Malicious
Classifications
Downloader Injector
Threat Names
SmokeLoader Mal/HTMLGen-A Gen:Variant.Fragtor.35416 Generic.Andromeda.D4A614B0 +2
Dynamic Analysis Report
Created on 2021-10-27T11:59:00
d836a03e0b7eeabbc971de7d3e6fcc11bf06e13e633d11118c7429b3abb3c4ed.exe
Windows Exe (x86-32)
Remarks (2/2)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "51 minutes, 59 seconds" to "9 seconds" to reveal dormant functionality.
(0x0200003A): A task was rescheduled ahead of time to reveal dormant functionality.
Remarks
(0x0200004A): 6 dumps were skipped because they exceeded the maximum dump size of 7 MB. The largest one was 42 MB.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\RDhJ0CNFevzX\Desktop\d836a03e0b7eeabbc971de7d3e6fcc11bf06e13e633d11118c7429b3abb3c4ed.exe | Sample File | Binary |
malicious
|
...
|
»
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\bcatcih (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 185.50 KB |
| MD5 |
36f662b3c9a54c0c2427602f1463eb69
|
| SHA1 |
7e46615097282ac51ef08d3e4ac7d65ce6684a07
|
| SHA256 |
d836a03e0b7eeabbc971de7d3e6fcc11bf06e13e633d11118c7429b3abb3c4ed
|
| SSDeep |
3072:5+d4MmCHgQlJeblXMLQPAkilxUj3RMsOEd7lj/CrzeuVMO6P2+BwvHJ3/Rg:Ad4aHgaulXyQ4kicim9/C+ynVP
|
| ImpHash |
fa148d0c70a978454538a9c9c0513fc1
|
AV Matches (1)
»
| Threat Name | Verdict |
|---|---|
| Gen:Variant.Fragtor.35416 |
malicious
|
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x402738 |
| Size Of Code | 0x11a00 |
| Size Of Initialized Data | 0x2ae7000 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2020-10-01 13:06:42+00:00 |
Version Information (3)
»
| InternalName | nomgpiarica.iwa |
| Copyright | Copyrighz (C) 2021, fudkagat |
| ProductVersion | 91.40.21.88 |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x11955 | 0x11a00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.48 |
| .rdata | 0x413000 | 0x45f8 | 0x4600 | 0x11e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.06 |
| .data | 0x418000 | 0x2ac3cd0 | 0x1400 | 0x16400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.15 |
| .befifup | 0x2edc000 | 0x272 | 0x400 | 0x17800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 0.0 |
| .rsrc | 0x2edd000 | 0x16978 | 0x16a00 | 0x17c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.41 |
Imports (2)
»
KERNEL32.dll (91)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| LoadLibraryExW | - | 0x413008 | 0x16de0 | 0x15be0 | 0x33e |
| GetEnvironmentStringsW | - | 0x41300c | 0x16de4 | 0x15be4 | 0x1da |
| SetEvent | - | 0x413010 | 0x16de8 | 0x15be8 | 0x459 |
| GetTickCount | - | 0x413014 | 0x16dec | 0x15bec | 0x293 |
| ReadConsoleW | - | 0x413018 | 0x16df0 | 0x15bf0 | 0x3be |
| FindActCtxSectionStringA | - | 0x41301c | 0x16df4 | 0x15bf4 | 0x12a |
| CreateActCtxW | - | 0x413020 | 0x16df8 | 0x15bf8 | 0x78 |
| Sleep | - | 0x413024 | 0x16dfc | 0x15bfc | 0x4b2 |
| FindNextVolumeW | - | 0x413028 | 0x16e00 | 0x15c00 | 0x14a |
| GetMailslotInfo | - | 0x41302c | 0x16e04 | 0x15c04 | 0x210 |
| GetModuleFileNameW | - | 0x413030 | 0x16e08 | 0x15c08 | 0x214 |
| Module32First | - | 0x413034 | 0x16e0c | 0x15c0c | 0x35a |
| GetCPInfoExW | - | 0x413038 | 0x16e10 | 0x15c10 | 0x174 |
| GetLastError | - | 0x41303c | 0x16e14 | 0x15c14 | 0x202 |
| GetProcAddress | - | 0x413040 | 0x16e18 | 0x15c18 | 0x245 |
| VirtualAlloc | - | 0x413044 | 0x16e1c | 0x15c1c | 0x4e9 |
| GetAtomNameA | - | 0x413048 | 0x16e20 | 0x15c20 | 0x16d |
| LoadLibraryA | - | 0x41304c | 0x16e24 | 0x15c24 | 0x33c |
| WriteConsoleA | - | 0x413050 | 0x16e28 | 0x15c28 | 0x51a |
| LocalAlloc | - | 0x413054 | 0x16e2c | 0x15c2c | 0x344 |
| BeginUpdateResourceA | - | 0x413058 | 0x16e30 | 0x15c30 | 0x37 |
| SetEnvironmentVariableA | - | 0x41305c | 0x16e34 | 0x15c34 | 0x456 |
| SetConsoleTitleW | - | 0x413060 | 0x16e38 | 0x15c38 | 0x448 |
| EraseTape | - | 0x413064 | 0x16e3c | 0x15c3c | 0x117 |
| GetProcessAffinityMask | - | 0x413068 | 0x16e40 | 0x15c40 | 0x246 |
| SetProcessShutdownParameters | - | 0x41306c | 0x16e44 | 0x15c44 | 0x483 |
| ReleaseMutex | - | 0x413070 | 0x16e48 | 0x15c48 | 0x3fa |
| EndUpdateResourceA | - | 0x413074 | 0x16e4c | 0x15c4c | 0xec |
| GetVersionExA | - | 0x413078 | 0x16e50 | 0x15c50 | 0x2a3 |
| DeleteAtom | - | 0x41307c | 0x16e54 | 0x15c54 | 0xcf |
| FindNextVolumeA | - | 0x413080 | 0x16e58 | 0x15c58 | 0x147 |
| lstrcpyW | - | 0x413084 | 0x16e5c | 0x15c5c | 0x548 |
| LCMapStringW | - | 0x413088 | 0x16e60 | 0x15c60 | 0x32d |
| HeapReAlloc | - | 0x41308c | 0x16e64 | 0x15c64 | 0x2d2 |
| EncodePointer | - | 0x413090 | 0x16e68 | 0x15c68 | 0xea |
| DecodePointer | - | 0x413094 | 0x16e6c | 0x15c6c | 0xca |
| GetCommandLineA | - | 0x413098 | 0x16e70 | 0x15c70 | 0x186 |
| HeapSetInformation | - | 0x41309c | 0x16e74 | 0x15c74 | 0x2d3 |
| GetStartupInfoW | - | 0x4130a0 | 0x16e78 | 0x15c78 | 0x263 |
| RaiseException | - | 0x4130a4 | 0x16e7c | 0x15c7c | 0x3b1 |
| UnhandledExceptionFilter | - | 0x4130a8 | 0x16e80 | 0x15c80 | 0x4d3 |
| SetUnhandledExceptionFilter | - | 0x4130ac | 0x16e84 | 0x15c84 | 0x4a5 |
| IsDebuggerPresent | - | 0x4130b0 | 0x16e88 | 0x15c88 | 0x300 |
| TerminateProcess | - | 0x4130b4 | 0x16e8c | 0x15c8c | 0x4c0 |
| GetCurrentProcess | - | 0x4130b8 | 0x16e90 | 0x15c90 | 0x1c0 |
| HeapAlloc | - | 0x4130bc | 0x16e94 | 0x15c94 | 0x2cb |
| HeapFree | - | 0x4130c0 | 0x16e98 | 0x15c98 | 0x2cf |
| IsProcessorFeaturePresent | - | 0x4130c4 | 0x16e9c | 0x15c9c | 0x304 |
| TlsAlloc | - | 0x4130c8 | 0x16ea0 | 0x15ca0 | 0x4c5 |
| TlsGetValue | - | 0x4130cc | 0x16ea4 | 0x15ca4 | 0x4c7 |
| TlsSetValue | - | 0x4130d0 | 0x16ea8 | 0x15ca8 | 0x4c8 |
| TlsFree | - | 0x4130d4 | 0x16eac | 0x15cac | 0x4c6 |
| InterlockedIncrement | - | 0x4130d8 | 0x16eb0 | 0x15cb0 | 0x2ef |
| GetModuleHandleW | - | 0x4130dc | 0x16eb4 | 0x15cb4 | 0x218 |
| SetLastError | - | 0x4130e0 | 0x16eb8 | 0x15cb8 | 0x473 |
| GetCurrentThreadId | - | 0x4130e4 | 0x16ebc | 0x15cbc | 0x1c5 |
| InterlockedDecrement | - | 0x4130e8 | 0x16ec0 | 0x15cc0 | 0x2eb |
| ReadFile | - | 0x4130ec | 0x16ec4 | 0x15cc4 | 0x3c0 |
| EnterCriticalSection | - | 0x4130f0 | 0x16ec8 | 0x15cc8 | 0xee |
| LeaveCriticalSection | - | 0x4130f4 | 0x16ecc | 0x15ccc | 0x339 |
| SetHandleCount | - | 0x4130f8 | 0x16ed0 | 0x15cd0 | 0x46f |
| GetStdHandle | - | 0x4130fc | 0x16ed4 | 0x15cd4 | 0x264 |
| InitializeCriticalSectionAndSpinCount | - | 0x413100 | 0x16ed8 | 0x15cd8 | 0x2e3 |
| GetFileType | - | 0x413104 | 0x16edc | 0x15cdc | 0x1f3 |
| DeleteCriticalSection | - | 0x413108 | 0x16ee0 | 0x15ce0 | 0xd1 |
| SetFilePointer | - | 0x41310c | 0x16ee4 | 0x15ce4 | 0x466 |
| CloseHandle | - | 0x413110 | 0x16ee8 | 0x15ce8 | 0x52 |
| ExitProcess | - | 0x413114 | 0x16eec | 0x15cec | 0x119 |
| WriteFile | - | 0x413118 | 0x16ef0 | 0x15cf0 | 0x525 |
| GetModuleFileNameA | - | 0x41311c | 0x16ef4 | 0x15cf4 | 0x213 |
| FreeEnvironmentStringsW | - | 0x413120 | 0x16ef8 | 0x15cf8 | 0x161 |
| WideCharToMultiByte | - | 0x413124 | 0x16efc | 0x15cfc | 0x511 |
| HeapCreate | - | 0x413128 | 0x16f00 | 0x15d00 | 0x2cd |
| QueryPerformanceCounter | - | 0x41312c | 0x16f04 | 0x15d04 | 0x3a7 |
| GetCurrentProcessId | - | 0x413130 | 0x16f08 | 0x15d08 | 0x1c1 |
| GetSystemTimeAsFileTime | - | 0x413134 | 0x16f0c | 0x15d0c | 0x279 |
| GetConsoleCP | - | 0x413138 | 0x16f10 | 0x15d10 | 0x19a |
| GetConsoleMode | - | 0x41313c | 0x16f14 | 0x15d14 | 0x1ac |
| GetCPInfo | - | 0x413140 | 0x16f18 | 0x15d18 | 0x172 |
| GetACP | - | 0x413144 | 0x16f1c | 0x15d1c | 0x168 |
| GetOEMCP | - | 0x413148 | 0x16f20 | 0x15d20 | 0x237 |
| IsValidCodePage | - | 0x41314c | 0x16f24 | 0x15d24 | 0x30a |
| MultiByteToWideChar | - | 0x413150 | 0x16f28 | 0x15d28 | 0x367 |
| RtlUnwind | - | 0x413154 | 0x16f2c | 0x15d2c | 0x418 |
| SetStdHandle | - | 0x413158 | 0x16f30 | 0x15d30 | 0x487 |
| FlushFileBuffers | - | 0x41315c | 0x16f34 | 0x15d34 | 0x157 |
| HeapSize | - | 0x413160 | 0x16f38 | 0x15d38 | 0x2d4 |
| LoadLibraryW | - | 0x413164 | 0x16f3c | 0x15d3c | 0x33f |
| WriteConsoleW | - | 0x413168 | 0x16f40 | 0x15d40 | 0x524 |
| GetStringTypeW | - | 0x41316c | 0x16f44 | 0x15d44 | 0x269 |
| CreateFileW | - | 0x413170 | 0x16f48 | 0x15d48 | 0x8f |
GDI32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetBitmapBits | - | 0x413000 | 0x16dd8 | 0x15bd8 | 0x1a7 |
Memory Dumps (5)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|---|
| buffer | 1 | 0x030E0000 | 0x030E7FFF | First Execution |
|
32-bit | 0x030E0000 |
|
|
...
|
| buffer | 1 | 0x030F0000 | 0x030F8FFF | First Execution |
|
32-bit | 0x030F0000 |
|
|
...
|
| buffer | 2 | 0x00400000 | 0x00408FFF | First Execution |
|
32-bit | 0x00402EE8 |
|
|
...
|
| buffer | 2 | 0x00400000 | 0x00408FFF | Content Changed |
|
32-bit | 0x0040196B |
|
|
...
|
| buffer | 2 | 0x00400000 | 0x00408FFF | Content Changed |
|
32-bit | 0x00402CC6 |
|
|
...
|
