SmokeLoader | e997341ab242

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\b45bf93a4b27690392433619c5006e8b.virus.exe

Sample File

Binary

Also Known As	C:\Users\RDhJ0CNFevzX\AppData\Roaming\bcatcih (Dropped File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	312.50 KB
MD5	b45bf93a4b27690392433619c5006e8b
SHA1	9ec3ad4b028ab127e71fd755263dd0aa8a17260e
SHA256	e997341ab2422f5471f4c9f1df84f7a52e16fa38d64e6e0f4f94859cc234e2f8
SSDeep	6144:f4QIFL5D8E3weiB+aHjHvEaTvpwr9UopI2wPgnPHPYU:wQQp8yweXUvEkSJUaI2vnP
ImpHash	1edccb2e6808b6fbc3aa19660b738ec5

File Reputation Information

Verdict	malicious
Names	Mal/Generic-S

PE Information

Image Base	0x400000
Entry Point	0x41b6a0
Size Of Code	0x3e800
Size Of Initialized Data	0x12a800
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2021-05-18 22:41:38+00:00

Sections (7)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x3e732	0x3e800	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.96
.data	0x440000	0x11c988	0x1800	0x3ec00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	3.47
.semunil	0x55d000	0x5	0x200	0x40400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.wanexic	0x55e000	0xea	0x200	0x40600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.sutolac	0x55f000	0xd93	0xe00	0x40800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.rsrc	0x560000	0x83b8	0x8400	0x41600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.83
.reloc	0x569000	0x46f6	0x4800	0x49a00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	3.69

Imports (1)

KERNEL32.dll (207)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CallNamedPipeW	-	0x401000	0x3e3fc	0x3d7fc	0x30
TerminateProcess	-	0x401004	0x3e400	0x3d800	0x42d
GetExitCodeProcess	-	0x401008	0x3e404	0x3d804	0x1c5
GetVersionExW	-	0x40100c	0x3e408	0x3d808	0x276
SetConsoleCP	-	0x401010	0x3e40c	0x3d80c	0x3a6
GetConsoleAliasesLengthW	-	0x401014	0x3e410	0x3d810	0x181
GetDefaultCommConfigW	-	0x401018	0x3e414	0x3d814	0x1b2
FindFirstFileExW	-	0x40101c	0x3e418	0x3d818	0x11f
GetDriveTypeW	-	0x401020	0x3e41c	0x3d81c	0x1bb
FreeEnvironmentStringsA	-	0x401024	0x3e420	0x3d820	0x14a
SetProcessPriorityBoost	-	0x401028	0x3e424	0x3d824	0x3f8
SetVolumeMountPointW	-	0x40102c	0x3e428	0x3d828	0x41b
GetLongPathNameA	-	0x401030	0x3e42c	0x3d82c	0x1ef
CopyFileA	-	0x401034	0x3e430	0x3d830	0x60
TlsGetValue	-	0x401038	0x3e434	0x3d834	0x434
SetConsoleCursorInfo	-	0x40103c	0x3e438	0x3d838	0x3a9
SetComputerNameExA	-	0x401040	0x3e43c	0x3d83c	0x3a2
SystemTimeToTzSpecificLocalTime	-	0x401044	0x3e440	0x3d840	0x42b
FindAtomA	-	0x401048	0x3e444	0x3d844	0x117
ReleaseSemaphore	-	0x40104c	0x3e448	0x3d848	0x37b
GetNamedPipeHandleStateA	-	0x401050	0x3e44c	0x3d84c	0x201
CreateMailslotA	-	0x401054	0x3e450	0x3d850	0x88
BuildCommDCBAndTimeoutsW	-	0x401058	0x3e454	0x3d854	0x2d
VirtualProtect	-	0x40105c	0x3e458	0x3d858	0x45a
LoadLibraryA	-	0x401060	0x3e45c	0x3d85c	0x2f1
LocalAlloc	-	0x401064	0x3e460	0x3d860	0x2f9
TryEnterCriticalSection	-	0x401068	0x3e464	0x3d864	0x439
GetCommandLineW	-	0x40106c	0x3e468	0x3d868	0x170
InterlockedDecrement	-	0x401070	0x3e46c	0x3d86c	0x2bc
GetCalendarInfoA	-	0x401074	0x3e470	0x3d870	0x162
DeleteFileA	-	0x401078	0x3e474	0x3d874	0xc0
CreateActCtxW	-	0x40107c	0x3e478	0x3d878	0x68
CreateRemoteThread	-	0x401080	0x3e47c	0x3d87c	0x98
SetSystemTimeAdjustment	-	0x401084	0x3e480	0x3d880	0x401
GetPriorityClass	-	0x401088	0x3e484	0x3d884	0x215
WritePrivateProfileStringA	-	0x40108c	0x3e488	0x3d888	0x492
GetProcessHeaps	-	0x401090	0x3e48c	0x3d88c	0x224
GetProcessHeap	-	0x401094	0x3e490	0x3d890	0x223
GlobalUnWire	-	0x401098	0x3e494	0x3d894	0x295
ReadConsoleOutputCharacterW	-	0x40109c	0x3e498	0x3d898	0x364
GetStartupInfoW	-	0x4010a0	0x3e49c	0x3d89c	0x23a
GetDiskFreeSpaceExA	-	0x4010a4	0x3e4a0	0x3d8a0	0x1b5
GetCPInfoExA	-	0x4010a8	0x3e4a4	0x3d8a4	0x15c
GetWindowsDirectoryA	-	0x4010ac	0x3e4a8	0x3d8a8	0x280
GetSystemWow64DirectoryW	-	0x4010b0	0x3e4ac	0x3d8ac	0x254
GetLastError	-	0x4010b4	0x3e4b0	0x3d8b0	0x1e6
WriteProfileSectionW	-	0x4010b8	0x3e4b4	0x3d8b4	0x498
GetProfileStringA	-	0x4010bc	0x3e4b8	0x3d8b8	0x233
SetLastError	-	0x4010c0	0x3e4bc	0x3d8bc	0x3ec
DeleteVolumeMountPointA	-	0x4010c4	0x3e4c0	0x3d8c0	0xc8
DebugBreak	-	0x4010c8	0x3e4c4	0x3d8c4	0xb4
lstrcmpA	-	0x4010cc	0x3e4c8	0x3d8c8	0x4a9
WriteFile	-	0x4010d0	0x3e4cc	0x3d8cc	0x48d
SetConsoleMode	-	0x4010d4	0x3e4d0	0x3d8d0	0x3b7
GetVersion	-	0x4010d8	0x3e4d4	0x3d8d4	0x274
GetSystemWindowsDirectoryW	-	0x4010dc	0x3e4d8	0x3d8d8	0x252
GlobalFindAtomA	-	0x4010e0	0x3e4dc	0x3d8dc	0x288
FindCloseChangeNotification	-	0x4010e4	0x3e4e0	0x3d8e0	0x11a
GetTapeParameters	-	0x4010e8	0x3e4e4	0x3d8e4	0x255
SetMailslotInfo	-	0x4010ec	0x3e4e8	0x3d8e8	0x3f2
InterlockedExchange	-	0x4010f0	0x3e4ec	0x3d8ec	0x2bd
DefineDosDeviceW	-	0x4010f4	0x3e4f0	0x3d8f0	0xba
FindVolumeMountPointClose	-	0x4010f8	0x3e4f4	0x3d8f4	0x13b
EndUpdateResourceW	-	0x4010fc	0x3e4f8	0x3d8f8	0xd8
WriteConsoleW	-	0x401100	0x3e4fc	0x3d8fc	0x48c
GetSystemTimeAdjustment	-	0x401104	0x3e500	0x3d900	0x24e
WritePrivateProfileSectionA	-	0x401108	0x3e504	0x3d904	0x490
GetPrivateProfileStructW	-	0x40110c	0x3e508	0x3d908	0x21f
GetDriveTypeA	-	0x401110	0x3e50c	0x3d90c	0x1ba
GetFileAttributesExA	-	0x401114	0x3e510	0x3d910	0x1ca
MoveFileW	-	0x401118	0x3e514	0x3d914	0x316
GetVolumePathNameA	-	0x40111c	0x3e518	0x3d918	0x27c
GetConsoleMode	-	0x401120	0x3e51c	0x3d91c	0x195
HeapUnlock	-	0x401124	0x3e520	0x3d920	0x2a8
lstrcmpW	-	0x401128	0x3e524	0x3d924	0x4aa
SetDefaultCommConfigW	-	0x40112c	0x3e528	0x3d928	0x3c9
FindActCtxSectionStringA	-	0x401130	0x3e52c	0x3d92c	0x115
ResetEvent	-	0x401134	0x3e530	0x3d930	0x38a
GetThreadContext	-	0x401138	0x3e534	0x3d934	0x25c
MoveFileExW	-	0x40113c	0x3e538	0x3d938	0x313
GetProcAddress	-	0x401140	0x3e53c	0x3d93c	0x220
GlobalLock	-	0x401144	0x3e540	0x3d940	0x290
UnregisterWaitEx	-	0x401148	0x3e544	0x3d944	0x446
BuildCommDCBA	-	0x40114c	0x3e548	0x3d948	0x2b
PeekConsoleInputA	-	0x401150	0x3e54c	0x3d94c	0x33c
GetBinaryTypeW	-	0x401154	0x3e550	0x3d950	0x159
CreateSemaphoreW	-	0x401158	0x3e554	0x3d954	0x9c
TransmitCommChar	-	0x40115c	0x3e558	0x3d958	0x438
WaitNamedPipeA	-	0x401160	0x3e55c	0x3d95c	0x46a
GetPrivateProfileSectionNamesW	-	0x401164	0x3e560	0x3d960	0x21a
FindResourceExW	-	0x401168	0x3e564	0x3d964	0x138
EnumTimeFormatsW	-	0x40116c	0x3e568	0x3d968	0xfd
GetLocalTime	-	0x401170	0x3e56c	0x3d96c	0x1e7
CreateSemaphoreA	-	0x401174	0x3e570	0x3d970	0x99
FreeEnvironmentStringsW	-	0x401178	0x3e574	0x3d974	0x14b
GetPrivateProfileSectionW	-	0x40117c	0x3e578	0x3d978	0x21b
GetOverlappedResult	-	0x401180	0x3e57c	0x3d97c	0x214
SetFileShortNameW	-	0x401184	0x3e580	0x3d980	0x3e2
lstrcpyA	-	0x401188	0x3e584	0x3d984	0x4af
VerLanguageNameW	-	0x40118c	0x3e588	0x3d988	0x44e
SetThreadExecutionState	-	0x401190	0x3e58c	0x3d98c	0x407
SetSystemTime	-	0x401194	0x3e590	0x3d990	0x400
LockFile	-	0x401198	0x3e594	0x3d994	0x305
VerSetConditionMask	-	0x40119c	0x3e598	0x3d998	0x44f
GetConsoleAliasA	-	0x4011a0	0x3e59c	0x3d99c	0x179
FlushConsoleInputBuffer	-	0x4011a4	0x3e5a0	0x3d9a0	0x140
FreeConsole	-	0x4011a8	0x3e5a4	0x3d9a4	0x149
GetAtomNameW	-	0x4011ac	0x3e5a8	0x3d9a8	0x156
GetConsoleAliasExesLengthA	-	0x4011b0	0x3e5ac	0x3d9ac	0x17b
WriteConsoleInputW	-	0x4011b4	0x3e5b0	0x3d9b0	0x486
TransactNamedPipe	-	0x4011b8	0x3e5b4	0x3d9b4	0x437
EnumDateFormatsA	-	0x4011bc	0x3e5b8	0x3d9b8	0xdf
SetCommState	-	0x4011c0	0x3e5bc	0x3d9bc	0x39f
FileTimeToLocalFileTime	-	0x4011c4	0x3e5c0	0x3d9c0	0x10f
_lopen	-	0x4011c8	0x3e5c4	0x3d9c4	0x4a2
GetConsoleAliasExesLengthW	-	0x4011cc	0x3e5c8	0x3d9c8	0x17c
GetWriteWatch	-	0x4011d0	0x3e5cc	0x3d9cc	0x282
GetNumberOfConsoleInputEvents	-	0x4011d4	0x3e5d0	0x3d9d0	0x211
GetModuleHandleW	-	0x4011d8	0x3e5d4	0x3d9d4	0x1f9
WriteConsoleOutputCharacterA	-	0x4011dc	0x3e5d8	0x3d9d8	0x489
HeapFree	-	0x4011e0	0x3e5dc	0x3d9dc	0x2a1
OpenMutexW	-	0x4011e4	0x3e5e0	0x3d9e0	0x330
LocalLock	-	0x4011e8	0x3e5e4	0x3d9e4	0x2ff
GetCommMask	-	0x4011ec	0x3e5e8	0x3d9e8	0x16a
SetEndOfFile	-	0x4011f0	0x3e5ec	0x3d9ec	0x3cd
FindClose	-	0x4011f4	0x3e5f0	0x3d9f0	0x119
CreateIoCompletionPort	-	0x4011f8	0x3e5f4	0x3d9f4	0x84
SetFileApisToANSI	-	0x4011fc	0x3e5f8	0x3d9f8	0x3d5
CancelWaitableTimer	-	0x401200	0x3e5fc	0x3d9fc	0x38
GetProcessHandleCount	-	0x401204	0x3e600	0x3da00	0x222
UnregisterWait	-	0x401208	0x3e604	0x3da04	0x445
GetProcessVersion	-	0x40120c	0x3e608	0x3da08	0x22b
lstrcpynA	-	0x401210	0x3e60c	0x3da0c	0x4b2
GetNamedPipeInfo	-	0x401214	0x3e610	0x3da10	0x203
GetCompressedFileSizeA	-	0x401218	0x3e614	0x3da14	0x171
FindNextVolumeMountPointW	-	0x40121c	0x3e618	0x3da18	0x134
GetFullPathNameA	-	0x401220	0x3e61c	0x3da1c	0x1dc
WriteProfileStringA	-	0x401224	0x3e620	0x3da20	0x499
DeleteAtom	-	0x401228	0x3e624	0x3da24	0xbc
GlobalAddAtomW	-	0x40122c	0x3e628	0x3da28	0x284
TerminateJobObject	-	0x401230	0x3e62c	0x3da2c	0x42c
QueryDosDeviceW	-	0x401234	0x3e630	0x3da30	0x34e
InitializeCriticalSection	-	0x401238	0x3e634	0x3da34	0x2b4
Process32NextW	-	0x40123c	0x3e638	0x3da38	0x346
SetCurrentDirectoryA	-	0x401240	0x3e63c	0x3da3c	0x3c6
GetBinaryTypeA	-	0x401244	0x3e640	0x3da40	0x158
MoveFileA	-	0x401248	0x3e644	0x3da44	0x311
RaiseException	-	0x40124c	0x3e648	0x3da48	0x35a
HeapValidate	-	0x401250	0x3e64c	0x3da4c	0x2a9
IsBadReadPtr	-	0x401254	0x3e650	0x3da50	0x2c8
DeleteCriticalSection	-	0x401258	0x3e654	0x3da54	0xbe
EnterCriticalSection	-	0x40125c	0x3e658	0x3da58	0xd9
LeaveCriticalSection	-	0x401260	0x3e65c	0x3da5c	0x2ef
GetModuleFileNameW	-	0x401264	0x3e660	0x3da60	0x1f5
GetModuleHandleA	-	0x401268	0x3e664	0x3da64	0x1f6
GetCurrentProcess	-	0x40126c	0x3e668	0x3da68	0x1a9
UnhandledExceptionFilter	-	0x401270	0x3e66c	0x3da6c	0x43e
SetUnhandledExceptionFilter	-	0x401274	0x3e670	0x3da70	0x415
IsDebuggerPresent	-	0x401278	0x3e674	0x3da74	0x2d1
InterlockedIncrement	-	0x40127c	0x3e678	0x3da78	0x2c0
GetACP	-	0x401280	0x3e67c	0x3da7c	0x152
GetOEMCP	-	0x401284	0x3e680	0x3da80	0x213
GetCPInfo	-	0x401288	0x3e684	0x3da84	0x15b
IsValidCodePage	-	0x40128c	0x3e688	0x3da88	0x2db
TlsAlloc	-	0x401290	0x3e68c	0x3da8c	0x432
TlsSetValue	-	0x401294	0x3e690	0x3da90	0x435
GetCurrentThreadId	-	0x401298	0x3e694	0x3da94	0x1ad
TlsFree	-	0x40129c	0x3e698	0x3da98	0x433
Sleep	-	0x4012a0	0x3e69c	0x3da9c	0x421
ExitProcess	-	0x4012a4	0x3e6a0	0x3daa0	0x104
SetHandleCount	-	0x4012a8	0x3e6a4	0x3daa4	0x3e8
GetStdHandle	-	0x4012ac	0x3e6a8	0x3daa8	0x23b
GetFileType	-	0x4012b0	0x3e6ac	0x3daac	0x1d7
GetStartupInfoA	-	0x4012b4	0x3e6b0	0x3dab0	0x239
QueryPerformanceCounter	-	0x4012b8	0x3e6b4	0x3dab4	0x354
GetTickCount	-	0x4012bc	0x3e6b8	0x3dab8	0x266
GetCurrentProcessId	-	0x4012c0	0x3e6bc	0x3dabc	0x1aa
GetSystemTimeAsFileTime	-	0x4012c4	0x3e6c0	0x3dac0	0x24f
GetEnvironmentStringsW	-	0x4012c8	0x3e6c4	0x3dac4	0x1c1
HeapDestroy	-	0x4012cc	0x3e6c8	0x3dac8	0x2a0
HeapCreate	-	0x4012d0	0x3e6cc	0x3dacc	0x29f
VirtualFree	-	0x4012d4	0x3e6d0	0x3dad0	0x457
GetModuleFileNameA	-	0x4012d8	0x3e6d4	0x3dad4	0x1f4
HeapAlloc	-	0x4012dc	0x3e6d8	0x3dad8	0x29d
HeapSize	-	0x4012e0	0x3e6dc	0x3dadc	0x2a6
HeapReAlloc	-	0x4012e4	0x3e6e0	0x3dae0	0x2a4
VirtualAlloc	-	0x4012e8	0x3e6e4	0x3dae4	0x454
RtlUnwind	-	0x4012ec	0x3e6e8	0x3dae8	0x392
InitializeCriticalSectionAndSpinCount	-	0x4012f0	0x3e6ec	0x3daec	0x2b5
OutputDebugStringA	-	0x4012f4	0x3e6f0	0x3daf0	0x33a
OutputDebugStringW	-	0x4012f8	0x3e6f4	0x3daf4	0x33b
LoadLibraryW	-	0x4012fc	0x3e6f8	0x3daf8	0x2f4
MultiByteToWideChar	-	0x401300	0x3e6fc	0x3dafc	0x31a
GetStringTypeA	-	0x401304	0x3e700	0x3db00	0x23d
GetStringTypeW	-	0x401308	0x3e704	0x3db04	0x240
WideCharToMultiByte	-	0x40130c	0x3e708	0x3db08	0x47a
LCMapStringA	-	0x401310	0x3e70c	0x3db0c	0x2e1
LCMapStringW	-	0x401314	0x3e710	0x3db10	0x2e3
GetLocaleInfoA	-	0x401318	0x3e714	0x3db14	0x1e8
SetFilePointer	-	0x40131c	0x3e718	0x3db18	0x3df
GetConsoleCP	-	0x401320	0x3e71c	0x3db1c	0x183
FlushFileBuffers	-	0x401324	0x3e720	0x3db20	0x141
SetStdHandle	-	0x401328	0x3e724	0x3db24	0x3fc
WriteConsoleA	-	0x40132c	0x3e728	0x3db28	0x482
GetConsoleOutputCP	-	0x401330	0x3e72c	0x3db2c	0x199
CloseHandle	-	0x401334	0x3e730	0x3db30	0x43
CreateFileA	-	0x401338	0x3e734	0x3db34	0x78

Memory Dumps (10)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
b45bf93a4b27690392433619c5006e8b.virus.exe	1	0x00400000	0x0056DFFF	Relevant Image	32-bit	0x00429060	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x005E1FC8	0x005F1637	First Execution	32-bit	0x005E591B	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00030000	0x00038FFF	First Execution	32-bit	0x00030000	... Memory Dump Actions Go to Process Download Dump
buffer	2	0x00400000	0x00408FFF	First Execution	32-bit	0x00402F47	... Memory Dump Actions Go to Process Download Dump
b45bf93a4b27690392433619c5006e8b.virus.exe	1	0x00400000	0x0056DFFF	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	2	0x00400000	0x00408FFF	Content Changed	32-bit	0x004019A4	... Memory Dump Actions Go to Process Download Dump
buffer	2	0x00400000	0x00408FFF	Content Changed	32-bit	0x00402D03	... Memory Dump Actions Go to Process Download Dump
buffer	2	0x00460000	0x00475FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	2	0x00400000	0x00408FFF	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	2	0x00420000	0x00425FFF	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump

Remarks (2/2)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

WHOIS Domain Information

Before

After