SmokeLoader | b602afd3f94c

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\kEecfMwgj\Desktop\eb023c854d3c8a24589e9294fd5d346e.virus.exe

Sample File

Binary

Also Known As	C:\Users\kEecfMwgj\AppData\Roaming\cdieedr (Dropped File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	278.00 KB
MD5	eb023c854d3c8a24589e9294fd5d346e
SHA1	699eb8e25fcd583774381b9ff554c7e8442c8c43
SHA256	b602afd3f94c5820291f8319b23f20e5254212ba6aab49be0238d7067caca7b8
SSDeep	3072:AbxI6T6jY7wdRLjumseo44+9acMUpK5XVFR5+zcXXGO1Z6S9daWrxpzbgqru:AbxRx4d8XVFn7W6/muzbgwu
ImpHash	6d4af36ccbaddaffd179ef41d42df9cf

PE Information

Image Base	0x400000
Entry Point	0x403410
Size Of Code	0x12400
Size Of Initialized Data	0x3ae00
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2020-10-20 07:34:24+00:00

Version Information (3)

InternationalName	bomgvioci.iwa
Copyright	Copyrighz (C) 2021, fudkort
ProjectVersion	3.10.70.57

Sections (4)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x12223	0x12400	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.67
.rdata	0x414000	0x3f32	0x4000	0x12800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.43
.data	0x418000	0x28178	0x22200	0x16800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	2.79
.rsrc	0x441000	0xcd20	0xce00	0x38a00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	6.34

Imports (1)

KERNEL32.dll (97)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetConsoleAliasesLengthW	-	0x414000	0x17690	0x15e90	0x181
GetLocaleInfoA	-	0x414004	0x17694	0x15e94	0x1e8
SetComputerNameExA	-	0x414008	0x17698	0x15e98	0x3a2
VirtualQuery	-	0x41400c	0x1769c	0x15e9c	0x45c
GetDefaultCommConfigW	-	0x414010	0x176a0	0x15ea0	0x1b2
FindResourceExW	-	0x414014	0x176a4	0x15ea4	0x138
OpenJobObjectA	-	0x414018	0x176a8	0x15ea8	0x32d
GetConsoleAliasA	-	0x41401c	0x176ac	0x15eac	0x179
InterlockedDecrement	-	0x414020	0x176b0	0x15eb0	0x2bc
CompareFileTime	-	0x414024	0x176b4	0x15eb4	0x51
GetProfileSectionA	-	0x414028	0x176b8	0x15eb8	0x231
GetConsoleAliasesA	-	0x41402c	0x176bc	0x15ebc	0x17f
GetConsoleTitleA	-	0x414030	0x176c0	0x15ec0	0x19e
ReadConsoleW	-	0x414034	0x176c4	0x15ec4	0x366
SetFileTime	-	0x414038	0x176c8	0x15ec8	0x3e3
GlobalAlloc	-	0x41403c	0x176cc	0x15ecc	0x285
Sleep	-	0x414040	0x176d0	0x15ed0	0x421
GetFileAttributesW	-	0x414044	0x176d4	0x15ed4	0x1ce
GetAtomNameW	-	0x414048	0x176d8	0x15ed8	0x156
SetConsoleTitleA	-	0x41404c	0x176dc	0x15edc	0x3c1
RaiseException	-	0x414050	0x176e0	0x15ee0	0x35a
GetLastError	-	0x414054	0x176e4	0x15ee4	0x1e6
GetProcAddress	-	0x414058	0x176e8	0x15ee8	0x220
GetLongPathNameA	-	0x41405c	0x176ec	0x15eec	0x1ef
VirtualAlloc	-	0x414060	0x176f0	0x15ef0	0x454
PrepareTape	-	0x414064	0x176f4	0x15ef4	0x340
DnsHostnameToComputerNameA	-	0x414068	0x176f8	0x15ef8	0xce
GetFileType	-	0x41406c	0x176fc	0x15efc	0x1d7
GetModuleFileNameA	-	0x414070	0x17700	0x15f00	0x1f4
CreateIoCompletionPort	-	0x414074	0x17704	0x15f04	0x84
GetModuleHandleA	-	0x414078	0x17708	0x15f08	0x1f6
GetStringTypeW	-	0x41407c	0x1770c	0x15f0c	0x240
GetVersionExA	-	0x414080	0x17710	0x15f10	0x275
ReadConsoleInputW	-	0x414084	0x17714	0x15f14	0x360
EnumSystemLocalesW	-	0x414088	0x17718	0x15f18	0xfa
CreateThread	-	0x41408c	0x1771c	0x15f1c	0xa3
HeapAlloc	-	0x414090	0x17720	0x15f20	0x29d
GetCommandLineA	-	0x414094	0x17724	0x15f24	0x16f
GetStartupInfoA	-	0x414098	0x17728	0x15f28	0x239
RtlUnwind	-	0x41409c	0x1772c	0x15f2c	0x392
TerminateProcess	-	0x4140a0	0x17730	0x15f30	0x42d
GetCurrentProcess	-	0x4140a4	0x17734	0x15f34	0x1a9
UnhandledExceptionFilter	-	0x4140a8	0x17738	0x15f38	0x43e
SetUnhandledExceptionFilter	-	0x4140ac	0x1773c	0x15f3c	0x415
IsDebuggerPresent	-	0x4140b0	0x17740	0x15f40	0x2d1
HeapFree	-	0x4140b4	0x17744	0x15f44	0x2a1
DeleteCriticalSection	-	0x4140b8	0x17748	0x15f48	0xbe
LeaveCriticalSection	-	0x4140bc	0x1774c	0x15f4c	0x2ef
EnterCriticalSection	-	0x4140c0	0x17750	0x15f50	0xd9
VirtualFree	-	0x4140c4	0x17754	0x15f54	0x457
HeapReAlloc	-	0x4140c8	0x17758	0x15f58	0x2a4
HeapCreate	-	0x4140cc	0x1775c	0x15f5c	0x29f
GetModuleHandleW	-	0x4140d0	0x17760	0x15f60	0x1f9
ExitProcess	-	0x4140d4	0x17764	0x15f64	0x104
WriteFile	-	0x4140d8	0x17768	0x15f68	0x48d
GetStdHandle	-	0x4140dc	0x1776c	0x15f6c	0x23b
SetHandleCount	-	0x4140e0	0x17770	0x15f70	0x3e8
SetFilePointer	-	0x4140e4	0x17774	0x15f74	0x3df
TlsGetValue	-	0x4140e8	0x17778	0x15f78	0x434
TlsAlloc	-	0x4140ec	0x1777c	0x15f7c	0x432
TlsSetValue	-	0x4140f0	0x17780	0x15f80	0x435
TlsFree	-	0x4140f4	0x17784	0x15f84	0x433
InterlockedIncrement	-	0x4140f8	0x17788	0x15f88	0x2c0
SetLastError	-	0x4140fc	0x1778c	0x15f8c	0x3ec
GetCurrentThreadId	-	0x414100	0x17790	0x15f90	0x1ad
CloseHandle	-	0x414104	0x17794	0x15f94	0x43
FreeEnvironmentStringsA	-	0x414108	0x17798	0x15f98	0x14a
GetEnvironmentStrings	-	0x41410c	0x1779c	0x15f9c	0x1bf
FreeEnvironmentStringsW	-	0x414110	0x177a0	0x15fa0	0x14b
WideCharToMultiByte	-	0x414114	0x177a4	0x15fa4	0x47a
GetEnvironmentStringsW	-	0x414118	0x177a8	0x15fa8	0x1c1
QueryPerformanceCounter	-	0x41411c	0x177ac	0x15fac	0x354
GetTickCount	-	0x414120	0x177b0	0x15fb0	0x266
GetCurrentProcessId	-	0x414124	0x177b4	0x15fb4	0x1aa
GetSystemTimeAsFileTime	-	0x414128	0x177b8	0x15fb8	0x24f
InitializeCriticalSectionAndSpinCount	-	0x41412c	0x177bc	0x15fbc	0x2b5
LoadLibraryA	-	0x414130	0x177c0	0x15fc0	0x2f1
GetCPInfo	-	0x414134	0x177c4	0x15fc4	0x15b
GetACP	-	0x414138	0x177c8	0x15fc8	0x152
GetOEMCP	-	0x41413c	0x177cc	0x15fcc	0x213
IsValidCodePage	-	0x414140	0x177d0	0x15fd0	0x2db
CreateFileA	-	0x414144	0x177d4	0x15fd4	0x78
SetStdHandle	-	0x414148	0x177d8	0x15fd8	0x3fc
GetConsoleCP	-	0x41414c	0x177dc	0x15fdc	0x183
GetConsoleMode	-	0x414150	0x177e0	0x15fe0	0x195
FlushFileBuffers	-	0x414154	0x177e4	0x15fe4	0x141
HeapSize	-	0x414158	0x177e8	0x15fe8	0x2a6
LCMapStringA	-	0x41415c	0x177ec	0x15fec	0x2e1
MultiByteToWideChar	-	0x414160	0x177f0	0x15ff0	0x31a
LCMapStringW	-	0x414164	0x177f4	0x15ff4	0x2e3
GetStringTypeA	-	0x414168	0x177f8	0x15ff8	0x23d
SetEndOfFile	-	0x41416c	0x177fc	0x15ffc	0x3cd
GetProcessHeap	-	0x414170	0x17800	0x16000	0x223
ReadFile	-	0x414174	0x17804	0x16004	0x368
WriteConsoleA	-	0x414178	0x17808	0x16008	0x482
GetConsoleOutputCP	-	0x41417c	0x1780c	0x1600c	0x199
WriteConsoleW	-	0x414180	0x17810	0x16010	0x48c

Memory Dumps (9)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
eb023c854d3c8a24589e9294fd5d346e.virus.exe	1	0x00400000	0x0044DFFF	Relevant Image	32-bit	0x00404D54	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00020000	0x00028FFF	First Execution	32-bit	0x00020000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00030000	0x00038FFF	First Execution	32-bit	0x00030000	... Memory Dump Actions Go to Process Download Dump
buffer	2	0x00400000	0x00408FFF	First Execution	32-bit	0x00402F47	... Memory Dump Actions Go to Process Download Dump
eb023c854d3c8a24589e9294fd5d346e.virus.exe	1	0x00400000	0x0044DFFF	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	2	0x00400000	0x00408FFF	Content Changed	32-bit	0x004019A4	... Memory Dump Actions Go to Process Download Dump
buffer	2	0x00400000	0x00408FFF	Content Changed	32-bit	0x00402D03	... Memory Dump Actions Go to Process Download Dump
buffer	2	0x00210000	0x00215FFF	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	2	0x00400000	0x00408FFF	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Download Dump

Remarks (2/2)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

WHOIS Domain Information

Before

After