SmokeLoader | 22eae9c51337

Remarks

Maximum Dump Size Exceeded (0x0200004A): 10 dump(s) were skipped because they exceeded the maximum dump size of 16 MB. The largest one was 32 MB.

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\22eae9c51337fd8dc6d1bb281a6e1ddb9990d906076cb3e1d89887eadbdfd374.exe

Sample File

Binary

Also Known As	C:\Users\RDhJ0CNFevzX\AppData\Roaming\bcatcih (Accessed File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	181.00 KB
MD5	17ea9707608c048bbc933e8fb365d483
SHA1	430c8d8bcf6d095903ed3c1dcfe70a4a5cda32a1
SHA256	22eae9c51337fd8dc6d1bb281a6e1ddb9990d906076cb3e1d89887eadbdfd374
SSDeep	3072:wt9mZrSPd07P4SczpIiDi1QaC5ydjRDMzbh71CL2F0L:wPmZQd0T9w5m1QTMNMzn2e
ImpHash	a8692768e915e3ee244bd5d51d7bedfb

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

PE Information

Image Base	0x00400000
Entry Point	0x004164E7
Size Of Code	0x00022A00
Size Of Initialized Data	0x02096600
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2021-03-11 15:17 (UTC+1)

Version Information (3)

FileVersions	48.90.12.34
Copyrighz	Copyright (C) 2022, pozkarte
ProjectVersion	91.4.7.88

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00401000	0x0002287A	0x00022A00	0x00000400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.41
.data	0x00424000	0x020861D0	0x00003000	0x00022E00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	1.75
.rsrc	0x024AB000	0x000074D8	0x00007600	0x00025E00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	6.3

Imports (2)

KERNEL32.dll (111)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
FoldStringA	-	0x00401000	0x00022E28	0x00022228	0x0000015B
GetLocalTime	-	0x00401004	0x00022E2C	0x0002222C	0x00000203
InterlockedDecrement	-	0x00401008	0x00022E30	0x00022230	0x000002EB
GetLocaleInfoA	-	0x0040100C	0x00022E34	0x00022234	0x00000204
InterlockedCompareExchange	-	0x00401010	0x00022E38	0x00022238	0x000002E9
_hwrite	-	0x00401014	0x00022E3C	0x0002223C	0x00000536
CancelWaitableTimer	-	0x00401018	0x00022E40	0x00022240	0x00000047
GetSystemDirectoryA	-	0x0040101C	0x00022E44	0x00022244	0x0000026F
CreateEventW	-	0x00401020	0x00022E48	0x00022248	0x00000085
ReadConsoleA	-	0x00401024	0x00022E4C	0x0002224C	0x000003B4
VerifyVersionInfoW	-	0x00401028	0x00022E50	0x00022250	0x000004E8
BuildCommDCBA	-	0x0040102C	0x00022E54	0x00022254	0x0000003A
GetConsoleAliasExesLengthA	-	0x00401030	0x00022E58	0x00022258	0x00000192
SetSystemTimeAdjustment	-	0x00401034	0x00022E5C	0x0002225C	0x0000048C
PeekConsoleInputW	-	0x00401038	0x00022E60	0x00022260	0x0000038C
EnumDateFormatsA	-	0x0040103C	0x00022E64	0x00022264	0x000000F4
CreateFileW	-	0x00401040	0x00022E68	0x00022268	0x0000008F
RegisterWaitForSingleObjectEx	-	0x00401044	0x00022E6C	0x0002226C	0x000003F6
LoadLibraryA	-	0x00401048	0x00022E70	0x00022270	0x0000033C
WaitNamedPipeA	-	0x0040104C	0x00022E74	0x00022274	0x000004FF
GetEnvironmentStrings	-	0x00401050	0x00022E78	0x00022278	0x000001D8
FindResourceExW	-	0x00401054	0x00022E7C	0x0002227C	0x0000014D
VirtualProtect	-	0x00401058	0x00022E80	0x00022280	0x000004EF
GetFirmwareEnvironmentVariableW	-	0x0040105C	0x00022E84	0x00022284	0x000001F7
GetModuleFileNameW	-	0x00401060	0x00022E88	0x00022288	0x00000214
BeginUpdateResourceW	-	0x00401064	0x00022E8C	0x0002228C	0x00000038
DeleteFileW	-	0x00401068	0x00022E90	0x00022290	0x000000D6
WriteConsoleA	-	0x0040106C	0x00022E94	0x00022294	0x0000051A
EnumCalendarInfoExA	-	0x00401070	0x00022E98	0x00022298	0x000000F0
LoadLibraryW	-	0x00401074	0x00022E9C	0x0002229C	0x0000033F
GetProcAddress	-	0x00401078	0x00022EA0	0x000222A0	0x00000245
GetModuleHandleW	-	0x0040107C	0x00022EA4	0x000222A4	0x00000218
GetUserDefaultLCID	-	0x00401080	0x00022EA8	0x000222A8	0x0000029B
FindFirstChangeNotificationW	-	0x00401084	0x00022EAC	0x000222AC	0x00000131
GetFileAttributesExA	-	0x00401088	0x00022EB0	0x000222B0	0x000001E6
GetCalendarInfoW	-	0x0040108C	0x00022EB4	0x000222B4	0x0000017B
SetConsoleTitleA	-	0x00401090	0x00022EB8	0x000222B8	0x00000447
GetBinaryTypeW	-	0x00401094	0x00022EBC	0x000222BC	0x00000171
GlobalAlloc	-	0x00401098	0x00022EC0	0x000222C0	0x000002B3
GetComputerNameExA	-	0x0040109C	0x00022EC4	0x000222C4	0x0000018D
FindNextFileA	-	0x004010A0	0x00022EC8	0x000222C8	0x00000143
OpenJobObjectA	-	0x004010A4	0x00022ECC	0x000222CC	0x0000037A
HeapSize	-	0x004010A8	0x00022ED0	0x000222D0	0x000002D4
_lclose	-	0x004010AC	0x00022ED4	0x000222D4	0x00000537
GetComputerNameW	-	0x004010B0	0x00022ED8	0x000222D8	0x0000018F
TlsGetValue	-	0x004010B4	0x00022EDC	0x000222DC	0x000004C7
SetCalendarInfoW	-	0x004010B8	0x00022EE0	0x000222E0	0x0000041F
SetComputerNameW	-	0x004010BC	0x00022EE4	0x000222E4	0x0000042A
CreateDirectoryExA	-	0x004010C0	0x00022EE8	0x000222E8	0x0000007D
InitializeCriticalSectionAndSpinCount	-	0x004010C4	0x00022EEC	0x000222EC	0x000002E3
FindFirstChangeNotificationA	-	0x004010C8	0x00022EF0	0x000222F0	0x00000130
GetVolumePathNameW	-	0x004010CC	0x00022EF4	0x000222F4	0x000002AB
GetProcessHandleCount	-	0x004010D0	0x00022EF8	0x000222F8	0x00000249
GetThreadLocale	-	0x004010D4	0x00022EFC	0x000222FC	0x0000028C
GetSystemDefaultLangID	-	0x004010D8	0x00022F00	0x00022300	0x0000026C
GetCurrentProcess	-	0x004010DC	0x00022F04	0x00022304	0x000001C0
ReadFile	-	0x004010E0	0x00022F08	0x00022308	0x000003C0
GetStringTypeW	-	0x004010E4	0x00022F0C	0x0002230C	0x00000269
HeapFree	-	0x004010E8	0x00022F10	0x00022310	0x000002CF
GetDiskFreeSpaceA	-	0x004010EC	0x00022F14	0x00022314	0x000001CC
HeapReAlloc	-	0x004010F0	0x00022F18	0x00022318	0x000002D2
RaiseException	-	0x004010F4	0x00022F1C	0x0002231C	0x000003B1
RtlUnwind	-	0x004010F8	0x00022F20	0x00022320	0x00000418
MultiByteToWideChar	-	0x004010FC	0x00022F24	0x00022324	0x00000367
GetCommandLineW	-	0x00401100	0x00022F28	0x00022328	0x00000187
HeapSetInformation	-	0x00401104	0x00022F2C	0x0002232C	0x000002D3
GetStartupInfoW	-	0x00401108	0x00022F30	0x00022330	0x00000263
EncodePointer	-	0x0040110C	0x00022F34	0x00022334	0x000000EA
HeapAlloc	-	0x00401110	0x00022F38	0x00022338	0x000002CB
GetLastError	-	0x00401114	0x00022F3C	0x0002233C	0x00000202
IsProcessorFeaturePresent	-	0x00401118	0x00022F40	0x00022340	0x00000304
SetFilePointer	-	0x0040111C	0x00022F44	0x00022344	0x00000466
EnterCriticalSection	-	0x00401120	0x00022F48	0x00022348	0x000000EE
LeaveCriticalSection	-	0x00401124	0x00022F4C	0x0002234C	0x00000339
UnhandledExceptionFilter	-	0x00401128	0x00022F50	0x00022350	0x000004D3
SetUnhandledExceptionFilter	-	0x0040112C	0x00022F54	0x00022354	0x000004A5
IsDebuggerPresent	-	0x00401130	0x00022F58	0x00022358	0x00000300
DecodePointer	-	0x00401134	0x00022F5C	0x0002235C	0x000000CA
TerminateProcess	-	0x00401138	0x00022F60	0x00022360	0x000004C0
TlsAlloc	-	0x0040113C	0x00022F64	0x00022364	0x000004C5
TlsSetValue	-	0x00401140	0x00022F68	0x00022368	0x000004C8
TlsFree	-	0x00401144	0x00022F6C	0x0002236C	0x000004C6
InterlockedIncrement	-	0x00401148	0x00022F70	0x00022370	0x000002EF
SetLastError	-	0x0040114C	0x00022F74	0x00022374	0x00000473
GetCurrentThreadId	-	0x00401150	0x00022F78	0x00022378	0x000001C5
ExitProcess	-	0x00401154	0x00022F7C	0x0002237C	0x00000119
GetCPInfo	-	0x00401158	0x00022F80	0x00022380	0x00000172
GetACP	-	0x0040115C	0x00022F84	0x00022384	0x00000168
GetOEMCP	-	0x00401160	0x00022F88	0x00022388	0x00000237
IsValidCodePage	-	0x00401164	0x00022F8C	0x0002238C	0x0000030A
CloseHandle	-	0x00401168	0x00022F90	0x00022390	0x00000052
WriteFile	-	0x0040116C	0x00022F94	0x00022394	0x00000525
GetStdHandle	-	0x00401170	0x00022F98	0x00022398	0x00000264
FreeEnvironmentStringsW	-	0x00401174	0x00022F9C	0x0002239C	0x00000161
GetEnvironmentStringsW	-	0x00401178	0x00022FA0	0x000223A0	0x000001DA
SetHandleCount	-	0x0040117C	0x00022FA4	0x000223A4	0x0000046F
GetFileType	-	0x00401180	0x00022FA8	0x000223A8	0x000001F3
DeleteCriticalSection	-	0x00401184	0x00022FAC	0x000223AC	0x000000D1
HeapCreate	-	0x00401188	0x00022FB0	0x000223B0	0x000002CD
QueryPerformanceCounter	-	0x0040118C	0x00022FB4	0x000223B4	0x000003A7
GetTickCount	-	0x00401190	0x00022FB8	0x000223B8	0x00000293
GetCurrentProcessId	-	0x00401194	0x00022FBC	0x000223BC	0x000001C1
GetSystemTimeAsFileTime	-	0x00401198	0x00022FC0	0x000223C0	0x00000279
SetStdHandle	-	0x0040119C	0x00022FC4	0x000223C4	0x00000487
WideCharToMultiByte	-	0x004011A0	0x00022FC8	0x000223C8	0x00000511
GetConsoleCP	-	0x004011A4	0x00022FCC	0x000223CC	0x0000019A
GetConsoleMode	-	0x004011A8	0x00022FD0	0x000223D0	0x000001AC
FlushFileBuffers	-	0x004011AC	0x00022FD4	0x000223D4	0x00000157
Sleep	-	0x004011B0	0x00022FD8	0x000223D8	0x000004B2
LCMapStringW	-	0x004011B4	0x00022FDC	0x000223DC	0x0000032D
WriteConsoleW	-	0x004011B8	0x00022FE0	0x000223E0	0x00000524

USER32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ClientToScreen	-	0x004011C0	0x00022FE8	0x000223E8	0x00000047

Memory Dumps (17)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
buffer	1	0x02601F48	0x026113D7	First Execution	32-bit	0x02605A29	... Actions Go to Process Download Dump
buffer	1	0x024D0000	0x024D8FFF	First Execution	32-bit	0x024D0000	... Actions Go to Process Download Dump
buffer	2	0x00400000	0x00408FFF	First Execution	32-bit	0x00402DD8	... Actions Go to Process Download Dump
buffer	2	0x00400000	0x00408FFF	Content Changed	32-bit	0x00402B9F	... Actions Go to Process Download Dump
buffer	2	0x00400000	0x00408FFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x00440000	0x00445FFF	Process Termination	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	6	0x02741C30	0x027510BF	First Execution	32-bit	0x02745711	... Actions Go to Process Download Dump
buffer	6	0x024D0000	0x024D8FFF	First Execution	32-bit	0x024D0000	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x00408FFF	First Execution	32-bit	0x00402DD8	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x00408FFF	Content Changed	32-bit	0x004026DE	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x00408FFF	Content Changed	32-bit	0x00401CEB	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x00408FFF	Content Changed	32-bit	0x004020C2	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x00408FFF	Content Changed	32-bit	0x00401849	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x00408FFF	Content Changed	32-bit	0x00402B9F	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x00408FFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x004E0000	0x004E5FFF	Process Termination	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00500000	0x00515FFF	Image In Buffer	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump

a1aaaf3a627c8a4f9e25bd0ecb3b446a79fe46d1695d03790c8c8f89eba402dc

Downloaded File

HTML

MIME Type	text/html
File Size	407 Bytes
MD5	ae7ee35a75964da74bf291771f240930
SHA1	b018fdb28a05adf26fcbe8bbd9048b0a33fd4ae6
SHA256	a1aaaf3a627c8a4f9e25bd0ecb3b446a79fe46d1695d03790c8c8f89eba402dc
SSDeep	12:J0+t9xqeRKWTQzetSzRxnnezWfCJjsKtgizRon44ma8:39YeRKveQxawCJjsuRe4Y8
ImpHash	-

9f37ee32b5f1620f44adc2a458c60e504a650419f2de2882c912792c3e0d8a93

Downloaded File

Stream

MIME Type	application/octet-stream
File Size	24 Bytes
MD5	0a6b6b1b2993ce58d0ae4932baa2a39a
SHA1	d111cd8d93188aabcd179193091b6e5e04aed84f
SHA256	9f37ee32b5f1620f44adc2a458c60e504a650419f2de2882c912792c3e0d8a93
SSDeep	3:tfAVX:tIB
ImpHash	-

f02d38c231490b79375250343ff0237e1f3d5ff0abc6a7e84cb3eac13d96a485

Downloaded File

Stream

MIME Type	application/octet-stream
File Size	24 Bytes
MD5	a7161b1723d888e07578878e5be373a9
SHA1	979f687aec89386a04756823acd5b42b6b7e9c06
SHA256	f02d38c231490b79375250343ff0237e1f3d5ff0abc6a7e84cb3eac13d96a485
SSDeep	3:tfMWJX:txt
ImpHash	-

Remarks (1/1)

Remarks

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information