | 0x2ea84 | 0x5e |
| CloseHandle | - | 0x4010fc | 0x2f688 | 0x2ea88 | 0x52 |
| CreateFileW | - | 0x401100 | 0x2f68c | 0x2ea8c | 0x8f |
| SetStdHandle | - | 0x401104 | 0x2f690 | 0x2ea90 | 0x487 |
| RaiseException | - | 0x401108 | 0x2f694 | 0x2ea94 | 0x3b1 |
| FlushFileBuffers | - | 0x40110c | 0x2f698 | 0x2ea98 | 0x157 |
| GetConsoleCP | - | 0x401110 | 0x2f69c | 0x2ea9c | 0x19a |
| BackupRead | - | 0x401114 | 0x2f6a0 | 0x2eaa0 | 0x18 |
| WriteConsoleInputW | - | 0x401118 | 0x2f6a4 | 0x2eaa4 | 0x51e |
| SetFilePointer | - | 0x40111c | 0x2f6a8 | 0x2eaa8 | 0x466 |
| IsProcessorFeaturePresent | - | 0x401120 | 0x2f6ac | 0x2eaac | 0x304 |
| OutputDebugStringW | - | 0x401124 | 0x2f6b0 | 0x2eab0 | 0x38a |
| WriteConsoleW | - | 0x401128 | 0x2f6b4 | 0x2eab4 | 0x524 |
| GetCommandLineW | - | 0x40112c | 0x2f6b8 | 0x2eab8 | 0x187 |
| HeapSetInformation | - | 0x401130 | 0x2f6bc | 0x2eabc | 0x2d3 |
| SetUnhandledExceptionFilter | - | 0x401134 | 0x2f6c0 | 0x2eac0 | 0x4a5 |
| QueryPerformanceCounter | - | 0x401138 | 0x2f6c4 | 0x2eac4 | 0x3a7 |
| GetCurrentThreadId | - | 0x40113c | 0x2f6c8 | 0x2eac8 | 0x1c5 |
| GetCurrentProcessId | - | 0x401140 | 0x2f6cc | 0x2eacc | 0x1c1 |
| GetSystemTimeAsFileTime | - | 0x401144 | 0x2f6d0 | 0x2ead0 | 0x279 |
| InterlockedDecrement | - | 0x401148 | 0x2f6d4 | 0x2ead4 | 0x2eb |
| DecodePointer | - | 0x40114c | 0x2f6d8 | 0x2ead8 | 0xca |
| GetProcAddress | - | 0x401150 | 0x2f6dc | 0x2eadc | 0x245 |
| ExitProcess | - | 0x401154 | 0x2f6e0 | 0x2eae0 | 0x119 |
| GetEnvironmentStringsW | - | 0x401158 | 0x2f6e4 | 0x2eae4 | 0x1da |
| SetHandleCount | - | 0x40115c | 0x2f6e8 | 0x2eae8 | 0x46f |
| GetStdHandle | - | 0x401160 | 0x2f6ec | 0x2eaec | 0x264 |
| InitializeCriticalSectionAndSpinCount | - | 0x401164 | 0x2f6f0 | 0x2eaf0 | 0x2e3 |
| GetFileType | - | 0x401168 | 0x2f6f4 | 0x2eaf4 | 0x1f3 |
| DeleteCriticalSection | - | 0x40116c | 0x2f6f8 | 0x2eaf8 | 0xd1 |
| IsBadReadPtr | - | 0x401170 | 0x2f6fc | 0x2eafc | 0x2f7 |
| EncodePointer | - | 0x401174 | 0x2f700 | 0x2eb00 | 0xea |
| TlsAlloc | - | 0x401178 | 0x2f704 | 0x2eb04 | 0x4c5 |
| TlsGetValue | - | 0x40117c | 0x2f708 | 0x2eb08 | 0x4c7 |
| WriteFile | - | 0x401180 | 0x2f70c | 0x2eb0c | 0x525 |
| GetOEMCP | - | 0x401184 | 0x2f710 | 0x2eb10 | 0x237 |
| GetCPInfo | - | 0x401188 | 0x2f714 | 0x2eb14 | 0x172 |
| IsValidCodePage | - | 0x40118c | 0x2f718 | 0x2eb18 | 0x30a |
| EnterCriticalSection | - | 0x401190 | 0x2f71c | 0x2eb1c | 0xee |
| LeaveCriticalSection | - | 0x401194 | 0x2f720 | 0x2eb20 | 0x339 |
| TerminateProcess | - | 0x401198 | 0x2f724 | 0x2eb24 | 0x4c0 |
| GetCurrentProcess | - | 0x40119c | 0x2f728 | 0x2eb28 | 0x1c0 |
| UnhandledExceptionFilter | - | 0x4011a0 | 0x2f72c | 0x2eb2c | 0x4d3 |
| IsDebuggerPresent | - | 0x4011a4 | 0x2f730 | 0x2eb30 | 0x300 |
| HeapAlloc | - | 0x4011a8 | 0x2f734 | 0x2eb34 | 0x2cb |
| HeapReAlloc | - | 0x4011ac | 0x2f738 | 0x2eb38 | 0x2d2 |
| HeapSize | - | 0x4011b0 | 0x2f73c | 0x2eb3c | 0x2d4 |
| HeapQueryInformation | - | 0x4011b4 | 0x2f740 | 0x2eb40 | 0x2d1 |
| HeapFree | - | 0x4011b8 | 0x2f744 | 0x2eb44 | 0x2cf |
| RtlUnwind | - | 0x4011bc | 0x2f748 | 0x2eb48 | 0x418 |
| WideCharToMultiByte | - | 0x4011c0 | 0x2f74c | 0x2eb4c | 0x511 |
| LCMapStringW | - | 0x4011c4 | 0x2f750 | 0x2eb50 | 0x32d |
| MultiByteToWideChar | - | 0x4011c8 | 0x2f754 | 0x2eb54 | 0x367 |
| GetStringTypeW | - | 0x4011cc | 0x2f758 | 0x2eb58 | 0x269 |
| OutputDebugStringA | - | 0x4011d0 | 0x2f75c | 0x2eb5c | 0x389 |
USER32.dll (9)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetMessageTime | - | 0x4011e0 | 0x2f76c | 0x2eb6c | 0x15c |
| GetCaretBlinkTime | - | 0x4011e4 | 0x2f770 | 0x2eb70 | 0x109 |
| GetMenuItemID | - | 0x4011e8 | 0x2f774 | 0x2eb74 | 0x152 |
| GetMonitorInfoA | - | 0x4011ec | 0x2f778 | 0x2eb78 | 0x15e |
| GetCursorInfo | - | 0x4011f0 | 0x2f77c | 0x2eb7c | 0x11f |
| GetListBoxInfo | - | 0x4011f4 | 0x2f780 | 0x2eb80 | 0x147 |
| GetMenuInfo | - | 0x4011f8 | 0x2f784 | 0x2eb84 | 0x150 |
| GetComboBoxInfo | - | 0x4011fc | 0x2f788 | 0x2eb88 | 0x11c |
| GetMenuBarInfo | - | 0x401200 | 0x2f78c | 0x2eb8c | 0x14c |
GDI32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetBitmapBits | - | 0x401000 | 0x2f58c | 0x2e98c | 0x1a7 |
WINHTTP.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WinHttpWriteData | - | 0x401208 | 0x2f794 | 0x2eb94 | 0x1f |
MSIMG32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GradientFill | - | 0x4011d8 | 0x2f764 | 0x2eb64 | 0x2 |
Memory Dumps (3)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|---|
| buffer | 1 | 0x02124378 | 0x02133C27 | First Execution |
|
32-bit | 0x021281AC |
|
|
...
|
| buffer | 1 | 0x00210000 | 0x00218FFF | First Execution |
|
32-bit | 0x00210000 |
|
|
...
|
| buffer | 1 | 0x00260000 | 0x00275FFF | Image In Buffer |
|
32-bit | - |
|
|
...
|
| C:\Users\kEecfMwgj\AppData\Roaming\htcufvu | Dropped File | Stream |
clean
|
...
|
»
| MIME Type | application/octet-stream |
| File Size | 412.28 KB |
| MD5 |
4757b8d64191de2d4b27730383390d3d
|
| SHA1 |
7c879f5796f65234e195d342fce3d21beafdfb38
|
| SHA256 |
6b2757598d730ac5f2c56a1be845369ba88384f034b255ee6bc6a2c34ca086ac
|
| SSDeep |
12288:AG2h//jStQs24BrvlKpWObKUCgfKsYxryZ10B:AlhnwQb4BrvKKUFKHx2ZuB
|
| ImpHash | - |
