SmokeLoader | 269200ba6acb

Remarks

Maximum Dump Size Exceeded (0x0200004A): 10 dump(s) were skipped because they exceeded the maximum dump size of 16 MB. The largest one was 32 MB.

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\269200ba6acb859b712185ebdad2b0000333e42d194e05d12d86eb3590125aed.exe

Sample File

Binary

Also Known As	C:\Users\RDhJ0CNFevzX\AppData\Roaming\bcatcih (Accessed File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	182.00 KB
MD5	c529659ad79b58eb83d1732b6cc88ff5
SHA1	aad399bd653192ec0ecdeac5c1a4cbf43afb19b6
SHA256	269200ba6acb859b712185ebdad2b0000333e42d194e05d12d86eb3590125aed
SSDeep	3072:C196SvSbCDBMY3ue3PFUt76X9JfIruFeKQvd4xkESjMWD/Y:CVcmhfW6X9OihQvDF
ImpHash	19d26450af6fae284e6a28f691d90382

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

PE Information

Image Base	0x00400000
Entry Point	0x00416767
Size Of Code	0x00022C00
Size Of Initialized Data	0x02094200
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2021-02-09 13:58 (UTC+1)

Version Information (3)

FileVersions	48.90.12.34
Copyrighz	Copyright (C) 2022, pozkarte
ProjectVersion	82.79.7.9

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00401000	0x00022B40	0x00022C00	0x00000400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.42
.data	0x00424000	0x02083AD0	0x00003000	0x00023000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	1.75
.rsrc	0x024A8000	0x00007650	0x00007800	0x00026000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	6.28

Imports (2)

KERNEL32.dll (114)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
FoldStringA	-	0x00401000	0x000230A8	0x000224A8	0x0000015B
GetLocalTime	-	0x00401004	0x000230AC	0x000224AC	0x00000203
InterlockedDecrement	-	0x00401008	0x000230B0	0x000224B0	0x000002EB
GetLocaleInfoA	-	0x0040100C	0x000230B4	0x000224B4	0x00000204
InterlockedCompareExchange	-	0x00401010	0x000230B8	0x000224B8	0x000002E9
_hwrite	-	0x00401014	0x000230BC	0x000224BC	0x00000536
CancelWaitableTimer	-	0x00401018	0x000230C0	0x000224C0	0x00000047
GetSystemDirectoryA	-	0x0040101C	0x000230C4	0x000224C4	0x0000026F
CreateEventW	-	0x00401020	0x000230C8	0x000224C8	0x00000085
ReadConsoleA	-	0x00401024	0x000230CC	0x000224CC	0x000003B4
VerifyVersionInfoA	-	0x00401028	0x000230D0	0x000224D0	0x000004E7
BuildCommDCBA	-	0x0040102C	0x000230D4	0x000224D4	0x0000003A
GetConsoleAliasExesLengthA	-	0x00401030	0x000230D8	0x000224D8	0x00000192
SetSystemTimeAdjustment	-	0x00401034	0x000230DC	0x000224DC	0x0000048C
PeekConsoleInputA	-	0x00401038	0x000230E0	0x000224E0	0x0000038B
EnumDateFormatsA	-	0x0040103C	0x000230E4	0x000224E4	0x000000F4
CreateFileW	-	0x00401040	0x000230E8	0x000224E8	0x0000008F
RegisterWaitForSingleObjectEx	-	0x00401044	0x000230EC	0x000224EC	0x000003F6
LoadLibraryA	-	0x00401048	0x000230F0	0x000224F0	0x0000033C
WaitNamedPipeA	-	0x0040104C	0x000230F4	0x000224F4	0x000004FF
GetEnvironmentStrings	-	0x00401050	0x000230F8	0x000224F8	0x000001D8
FindResourceExA	-	0x00401054	0x000230FC	0x000224FC	0x0000014C
VirtualProtect	-	0x00401058	0x00023100	0x00022500	0x000004EF
GetFirmwareEnvironmentVariableW	-	0x0040105C	0x00023104	0x00022504	0x000001F7
GetModuleFileNameW	-	0x00401060	0x00023108	0x00022508	0x00000214
BeginUpdateResourceW	-	0x00401064	0x0002310C	0x0002250C	0x00000038
EnumCalendarInfoExW	-	0x00401068	0x00023110	0x00022510	0x000000F2
WriteConsoleOutputCharacterW	-	0x0040106C	0x00023114	0x00022514	0x00000522
WriteConsoleA	-	0x00401070	0x00023118	0x00022518	0x0000051A
LoadLibraryW	-	0x00401074	0x0002311C	0x0002251C	0x0000033F
DeleteFileW	-	0x00401078	0x00023120	0x00022520	0x000000D6
LocalAlloc	-	0x0040107C	0x00023124	0x00022524	0x00000344
GetProcAddress	-	0x00401080	0x00023128	0x00022528	0x00000245
GetModuleHandleW	-	0x00401084	0x0002312C	0x0002252C	0x00000218
GetUserDefaultLCID	-	0x00401088	0x00023130	0x00022530	0x0000029B
FindFirstChangeNotificationW	-	0x0040108C	0x00023134	0x00022534	0x00000131
HeapUnlock	-	0x00401090	0x00023138	0x00022538	0x000002D6
GetCalendarInfoW	-	0x00401094	0x0002313C	0x0002253C	0x0000017B
SetConsoleTitleA	-	0x00401098	0x00023140	0x00022540	0x00000447
GetBinaryTypeW	-	0x0040109C	0x00023144	0x00022544	0x00000171
GetComputerNameExA	-	0x004010A0	0x00023148	0x00022548	0x0000018D
FindNextFileA	-	0x004010A4	0x0002314C	0x0002254C	0x00000143
OpenJobObjectA	-	0x004010A8	0x00023150	0x00022550	0x0000037A
HeapValidate	-	0x004010AC	0x00023154	0x00022554	0x000002D7
_lclose	-	0x004010B0	0x00023158	0x00022558	0x00000537
GetComputerNameW	-	0x004010B4	0x0002315C	0x0002255C	0x0000018F
SetFileShortNameW	-	0x004010B8	0x00023160	0x00022560	0x00000469
TlsSetValue	-	0x004010BC	0x00023164	0x00022564	0x000004C8
SetCalendarInfoW	-	0x004010C0	0x00023168	0x00022568	0x0000041F
SetComputerNameW	-	0x004010C4	0x0002316C	0x0002256C	0x0000042A
CreateDirectoryExA	-	0x004010C8	0x00023170	0x00022570	0x0000007D
InitializeCriticalSectionAndSpinCount	-	0x004010CC	0x00023174	0x00022574	0x000002E3
FindFirstChangeNotificationA	-	0x004010D0	0x00023178	0x00022578	0x00000130
GetVolumePathNameW	-	0x004010D4	0x0002317C	0x0002257C	0x000002AB
GetProcessHandleCount	-	0x004010D8	0x00023180	0x00022580	0x00000249
GetThreadLocale	-	0x004010DC	0x00023184	0x00022584	0x0000028C
GetSystemDefaultLangID	-	0x004010E0	0x00023188	0x00022588	0x0000026C
GetCurrentProcess	-	0x004010E4	0x0002318C	0x0002258C	0x000001C0
ReadFile	-	0x004010E8	0x00023190	0x00022590	0x000003C0
GetStringTypeW	-	0x004010EC	0x00023194	0x00022594	0x00000269
HeapSize	-	0x004010F0	0x00023198	0x00022598	0x000002D4
GetDiskFreeSpaceA	-	0x004010F4	0x0002319C	0x0002259C	0x000001CC
HeapReAlloc	-	0x004010F8	0x000231A0	0x000225A0	0x000002D2
RaiseException	-	0x004010FC	0x000231A4	0x000225A4	0x000003B1
RtlUnwind	-	0x00401100	0x000231A8	0x000225A8	0x00000418
MultiByteToWideChar	-	0x00401104	0x000231AC	0x000225AC	0x00000367
GetCommandLineW	-	0x00401108	0x000231B0	0x000225B0	0x00000187
HeapSetInformation	-	0x0040110C	0x000231B4	0x000225B4	0x000002D3
GetStartupInfoW	-	0x00401110	0x000231B8	0x000225B8	0x00000263
EncodePointer	-	0x00401114	0x000231BC	0x000225BC	0x000000EA
HeapAlloc	-	0x00401118	0x000231C0	0x000225C0	0x000002CB
GetLastError	-	0x0040111C	0x000231C4	0x000225C4	0x00000202
HeapFree	-	0x00401120	0x000231C8	0x000225C8	0x000002CF
IsProcessorFeaturePresent	-	0x00401124	0x000231CC	0x000225CC	0x00000304
SetFilePointer	-	0x00401128	0x000231D0	0x000225D0	0x00000466
EnterCriticalSection	-	0x0040112C	0x000231D4	0x000225D4	0x000000EE
LeaveCriticalSection	-	0x00401130	0x000231D8	0x000225D8	0x00000339
UnhandledExceptionFilter	-	0x00401134	0x000231DC	0x000225DC	0x000004D3
SetUnhandledExceptionFilter	-	0x00401138	0x000231E0	0x000225E0	0x000004A5
IsDebuggerPresent	-	0x0040113C	0x000231E4	0x000225E4	0x00000300
DecodePointer	-	0x00401140	0x000231E8	0x000225E8	0x000000CA
TerminateProcess	-	0x00401144	0x000231EC	0x000225EC	0x000004C0
TlsAlloc	-	0x00401148	0x000231F0	0x000225F0	0x000004C5
TlsGetValue	-	0x0040114C	0x000231F4	0x000225F4	0x000004C7
TlsFree	-	0x00401150	0x000231F8	0x000225F8	0x000004C6
InterlockedIncrement	-	0x00401154	0x000231FC	0x000225FC	0x000002EF
SetLastError	-	0x00401158	0x00023200	0x00022600	0x00000473
GetCurrentThreadId	-	0x0040115C	0x00023204	0x00022604	0x000001C5
ExitProcess	-	0x00401160	0x00023208	0x00022608	0x00000119
GetCPInfo	-	0x00401164	0x0002320C	0x0002260C	0x00000172
GetACP	-	0x00401168	0x00023210	0x00022610	0x00000168
GetOEMCP	-	0x0040116C	0x00023214	0x00022614	0x00000237
IsValidCodePage	-	0x00401170	0x00023218	0x00022618	0x0000030A
CloseHandle	-	0x00401174	0x0002321C	0x0002261C	0x00000052
WriteFile	-	0x00401178	0x00023220	0x00022620	0x00000525
GetStdHandle	-	0x0040117C	0x00023224	0x00022624	0x00000264
FreeEnvironmentStringsW	-	0x00401180	0x00023228	0x00022628	0x00000161
GetEnvironmentStringsW	-	0x00401184	0x0002322C	0x0002262C	0x000001DA
SetHandleCount	-	0x00401188	0x00023230	0x00022630	0x0000046F
GetFileType	-	0x0040118C	0x00023234	0x00022634	0x000001F3
DeleteCriticalSection	-	0x00401190	0x00023238	0x00022638	0x000000D1
HeapCreate	-	0x00401194	0x0002323C	0x0002263C	0x000002CD
QueryPerformanceCounter	-	0x00401198	0x00023240	0x00022640	0x000003A7
GetTickCount	-	0x0040119C	0x00023244	0x00022644	0x00000293
GetCurrentProcessId	-	0x004011A0	0x00023248	0x00022648	0x000001C1
GetSystemTimeAsFileTime	-	0x004011A4	0x0002324C	0x0002264C	0x00000279
SetStdHandle	-	0x004011A8	0x00023250	0x00022650	0x00000487
WideCharToMultiByte	-	0x004011AC	0x00023254	0x00022654	0x00000511
GetConsoleCP	-	0x004011B0	0x00023258	0x00022658	0x0000019A
GetConsoleMode	-	0x004011B4	0x0002325C	0x0002265C	0x000001AC
FlushFileBuffers	-	0x004011B8	0x00023260	0x00022660	0x00000157
Sleep	-	0x004011BC	0x00023264	0x00022664	0x000004B2
LCMapStringW	-	0x004011C0	0x00023268	0x00022668	0x0000032D
WriteConsoleW	-	0x004011C4	0x0002326C	0x0002266C	0x00000524

USER32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ClientToScreen	-	0x004011CC	0x00023274	0x00022674	0x00000047

Memory Dumps (16)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
buffer	1	0x02791F48	0x027A1697	First Execution	32-bit	0x02795CF5	... Actions Go to Process Download Dump
buffer	1	0x02580000	0x02588FFF	First Execution	32-bit	0x02580000	... Actions Go to Process Download Dump
buffer	2	0x00400000	0x00408FFF	First Execution	32-bit	0x00402DD8	... Actions Go to Process Download Dump
buffer	2	0x00400000	0x00408FFF	Content Changed	32-bit	0x004026DE	... Actions Go to Process Download Dump
buffer	2	0x00400000	0x00408FFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x004E0000	0x004E5FFF	Process Termination	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	5	0x027E1C30	0x027F137F	First Execution	32-bit	0x027E59DD	... Actions Go to Process Download Dump
buffer	5	0x02580000	0x02588FFF	First Execution	32-bit	0x02580000	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x00408FFF	First Execution	32-bit	0x00402DD8	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x00408FFF	Content Changed	32-bit	0x004026DE	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x00408FFF	Content Changed	32-bit	0x00401C7C	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x00408FFF	Content Changed	32-bit	0x004020C2	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x00408FFF	Content Changed	32-bit	0x00401849	... Actions Go to Process Download Dump
buffer	7	0x001D0000	0x001D5FFF	Process Termination	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x00408FFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x004D0000	0x004E5FFF	Image In Buffer	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump

a1aaaf3a627c8a4f9e25bd0ecb3b446a79fe46d1695d03790c8c8f89eba402dc

Downloaded File

HTML

MIME Type	text/html
File Size	407 Bytes
MD5	ae7ee35a75964da74bf291771f240930
SHA1	b018fdb28a05adf26fcbe8bbd9048b0a33fd4ae6
SHA256	a1aaaf3a627c8a4f9e25bd0ecb3b446a79fe46d1695d03790c8c8f89eba402dc
SSDeep	12:J0+t9xqeRKWTQzetSzRxnnezWfCJjsKtgizRon44ma8:39YeRKveQxawCJjsuRe4Y8
ImpHash	-

eddabae746d7dc8460c199052ea712be04eeb3015536bb2db3e77fc2cd7f282f

Downloaded File

Stream

MIME Type	application/octet-stream
File Size	24 Bytes
MD5	cc4af769c17a0fa9b6a12a284ecbc90b
SHA1	274a8550c6b7cbdddebc8b343c4510dd19a14a5a
SHA256	eddabae746d7dc8460c199052ea712be04eeb3015536bb2db3e77fc2cd7f282f
SSDeep	3:tfLK8NX:tTv5
ImpHash	-

f02d38c231490b79375250343ff0237e1f3d5ff0abc6a7e84cb3eac13d96a485

Downloaded File

Stream

MIME Type	application/octet-stream
File Size	24 Bytes
MD5	a7161b1723d888e07578878e5be373a9
SHA1	979f687aec89386a04756823acd5b42b6b7e9c06
SHA256	f02d38c231490b79375250343ff0237e1f3d5ff0abc6a7e84cb3eac13d96a485
SSDeep	3:tfMWJX:txt
ImpHash	-

Remarks (1/1)

Remarks

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information