Try VMRay Platform
Malicious
Classifications

Downloader Injector

Threat Names

SmokeLoader Mal/HTMLGen-A

Dynamic Analysis Report

Created on 2022-01-13T18:25:00

a7444553f8a8fe2702b6fd48008d6605.virus.exe

Windows Exe (x86-32)
...

Remarks (2/2)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "2 hours, 33 minutes, 9 seconds" to "31 seconds" to reveal dormant functionality.

(0x0200003A): A task was rescheduled ahead of time to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\a7444553f8a8fe2702b6fd48008d6605.virus.exe Sample File Binary
malicious
...
»
Also Known As C:\Users\RDhJ0CNFevzX\AppData\Roaming\bcatcih (Dropped File)
MIME Type application/vnd.microsoft.portable-executable
File Size 277.00 KB
MD5 a7444553f8a8fe2702b6fd48008d6605 Copy to Clipboard
SHA1 f6d3d6ccf728ae7ab39b7e29f21ae5bcc7fce98b Copy to Clipboard
SHA256 ba5303301925a877689b30efc36f872564f06906b2a61d7c3a7c955b0587d4f8 Copy to Clipboard
SSDeep 3072:AQAT6lATyGd4pXqYMER3QLSeuYerXcyGmofWrxpzbgqru:AQppHZQLSeNcbG/fuzbgwu Copy to Clipboard
ImpHash 6d4af36ccbaddaffd179ef41d42df9cf Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x403000
Size Of Code 0x12000
Size Of Initialized Data 0x3ae00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-08-21 09:03:59+00:00
Version Information (3)
»
InternationalName bomgvioci.iwa
Copyright Copyrighz (C) 2021, fudkort
ProjectVersion 3.10.70.57
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x11e13 0x12000 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.67
.rdata 0x413000 0x3f32 0x4000 0x12400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.41
.data 0x417000 0x281b8 0x22200 0x16400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.8
.rsrc 0x440000 0xcd20 0xce00 0x38600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.34
Imports (1)
»
KERNEL32.dll (97)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetConsoleAliasesLengthW - 0x413000 0x16690 0x15a90 0x181
GetLocaleInfoA - 0x413004 0x16694 0x15a94 0x1e8
SetComputerNameExA - 0x413008 0x16698 0x15a98 0x3a2
VirtualQuery - 0x41300c 0x1669c 0x15a9c 0x45c
GetDefaultCommConfigW - 0x413010 0x166a0 0x15aa0 0x1b2
FindResourceExW - 0x413014 0x166a4 0x15aa4 0x138
OpenJobObjectA - 0x413018 0x166a8 0x15aa8 0x32d
GetConsoleAliasA - 0x41301c 0x166ac 0x15aac 0x179
InterlockedDecrement - 0x413020 0x166b0 0x15ab0 0x2bc
CompareFileTime - 0x413024 0x166b4 0x15ab4 0x51
GetProfileSectionA - 0x413028 0x166b8 0x15ab8 0x231
GetConsoleAliasesA - 0x41302c 0x166bc 0x15abc 0x17f
GetConsoleTitleA - 0x413030 0x166c0 0x15ac0 0x19e
ReadConsoleW - 0x413034 0x166c4 0x15ac4 0x366
SetFileTime - 0x413038 0x166c8 0x15ac8 0x3e3
GlobalAlloc - 0x41303c 0x166cc 0x15acc 0x285
Sleep - 0x413040 0x166d0 0x15ad0 0x421
GetFileAttributesW - 0x413044 0x166d4 0x15ad4 0x1ce
GetAtomNameW - 0x413048 0x166d8 0x15ad8 0x156
SetConsoleTitleA - 0x41304c 0x166dc 0x15adc 0x3c1
RaiseException - 0x413050 0x166e0 0x15ae0 0x35a
GetLastError - 0x413054 0x166e4 0x15ae4 0x1e6
GetProcAddress - 0x413058 0x166e8 0x15ae8 0x220
GetLongPathNameA - 0x41305c 0x166ec 0x15aec 0x1ef
VirtualAlloc - 0x413060 0x166f0 0x15af0 0x454
PrepareTape - 0x413064 0x166f4 0x15af4 0x340
DnsHostnameToComputerNameA - 0x413068 0x166f8 0x15af8 0xce
GetFileType - 0x41306c 0x166fc 0x15afc 0x1d7
GetModuleFileNameA - 0x413070 0x16700 0x15b00 0x1f4
CreateIoCompletionPort - 0x413074 0x16704 0x15b04 0x84
GetModuleHandleA - 0x413078 0x16708 0x15b08 0x1f6
GetStringTypeW - 0x41307c 0x1670c 0x15b0c 0x240
GetVersionExA - 0x413080 0x16710 0x15b10 0x275
ReadConsoleInputW - 0x413084 0x16714 0x15b14 0x360
EnumSystemLocalesW - 0x413088 0x16718 0x15b18 0xfa
CreateThread - 0x41308c 0x1671c 0x15b1c 0xa3
HeapAlloc - 0x413090 0x16720 0x15b20 0x29d
GetCommandLineA - 0x413094 0x16724 0x15b24 0x16f
GetStartupInfoA - 0x413098 0x16728 0x15b28 0x239
RtlUnwind - 0x41309c 0x1672c 0x15b2c 0x392
TerminateProcess - 0x4130a0 0x16730 0x15b30 0x42d
GetCurrentProcess - 0x4130a4 0x16734 0x15b34 0x1a9
UnhandledExceptionFilter - 0x4130a8 0x16738 0x15b38 0x43e
SetUnhandledExceptionFilter - 0x4130ac 0x1673c 0x15b3c 0x415
IsDebuggerPresent - 0x4130b0 0x16740 0x15b40 0x2d1
HeapFree - 0x4130b4 0x16744 0x15b44 0x2a1
DeleteCriticalSection - 0x4130b8 0x16748 0x15b48 0xbe
LeaveCriticalSection - 0x4130bc 0x1674c 0x15b4c 0x2ef
EnterCriticalSection - 0x4130c0 0x16750 0x15b50 0xd9
VirtualFree - 0x4130c4 0x16754 0x15b54 0x457
HeapReAlloc - 0x4130c8 0x16758 0x15b58 0x2a4
HeapCreate - 0x4130cc 0x1675c 0x15b5c 0x29f
GetModuleHandleW - 0x4130d0 0x16760 0x15b60 0x1f9
ExitProcess - 0x4130d4 0x16764 0x15b64 0x104
WriteFile - 0x4130d8 0x16768 0x15b68 0x48d
GetStdHandle - 0x4130dc 0x1676c 0x15b6c 0x23b
SetHandleCount - 0x4130e0 0x16770 0x15b70 0x3e8
SetFilePointer - 0x4130e4 0x16774 0x15b74 0x3df
TlsGetValue - 0x4130e8 0x16778 0x15b78 0x434
TlsAlloc - 0x4130ec 0x1677c 0x15b7c 0x432
TlsSetValue - 0x4130f0 0x16780 0x15b80 0x435
TlsFree - 0x4130f4 0x16784 0x15b84 0x433
InterlockedIncrement - 0x4130f8 0x16788 0x15b88 0x2c0
SetLastError - 0x4130fc 0x1678c 0x15b8c 0x3ec
GetCurrentThreadId - 0x413100 0x16790 0x15b90 0x1ad
CloseHandle - 0x413104 0x16794 0x15b94 0x43
FreeEnvironmentStringsA - 0x413108 0x16798 0x15b98 0x14a
GetEnvironmentStrings - 0x41310c 0x1679c 0x15b9c 0x1bf
FreeEnvironmentStringsW - 0x413110 0x167a0 0x15ba0 0x14b
WideCharToMultiByte - 0x413114 0x167a4 0x15ba4 0x47a
GetEnvironmentStringsW - 0x413118 0x167a8 0x15ba8 0x1c1
QueryPerformanceCounter - 0x41311c 0x167ac 0x15bac 0x354
GetTickCount - 0x413120 0x167b0 0x15bb0 0x266
GetCurrentProcessId - 0x413124 0x167b4 0x15bb4 0x1aa
GetSystemTimeAsFileTime - 0x413128 0x167b8 0x15bb8 0x24f
InitializeCriticalSectionAndSpinCount - 0x41312c 0x167bc 0x15bbc 0x2b5
LoadLibraryA - 0x413130 0x167c0 0x15bc0 0x2f1
GetCPInfo - 0x413134 0x167c4 0x15bc4 0x15b
GetACP - 0x413138 0x167c8 0x15bc8 0x152
GetOEMCP - 0x41313c 0x167cc 0x15bcc 0x213
IsValidCodePage - 0x413140 0x167d0 0x15bd0 0x2db
CreateFileA - 0x413144 0x167d4 0x15bd4 0x78
SetStdHandle - 0x413148 0x167d8 0x15bd8 0x3fc
GetConsoleCP - 0x41314c 0x167dc 0x15bdc 0x183
GetConsoleMode - 0x413150 0x167e0 0x15be0 0x195
FlushFileBuffers - 0x413154 0x167e4 0x15be4 0x141
HeapSize - 0x413158 0x167e8 0x15be8 0x2a6
LCMapStringA - 0x41315c 0x167ec 0x15bec 0x2e1
MultiByteToWideChar - 0x413160 0x167f0 0x15bf0 0x31a
LCMapStringW - 0x413164 0x167f4 0x15bf4 0x2e3
GetStringTypeA - 0x413168 0x167f8 0x15bf8 0x23d
SetEndOfFile - 0x41316c 0x167fc 0x15bfc 0x3cd
GetProcessHeap - 0x413170 0x16800 0x15c00 0x223
ReadFile - 0x413174 0x16804 0x15c04 0x368
WriteConsoleA - 0x413178 0x16808 0x15c08 0x482
GetConsoleOutputCP - 0x41317c 0x1680c 0x15c0c 0x199
WriteConsoleW - 0x413180 0x16810 0x15c10 0x48c
Memory Dumps (11)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
a7444553f8a8fe2702b6fd48008d6605.virus.exe 1 0x00400000 0x0044CFFF Relevant Image False 32-bit 0x00407833 False
...
buffer 1 0x00030000 0x00038FFF First Execution False 32-bit 0x00030000 False
...
buffer 1 0x001C0000 0x001C8FFF First Execution False 32-bit 0x001C0000 False
...
buffer 2 0x00400000 0x00408FFF First Execution False 32-bit 0x00402F47 False
...
a7444553f8a8fe2702b6fd48008d6605.virus.exe 1 0x00400000 0x0044CFFF Process Termination False 32-bit - False
...
buffer 2 0x00400000 0x00408FFF Content Changed False 32-bit 0x0040283D False
...
buffer 2 0x00400000 0x00408FFF Content Changed False 32-bit 0x004019A4 False
...
buffer 2 0x00400000 0x00408FFF Content Changed False 32-bit 0x00402D03 False
...
buffer 2 0x01D40000 0x01D55FFF Marked Executable False 32-bit - True
...
buffer 2 0x001F0000 0x001F5FFF Process Termination False 32-bit - True
...
buffer 2 0x00400000 0x00408FFF Process Termination False 32-bit - False
...
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image