Malicious
Classifications
Injector Downloader
Threat Names
SmokeLoader Mal/HTMLGen-A
Dynamic Analysis Report
Created on 2021-12-31T18:54:00
eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe
Windows Exe (x86-32)
Remarks (2/2)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "1 hour, 3 minutes, 26 seconds" to "6 seconds" to reveal dormant functionality.
(0x0200003A): A task was rescheduled ahead of time to reveal dormant functionality.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\kEecfMwgj\Desktop\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe | Sample File | Binary |
malicious
|
...
|
»
| Also Known As | C:\Users\kEecfMwgj\AppData\Roaming\cdieedr (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 339.00 KB |
| MD5 |
720b195655e0a571c4d511088b51202b
|
| SHA1 |
f171845fe7b3ae9576ea0f698edd8d65d6bf6ead
|
| SHA256 |
eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1
|
| SSDeep |
6144:gnjd+ZnJMz+HPYYys+J7huIPCUrM/YbKwj4Fy9FVUHc1FEu:gnjdZz2Qmm7huIPCUQ/YbKwjRFVUwFEu
|
| ImpHash |
c613013e8ec93eae360257b5231d0949
|
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x424a10 |
| Size Of Code | 0x41200 |
| Size Of Initialized Data | 0x33d600 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2020-09-07 16:03:50+00:00 |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x411f6 | 0x41200 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.87 |
| .data | 0x443000 | 0x332a0c | 0x8c00 | 0x41600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.7 |
| .fuhi | 0x776000 | 0x5 | 0x200 | 0x4a200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .rsrc | 0x777000 | 0x4e90 | 0x5000 | 0x4a400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.54 |
| .reloc | 0x77c000 | 0x56de | 0x5800 | 0x4f400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 3.48 |
Imports (1)
»
KERNEL32.dll (171)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CallNamedPipeA | - | 0x401000 | 0x411ec | 0x405ec | 0x3e |
| TerminateProcess | - | 0x401004 | 0x411f0 | 0x405f0 | 0x4c0 |
| GetExitCodeProcess | - | 0x401008 | 0x411f4 | 0x405f4 | 0x1df |
| GetVersionExW | - | 0x40100c | 0x411f8 | 0x405f8 | 0x2a4 |
| VerifyVersionInfoW | - | 0x401010 | 0x411fc | 0x405fc | 0x4e8 |
| GetConsoleCP | - | 0x401014 | 0x41200 | 0x40600 | 0x19a |
| GetConsoleAliasesLengthA | - | 0x401018 | 0x41204 | 0x40604 | 0x197 |
| VerLanguageNameA | - | 0x40101c | 0x41208 | 0x40608 | 0x4e2 |
| VerifyVersionInfoA | - | 0x401020 | 0x4120c | 0x4060c | 0x4e7 |
| FreeEnvironmentStringsW | - | 0x401024 | 0x41210 | 0x40610 | 0x161 |
| GetProcessPriorityBoost | - | 0x401028 | 0x41214 | 0x40614 | 0x250 |
| SetVolumeMountPointA | - | 0x40102c | 0x41218 | 0x40618 | 0x4aa |
| GetLongPathNameW | - | 0x401030 | 0x4121c | 0x4061c | 0x20f |
| CopyFileA | - | 0x401034 | 0x41220 | 0x40620 | 0x70 |
| TlsSetValue | - | 0x401038 | 0x41224 | 0x40624 | 0x4c8 |
| GetConsoleCursorInfo | - | 0x40103c | 0x41228 | 0x40628 | 0x1a0 |
| SystemTimeToTzSpecificLocalTime | - | 0x401040 | 0x4122c | 0x4062c | 0x4be |
| FindAtomW | - | 0x401044 | 0x41230 | 0x40630 | 0x12d |
| ReleaseMutex | - | 0x401048 | 0x41234 | 0x40634 | 0x3fa |
| GetNamedPipeHandleStateA | - | 0x40104c | 0x41238 | 0x40638 | 0x220 |
| CommConfigDialogA | - | 0x401050 | 0x4123c | 0x4063c | 0x5d |
| BuildCommDCBAndTimeoutsW | - | 0x401054 | 0x41240 | 0x40640 | 0x3c |
| GetProcAddress | - | 0x401058 | 0x41244 | 0x40644 | 0x245 |
| LoadLibraryA | - | 0x40105c | 0x41248 | 0x40648 | 0x33c |
| GlobalAlloc | - | 0x401060 | 0x4124c | 0x4064c | 0x2b3 |
| LocalReAlloc | - | 0x401064 | 0x41250 | 0x40650 | 0x34b |
| GetCommandLineA | - | 0x401068 | 0x41254 | 0x40654 | 0x186 |
| InterlockedExchange | - | 0x40106c | 0x41258 | 0x40658 | 0x2ec |
| GetCalendarInfoW | - | 0x401070 | 0x4125c | 0x4065c | 0x17b |
| DeleteFileA | - | 0x401074 | 0x41260 | 0x40660 | 0xd3 |
| CreateActCtxA | - | 0x401078 | 0x41264 | 0x40664 | 0x77 |
| SetPriorityClass | - | 0x40107c | 0x41268 | 0x40668 | 0x47d |
| GetPrivateProfileIntA | - | 0x401080 | 0x4126c | 0x4066c | 0x23b |
| GetProcessHeap | - | 0x401084 | 0x41270 | 0x40670 | 0x24a |
| GlobalMemoryStatus | - | 0x401088 | 0x41274 | 0x40674 | 0x2bf |
| ReadConsoleOutputCharacterA | - | 0x40108c | 0x41278 | 0x40678 | 0x3bb |
| GetStartupInfoA | - | 0x401090 | 0x4127c | 0x4067c | 0x262 |
| GetDiskFreeSpaceExW | - | 0x401094 | 0x41280 | 0x40680 | 0x1ce |
| GetCPInfoExW | - | 0x401098 | 0x41284 | 0x40684 | 0x174 |
| GetWindowsDirectoryW | - | 0x40109c | 0x41288 | 0x40688 | 0x2af |
| GetSystemWow64DirectoryA | - | 0x4010a0 | 0x4128c | 0x4068c | 0x27d |
| SetLastError | - | 0x4010a4 | 0x41290 | 0x40690 | 0x473 |
| GetProfileStringA | - | 0x4010a8 | 0x41294 | 0x40694 | 0x25c |
| GetCalendarInfoA | - | 0x4010ac | 0x41298 | 0x40698 | 0x179 |
| FreeUserPhysicalPages | - | 0x4010b0 | 0x4129c | 0x4069c | 0x166 |
| GetTickCount | - | 0x4010b4 | 0x412a0 | 0x406a0 | 0x293 |
| GetStringTypeExA | - | 0x4010b8 | 0x412a4 | 0x406a4 | 0x267 |
| DebugBreak | - | 0x4010bc | 0x412a8 | 0x406a8 | 0xc7 |
| lstrcmpA | - | 0x4010c0 | 0x412ac | 0x406ac | 0x541 |
| WriteFile | - | 0x4010c4 | 0x412b0 | 0x406b0 | 0x525 |
| SetConsoleMode | - | 0x4010c8 | 0x412b4 | 0x406b4 | 0x43d |
| GetCurrentThreadId | - | 0x4010cc | 0x412b8 | 0x406b8 | 0x1c5 |
| lstrcatW | - | 0x4010d0 | 0x412bc | 0x406bc | 0x53f |
| SetMailslotInfo | - | 0x4010d4 | 0x412c0 | 0x406c0 | 0x479 |
| LocalFileTimeToFileTime | - | 0x4010d8 | 0x412c4 | 0x406c4 | 0x346 |
| DefineDosDeviceA | - | 0x4010dc | 0x412c8 | 0x406c8 | 0xcc |
| EndUpdateResourceA | - | 0x4010e0 | 0x412cc | 0x406cc | 0xec |
| WriteConsoleW | - | 0x4010e4 | 0x412d0 | 0x406d0 | 0x524 |
| SetSystemTimeAdjustment | - | 0x4010e8 | 0x412d4 | 0x406d4 | 0x48c |
| GetPrivateProfileSectionW | - | 0x4010ec | 0x412d8 | 0x406d8 | 0x240 |
| WritePrivateProfileSectionW | - | 0x4010f0 | 0x412dc | 0x406dc | 0x529 |
| TryEnterCriticalSection | - | 0x4010f4 | 0x412e0 | 0x406e0 | 0x4ce |
| GetPrivateProfileStructW | - | 0x4010f8 | 0x412e4 | 0x406e4 | 0x244 |
| GetFileAttributesExA | - | 0x4010fc | 0x412e8 | 0x406e8 | 0x1e6 |
| HeapUnlock | - | 0x401100 | 0x412ec | 0x406ec | 0x2d6 |
| PeekConsoleInputA | - | 0x401104 | 0x412f0 | 0x406f0 | 0x38b |
| SetTapeParameters | - | 0x401108 | 0x412f4 | 0x406f4 | 0x48d |
| FindResourceExW | - | 0x40110c | 0x412f8 | 0x406f8 | 0x14d |
| GetLocalTime | - | 0x401110 | 0x412fc | 0x406fc | 0x203 |
| CreateIoCompletionPort | - | 0x401114 | 0x41300 | 0x40700 | 0x94 |
| CreateSemaphoreA | - | 0x401118 | 0x41304 | 0x40704 | 0xab |
| GetThreadLocale | - | 0x40111c | 0x41308 | 0x40708 | 0x28c |
| SetFileShortNameW | - | 0x401120 | 0x4130c | 0x4070c | 0x469 |
| lstrcpyA | - | 0x401124 | 0x41310 | 0x40710 | 0x547 |
| LockFileEx | - | 0x401128 | 0x41314 | 0x40714 | 0x353 |
| GetConsoleAliasA | - | 0x40112c | 0x41318 | 0x40718 | 0x190 |
| GetConsoleAliasExesLengthA | - | 0x401130 | 0x4131c | 0x4071c | 0x192 |
| TransactNamedPipe | - | 0x401134 | 0x41320 | 0x40720 | 0x4ca |
| GetDevicePowerState | - | 0x401138 | 0x41324 | 0x40724 | 0x1cb |
| GetWriteWatch | - | 0x40113c | 0x41328 | 0x40728 | 0x2b0 |
| FreeEnvironmentStringsA | - | 0x401140 | 0x4132c | 0x4072c | 0x160 |
| GetConsoleScreenBufferInfo | - | 0x401144 | 0x41330 | 0x40730 | 0x1b2 |
| LoadLibraryW | - | 0x401148 | 0x41334 | 0x40734 | 0x33f |
| TlsAlloc | - | 0x40114c | 0x41338 | 0x40738 | 0x4c5 |
| GetComputerNameW | - | 0x401150 | 0x4133c | 0x4073c | 0x18f |
| HeapFree | - | 0x401154 | 0x41340 | 0x40740 | 0x2cf |
| GetLastError | - | 0x401158 | 0x41344 | 0x40744 | 0x202 |
| GlobalReAlloc | - | 0x40115c | 0x41348 | 0x40748 | 0x2c1 |
| SignalObjectAndWait | - | 0x401160 | 0x4134c | 0x4074c | 0x4b0 |
| CancelDeviceWakeupRequest | - | 0x401164 | 0x41350 | 0x40750 | 0x41 |
| FindClose | - | 0x401168 | 0x41354 | 0x40754 | 0x12e |
| SetWaitableTimer | - | 0x40116c | 0x41358 | 0x40758 | 0x4ac |
| ChangeTimerQueueTimer | - | 0x401170 | 0x4135c | 0x4075c | 0x48 |
| GetProcessTimes | - | 0x401174 | 0x41360 | 0x40760 | 0x252 |
| FatalAppExitW | - | 0x401178 | 0x41364 | 0x40764 | 0x121 |
| lstrcpynA | - | 0x40117c | 0x41368 | 0x40768 | 0x54a |
| SetNamedPipeHandleState | - | 0x401180 | 0x4136c | 0x4076c | 0x47c |
| FillConsoleOutputCharacterA | - | 0x401184 | 0x41370 | 0x40770 | 0x127 |
| GetCompressedFileSizeA | - | 0x401188 | 0x41374 | 0x40774 | 0x188 |
| FindNextVolumeMountPointA | - | 0x40118c | 0x41378 | 0x40778 | 0x148 |
| GetFullPathNameA | - | 0x401190 | 0x4137c | 0x4077c | 0x1f8 |
| FreeResource | - | 0x401194 | 0x41380 | 0x40780 | 0x165 |
| UnlockFile | - | 0x401198 | 0x41384 | 0x40784 | 0x4d4 |
| GlobalAddAtomA | - | 0x40119c | 0x41388 | 0x40788 | 0x2b1 |
| TerminateJobObject | - | 0x4011a0 | 0x4138c | 0x4078c | 0x4bf |
| QueryDosDeviceA | - | 0x4011a4 | 0x41390 | 0x40790 | 0x39f |
| EnterCriticalSection | - | 0x4011a8 | 0x41394 | 0x40794 | 0xee |
| Process32FirstW | - | 0x4011ac | 0x41398 | 0x40798 | 0x396 |
| SetCurrentDirectoryW | - | 0x4011b0 | 0x4139c | 0x4079c | 0x44d |
| GetBinaryTypeA | - | 0x4011b4 | 0x413a0 | 0x407a0 | 0x170 |
| OpenMutexA | - | 0x4011b8 | 0x413a4 | 0x407a4 | 0x37c |
| WideCharToMultiByte | - | 0x4011bc | 0x413a8 | 0x407a8 | 0x511 |
| InterlockedIncrement | - | 0x4011c0 | 0x413ac | 0x407ac | 0x2ef |
| InterlockedDecrement | - | 0x4011c4 | 0x413b0 | 0x407b0 | 0x2eb |
| GetStringTypeW | - | 0x4011c8 | 0x413b4 | 0x407b4 | 0x269 |
| MultiByteToWideChar | - | 0x4011cc | 0x413b8 | 0x407b8 | 0x367 |
| InterlockedCompareExchange | - | 0x4011d0 | 0x413bc | 0x407bc | 0x2e9 |
| InitializeCriticalSection | - | 0x4011d4 | 0x413c0 | 0x407c0 | 0x2e2 |
| DeleteCriticalSection | - | 0x4011d8 | 0x413c4 | 0x407c4 | 0xd1 |
| LeaveCriticalSection | - | 0x4011dc | 0x413c8 | 0x407c8 | 0x339 |
| EncodePointer | - | 0x4011e0 | 0x413cc | 0x407cc | 0xea |
| DecodePointer | - | 0x4011e4 | 0x413d0 | 0x407d0 | 0xca |
| HeapValidate | - | 0x4011e8 | 0x413d4 | 0x407d4 | 0x2d7 |
| IsBadReadPtr | - | 0x4011ec | 0x413d8 | 0x407d8 | 0x2f7 |
| RtlUnwind | - | 0x4011f0 | 0x413dc | 0x407dc | 0x418 |
| RaiseException | - | 0x4011f4 | 0x413e0 | 0x407e0 | 0x3b1 |
| GetCommandLineW | - | 0x4011f8 | 0x413e4 | 0x407e4 | 0x187 |
| HeapSetInformation | - | 0x4011fc | 0x413e8 | 0x407e8 | 0x2d3 |
| GetStartupInfoW | - | 0x401200 | 0x413ec | 0x407ec | 0x263 |
| LCMapStringW | - | 0x401204 | 0x413f0 | 0x407f0 | 0x32d |
| GetCPInfo | - | 0x401208 | 0x413f4 | 0x407f4 | 0x172 |
| GetModuleFileNameW | - | 0x40120c | 0x413f8 | 0x407f8 | 0x214 |
| GetCurrentProcess | - | 0x401210 | 0x413fc | 0x407fc | 0x1c0 |
| UnhandledExceptionFilter | - | 0x401214 | 0x41400 | 0x40800 | 0x4d3 |
| SetUnhandledExceptionFilter | - | 0x401218 | 0x41404 | 0x40804 | 0x4a5 |
| IsDebuggerPresent | - | 0x40121c | 0x41408 | 0x40808 | 0x300 |
| InitializeCriticalSectionAndSpinCount | - | 0x401220 | 0x4140c | 0x4080c | 0x2e3 |
| IsProcessorFeaturePresent | - | 0x401224 | 0x41410 | 0x40810 | 0x304 |
| HeapAlloc | - | 0x401228 | 0x41414 | 0x40814 | 0x2cb |
| GetModuleFileNameA | - | 0x40122c | 0x41418 | 0x40818 | 0x213 |
| HeapReAlloc | - | 0x401230 | 0x4141c | 0x4081c | 0x2d2 |
| HeapSize | - | 0x401234 | 0x41420 | 0x40820 | 0x2d4 |
| HeapQueryInformation | - | 0x401238 | 0x41424 | 0x40824 | 0x2d1 |
| HeapCreate | - | 0x40123c | 0x41428 | 0x40828 | 0x2cd |
| GetACP | - | 0x401240 | 0x4142c | 0x4082c | 0x168 |
| GetOEMCP | - | 0x401244 | 0x41430 | 0x40830 | 0x237 |
| IsValidCodePage | - | 0x401248 | 0x41434 | 0x40834 | 0x30a |
| TlsGetValue | - | 0x40124c | 0x41438 | 0x40838 | 0x4c7 |
| TlsFree | - | 0x401250 | 0x4143c | 0x4083c | 0x4c6 |
| GetModuleHandleW | - | 0x401254 | 0x41440 | 0x40840 | 0x218 |
| ExitProcess | - | 0x401258 | 0x41444 | 0x40844 | 0x119 |
| SetHandleCount | - | 0x40125c | 0x41448 | 0x40848 | 0x46f |
| GetStdHandle | - | 0x401260 | 0x4144c | 0x4084c | 0x264 |
| GetFileType | - | 0x401264 | 0x41450 | 0x40850 | 0x1f3 |
| QueryPerformanceCounter | - | 0x401268 | 0x41454 | 0x40854 | 0x3a7 |
| GetCurrentProcessId | - | 0x40126c | 0x41458 | 0x40858 | 0x1c1 |
| GetSystemTimeAsFileTime | - | 0x401270 | 0x4145c | 0x4085c | 0x279 |
| GetEnvironmentStringsW | - | 0x401274 | 0x41460 | 0x40860 | 0x1da |
| GetLocaleInfoW | - | 0x401278 | 0x41464 | 0x40864 | 0x206 |
| GetLocaleInfoA | - | 0x40127c | 0x41468 | 0x40868 | 0x204 |
| IsValidLocale | - | 0x401280 | 0x4146c | 0x4086c | 0x30c |
| EnumSystemLocalesA | - | 0x401284 | 0x41470 | 0x40870 | 0x10d |
| GetUserDefaultLCID | - | 0x401288 | 0x41474 | 0x40874 | 0x29b |
| OutputDebugStringA | - | 0x40128c | 0x41478 | 0x40878 | 0x389 |
| OutputDebugStringW | - | 0x401290 | 0x4147c | 0x4087c | 0x38a |
| SetFilePointer | - | 0x401294 | 0x41480 | 0x40880 | 0x466 |
| GetConsoleMode | - | 0x401298 | 0x41484 | 0x40884 | 0x1ac |
| SetStdHandle | - | 0x40129c | 0x41488 | 0x40888 | 0x487 |
| FlushFileBuffers | - | 0x4012a0 | 0x4148c | 0x4088c | 0x157 |
| CreateFileW | - | 0x4012a4 | 0x41490 | 0x40890 | 0x8f |
| CloseHandle | - | 0x4012a8 | 0x41494 | 0x40894 | 0x52 |
Memory Dumps (8)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe | 1 | 0x00400000 | 0x00781FFF | Relevant Image |
|
32-bit | 0x0042C0C0 |
|
...
|
| buffer | 1 | 0x0091F3D0 | 0x0092E8EF | First Execution |
|
32-bit | 0x00922E8C |
|
...
|
| buffer | 1 | 0x00020000 | 0x00028FFF | First Execution |
|
32-bit | 0x00020000 |
|
...
|
| buffer | 2 | 0x00400000 | 0x00408FFF | First Execution |
|
32-bit | 0x00402F47 |
|
...
|
| eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe | 1 | 0x00400000 | 0x00781FFF | Process Termination |
|
32-bit | - |
|
...
|
| buffer | 2 | 0x00400000 | 0x00408FFF | Content Changed |
|
32-bit | 0x0040283D |
|
...
|
| buffer | 2 | 0x00290000 | 0x00295FFF | Process Termination |
|
32-bit | - |
|
...
|
| buffer | 2 | 0x00400000 | 0x00408FFF | Process Termination |
|
32-bit | - |
|
...
|
