Malicious
Classifications
Injector Downloader
Threat Names
SmokeLoader Mal/HTMLGen-A Gen:Variant.Babar.29261 Generic.Andromeda.79093CCD +1
Dynamic Analysis Report
Created on 2021-11-18T10:30:00
c9f18cc71c7a1fa61d43a32dfb858f9aa247324a188f8182981b853266d3b1c7.exe
Windows Exe (x86-32)
Remarks (2/2)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "39 minutes, 49 seconds" to "3 seconds" to reveal dormant functionality.
(0x0200003A): A task was rescheduled ahead of time to reveal dormant functionality.
Remarks
(0x0200004A): 10 dumps were skipped because they exceeded the maximum dump size of 16 MB. The largest one was 27 MB.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\kEecfMwgj\Desktop\c9f18cc71c7a1fa61d43a32dfb858f9aa247324a188f8182981b853266d3b1c7.exe | Sample File | Binary |
malicious
|
...
|
»
| Also Known As | C:\Users\kEecfMwgj\AppData\Roaming\cdieedr (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 334.50 KB |
| MD5 |
743f8fec87ebf7c5d6b392261ec3988f
|
| SHA1 |
1bc862eecde55f2c1de69bc9e3fdd7468de373d0
|
| SHA256 |
c9f18cc71c7a1fa61d43a32dfb858f9aa247324a188f8182981b853266d3b1c7
|
| SSDeep |
6144:B9LMytcasE/LEUZ/TPrMXiT1B18x93KX:ztcasE/L1jrMmH18x96X
|
| ImpHash |
b2e29795cf26e2405a95e142d139ea34
|
| Parser Error Remark | Static engine was unable to completely parse the analyzed file |
File Reputation Information
»
| Verdict |
malicious
|
AV Matches (1)
»
| Threat Name | Verdict |
|---|---|
| Gen:Variant.Babar.29261 |
malicious
|
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x41c180 |
| Size Of Code | 0x3a600 |
| Size Of Initialized Data | 0x1b9bc00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2020-09-23 19:34:29+00:00 |
Sections (4)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x3a4e4 | 0x3a600 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.0 |
| .data | 0x43c000 | 0x1b850a4 | 0x1a00 | 0x3aa00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.15 |
| .rsrc | 0x1fc2000 | 0x48d0 | 0x4a00 | 0x3c400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.12 |
| .reloc | 0x1fc7000 | 0x12b10 | 0x12c00 | 0x40e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 1.04 |
Imports (5)
»
KERNEL32.dll (114)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SetDllDirectoryW | - | 0x401008 | 0x3a8f0 | 0x39cf0 | 0x451 |
| InterlockedIncrement | - | 0x40100c | 0x3a8f4 | 0x39cf4 | 0x2ef |
| _lwrite | - | 0x401010 | 0x3a8f8 | 0x39cf8 | 0x53c |
| SetFirmwareEnvironmentVariableA | - | 0x401014 | 0x3a8fc | 0x39cfc | 0x46c |
| GetSystemWindowsDirectoryW | - | 0x401018 | 0x3a900 | 0x39d00 | 0x27c |
| GetNamedPipeHandleStateA | - | 0x40101c | 0x3a904 | 0x39d04 | 0x220 |
| SetHandleInformation | - | 0x401020 | 0x3a908 | 0x39d08 | 0x470 |
| GetComputerNameW | - | 0x401024 | 0x3a90c | 0x39d0c | 0x18f |
| GetModuleHandleW | - | 0x401028 | 0x3a910 | 0x39d10 | 0x218 |
| GetTickCount | - | 0x40102c | 0x3a914 | 0x39d14 | 0x293 |
| GetProcessHeap | - | 0x401030 | 0x3a918 | 0x39d18 | 0x24a |
| GetConsoleAliasesLengthA | - | 0x401034 | 0x3a91c | 0x39d1c | 0x197 |
| ConvertFiberToThread | - | 0x401038 | 0x3a920 | 0x39d20 | 0x6a |
| ReadConsoleW | - | 0x40103c | 0x3a924 | 0x39d24 | 0x3be |
| GetCompressedFileSizeW | - | 0x401040 | 0x3a928 | 0x39d28 | 0x18b |
| GetSystemWow64DirectoryA | - | 0x401044 | 0x3a92c | 0x39d2c | 0x27d |
| TlsSetValue | - | 0x401048 | 0x3a930 | 0x39d30 | 0x4c8 |
| LoadLibraryW | - | 0x40104c | 0x3a934 | 0x39d34 | 0x33f |
| GetConsoleMode | - | 0x401050 | 0x3a938 | 0x39d38 | 0x1ac |
| CopyFileW | - | 0x401054 | 0x3a93c | 0x39d3c | 0x75 |
| SetVolumeMountPointA | - | 0x401058 | 0x3a940 | 0x39d40 | 0x4aa |
| GetVersionExW | - | 0x40105c | 0x3a944 | 0x39d44 | 0x2a4 |
| HeapCreate | - | 0x401060 | 0x3a948 | 0x39d48 | 0x2cd |
| HeapValidate | - | 0x401064 | 0x3a94c | 0x39d4c | 0x2d7 |
| GetModuleFileNameW | - | 0x401068 | 0x3a950 | 0x39d50 | 0x214 |
| CreateActCtxA | - | 0x40106c | 0x3a954 | 0x39d54 | 0x77 |
| GetACP | - | 0x401070 | 0x3a958 | 0x39d58 | 0x168 |
| GetStartupInfoW | - | 0x401074 | 0x3a95c | 0x39d5c | 0x263 |
| WritePrivateProfileStringW | - | 0x401078 | 0x3a960 | 0x39d60 | 0x52b |
| VerifyVersionInfoW | - | 0x40107c | 0x3a964 | 0x39d64 | 0x4e8 |
| FindFirstFileExA | - | 0x401080 | 0x3a968 | 0x39d68 | 0x133 |
| GetLastError | - | 0x401084 | 0x3a96c | 0x39d6c | 0x202 |
| IsDBCSLeadByteEx | - | 0x401088 | 0x3a970 | 0x39d70 | 0x2ff |
| SetLastError | - | 0x40108c | 0x3a974 | 0x39d74 | 0x473 |
| SetWaitableTimer | - | 0x401090 | 0x3a978 | 0x39d78 | 0x4ac |
| CreateNamedPipeA | - | 0x401094 | 0x3a97c | 0x39d7c | 0x9f |
| CopyFileA | - | 0x401098 | 0x3a980 | 0x39d80 | 0x70 |
| FindClose | - | 0x40109c | 0x3a984 | 0x39d84 | 0x12e |
| GetPrivateProfileStringA | - | 0x4010a0 | 0x3a988 | 0x39d88 | 0x241 |
| ProcessIdToSessionId | - | 0x4010a4 | 0x3a98c | 0x39d8c | 0x399 |
| LocalAlloc | - | 0x4010a8 | 0x3a990 | 0x39d90 | 0x344 |
| IsWow64Process | - | 0x4010ac | 0x3a994 | 0x39d94 | 0x30e |
| SetCurrentDirectoryW | - | 0x4010b0 | 0x3a998 | 0x39d98 | 0x44d |
| GetVolumePathNamesForVolumeNameA | - | 0x4010b4 | 0x3a99c | 0x39d9c | 0x2ac |
| GetModuleFileNameA | - | 0x4010b8 | 0x3a9a0 | 0x39da0 | 0x213 |
| SetConsoleCursorInfo | - | 0x4010bc | 0x3a9a4 | 0x39da4 | 0x42f |
| GetProcessShutdownParameters | - | 0x4010c0 | 0x3a9a8 | 0x39da8 | 0x251 |
| FreeEnvironmentStringsW | - | 0x4010c4 | 0x3a9ac | 0x39dac | 0x161 |
| WriteProfileStringW | - | 0x4010c8 | 0x3a9b0 | 0x39db0 | 0x532 |
| BuildCommDCBA | - | 0x4010cc | 0x3a9b4 | 0x39db4 | 0x3a |
| VirtualProtect | - | 0x4010d0 | 0x3a9b8 | 0x39db8 | 0x4ef |
| CompareStringA | - | 0x4010d4 | 0x3a9bc | 0x39dbc | 0x61 |
| GetSystemRegistryQuota | - | 0x4010d8 | 0x3a9c0 | 0x39dc0 | 0x276 |
| ReadConsoleInputW | - | 0x4010dc | 0x3a9c4 | 0x39dc4 | 0x3b8 |
| FileTimeToLocalFileTime | - | 0x4010e0 | 0x3a9c8 | 0x39dc8 | 0x124 |
| CreateWaitableTimerA | - | 0x4010e4 | 0x3a9cc | 0x39dcc | 0xbf |
| GetSystemTime | - | 0x4010e8 | 0x3a9d0 | 0x39dd0 | 0x277 |
| TlsFree | - | 0x4010ec | 0x3a9d4 | 0x39dd4 | 0x4c6 |
| CommConfigDialogW | - | 0x4010f0 | 0x3a9d8 | 0x39dd8 | 0x5e |
| CloseHandle | - | 0x4010f4 | 0x3a9dc | 0x39ddc | 0x52 |
| CreateFileW | - | 0x4010f8 | 0x3a9e0 | 0x39de0 | 0x8f |
| SetStdHandle | - | 0x4010fc | 0x3a9e4 | 0x39de4 | 0x487 |
| GetConsoleCP | - | 0x401100 | 0x3a9e8 | 0x39de8 | 0x19a |
| SetFilePointer | - | 0x401104 | 0x3a9ec | 0x39dec | 0x466 |
| LCMapStringW | - | 0x401108 | 0x3a9f0 | 0x39df0 | 0x32d |
| OutputDebugStringW | - | 0x40110c | 0x3a9f4 | 0x39df4 | 0x38a |
| WriteConsoleW | - | 0x401110 | 0x3a9f8 | 0x39df8 | 0x524 |
| FlushFileBuffers | - | 0x401114 | 0x3a9fc | 0x39dfc | 0x157 |
| GetLongPathNameA | - | 0x401118 | 0x3aa00 | 0x39e00 | 0x20c |
| WriteConsoleInputW | - | 0x40111c | 0x3aa04 | 0x39e04 | 0x51e |
| OutputDebugStringA | - | 0x401120 | 0x3aa08 | 0x39e08 | 0x389 |
| InterlockedDecrement | - | 0x401124 | 0x3aa0c | 0x39e0c | 0x2eb |
| InitializeCriticalSection | - | 0x401128 | 0x3aa10 | 0x39e10 | 0x2e2 |
| DeleteCriticalSection | - | 0x40112c | 0x3aa14 | 0x39e14 | 0xd1 |
| EnterCriticalSection | - | 0x401130 | 0x3aa18 | 0x39e18 | 0xee |
| LeaveCriticalSection | - | 0x401134 | 0x3aa1c | 0x39e1c | 0x339 |
| EncodePointer | - | 0x401138 | 0x3aa20 | 0x39e20 | 0xea |
| DecodePointer | - | 0x40113c | 0x3aa24 | 0x39e24 | 0xca |
| GetCommandLineA | - | 0x401140 | 0x3aa28 | 0x39e28 | 0x186 |
| HeapSetInformation | - | 0x401144 | 0x3aa2c | 0x39e2c | 0x2d3 |
| IsBadReadPtr | - | 0x401148 | 0x3aa30 | 0x39e30 | 0x2f7 |
| RaiseException | - | 0x40114c | 0x3aa34 | 0x39e34 | 0x3b1 |
| RtlUnwind | - | 0x401150 | 0x3aa38 | 0x39e38 | 0x418 |
| IsProcessorFeaturePresent | - | 0x401154 | 0x3aa3c | 0x39e3c | 0x304 |
| InitializeCriticalSectionAndSpinCount | - | 0x401158 | 0x3aa40 | 0x39e40 | 0x2e3 |
| SetUnhandledExceptionFilter | - | 0x40115c | 0x3aa44 | 0x39e44 | 0x4a5 |
| QueryPerformanceCounter | - | 0x401160 | 0x3aa48 | 0x39e48 | 0x3a7 |
| GetCurrentThreadId | - | 0x401164 | 0x3aa4c | 0x39e4c | 0x1c5 |
| GetCurrentProcessId | - | 0x401168 | 0x3aa50 | 0x39e50 | 0x1c1 |
| GetSystemTimeAsFileTime | - | 0x40116c | 0x3aa54 | 0x39e54 | 0x279 |
| GetProcAddress | - | 0x401170 | 0x3aa58 | 0x39e58 | 0x245 |
| ExitProcess | - | 0x401174 | 0x3aa5c | 0x39e5c | 0x119 |
| WideCharToMultiByte | - | 0x401178 | 0x3aa60 | 0x39e60 | 0x511 |
| GetEnvironmentStringsW | - | 0x40117c | 0x3aa64 | 0x39e64 | 0x1da |
| SetHandleCount | - | 0x401180 | 0x3aa68 | 0x39e68 | 0x46f |
| GetStdHandle | - | 0x401184 | 0x3aa6c | 0x39e6c | 0x264 |
| GetFileType | - | 0x401188 | 0x3aa70 | 0x39e70 | 0x1f3 |
| TlsAlloc | - | 0x40118c | 0x3aa74 | 0x39e74 | 0x4c5 |
| TlsGetValue | - | 0x401190 | 0x3aa78 | 0x39e78 | 0x4c7 |
| WriteFile | - | 0x401194 | 0x3aa7c | 0x39e7c | 0x525 |
| HeapAlloc | - | 0x401198 | 0x3aa80 | 0x39e80 | 0x2cb |
| HeapReAlloc | - | 0x40119c | 0x3aa84 | 0x39e84 | 0x2d2 |
| HeapSize | - | 0x4011a0 | 0x3aa88 | 0x39e88 | 0x2d4 |
| HeapQueryInformation | - | 0x4011a4 | 0x3aa8c | 0x39e8c | 0x2d1 |
| TerminateProcess | - | 0x4011a8 | 0x3aa90 | 0x39e90 | 0x4c0 |
| GetCurrentProcess | - | 0x4011ac | 0x3aa94 | 0x39e94 | 0x1c0 |
| UnhandledExceptionFilter | - | 0x4011b0 | 0x3aa98 | 0x39e98 | 0x4d3 |
| IsDebuggerPresent | - | 0x4011b4 | 0x3aa9c | 0x39e9c | 0x300 |
| HeapFree | - | 0x4011b8 | 0x3aaa0 | 0x39ea0 | 0x2cf |
| GetOEMCP | - | 0x4011bc | 0x3aaa4 | 0x39ea4 | 0x237 |
| GetCPInfo | - | 0x4011c0 | 0x3aaa8 | 0x39ea8 | 0x172 |
| IsValidCodePage | - | 0x4011c4 | 0x3aaac | 0x39eac | 0x30a |
| GetStringTypeW | - | 0x4011c8 | 0x3aab0 | 0x39eb0 | 0x269 |
| MultiByteToWideChar | - | 0x4011cc | 0x3aab4 | 0x39eb4 | 0x367 |
USER32.dll (9)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetMessageTime | - | 0x4011dc | 0x3aac4 | 0x39ec4 | 0x15c |
| GetCaretBlinkTime | - | 0x4011e0 | 0x3aac8 | 0x39ec8 | 0x109 |
| GetMenuItemID | - | 0x4011e4 | 0x3aacc | 0x39ecc | 0x152 |
| GetMenuBarInfo | - | 0x4011e8 | 0x3aad0 | 0x39ed0 | 0x14c |
| GetMonitorInfoA | - | 0x4011ec | 0x3aad4 | 0x39ed4 | 0x15e |
| GetCursorInfo | - | 0x4011f0 | 0x3aad8 | 0x39ed8 | 0x11f |
| GetListBoxInfo | - | 0x4011f4 | 0x3aadc | 0x39edc | 0x147 |
| GetMenuInfo | - | 0x4011f8 | 0x3aae0 | 0x39ee0 | 0x150 |
| GetComboBoxInfo | - | 0x4011fc | 0x3aae4 | 0x39ee4 | 0x11c |
GDI32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetBitmapBits | - | 0x401000 | 0x3a8e8 | 0x39ce8 | 0x1a7 |
WINHTTP.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WinHttpWriteData | - | 0x401204 | 0x3aaec | 0x39eec | 0x1f |
MSIMG32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GradientFill | - | 0x4011d4 | 0x3aabc | 0x39ebc | 0x2 |
Memory Dumps (6)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|---|
| buffer | 1 | 0x02194430 | 0x021A38FF | First Execution |
|
32-bit | 0x02197E89 |
|
|
...
|
| buffer | 1 | 0x00210000 | 0x00218FFF | First Execution |
|
32-bit | 0x00210000 |
|
|
...
|
| buffer | 2 | 0x00400000 | 0x00408FFF | First Execution |
|
32-bit | 0x00402DD8 |
|
|
...
|
| buffer | 2 | 0x00400000 | 0x00408FFF | Content Changed |
|
32-bit | 0x004026DE |
|
|
...
|
| buffer | 2 | 0x00400000 | 0x00408FFF | Content Changed |
|
32-bit | 0x00401849 |
|
|
...
|
| buffer | 2 | 0x00400000 | 0x00408FFF | Content Changed |
|
32-bit | 0x00402B9F |
|
|
...
|
