File Name | 109d9077e847550b471e717986dec00400d4a49cccf438a462ec9630eda654c5 |
File Type |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Scanner Version | 1.0.139.174 |
Database Version | 2023-09-15 12:03:27 UTC |
Malware family: SmokeLoader
Hash Type | Value | Action |
---|---|---|
MD5 |
062665ad0f9f5754137d041d06792928
|
|
SHA1 |
79719cc20f56b9c22b2a38fb0bfdec22a4767697
|
|
SHA256 |
109d9077e847550b471e717986dec00400d4a49cccf438a462ec9630eda654c5
|
|
SHA512 |
16b9d8f1b82b2fd4c7345205760f9fe6edd1cce6e8177ff11c70b5f8ff5eb49c3c4d5b5665de9a759af003bec424a2ea7342462bf4a1ad71b66c1fedf0094393
|
|
ImpHash |
003e055d96712e6da1d64b80d06eb6ae
|
Icon |
Hash: f760d1ace6d58510b7b60291ee46cab5
Fuzzy: b3e530ef38ebfe6a001bce898d72752a dHash: 8864e1d0c6e72184 |
Image Base | 0x00400000 |
Entry Point | 0x004070aa |
Compilation Time | 2022-07-20 11:28:49 |
Checksum | 0x0005dc36 (Actual: 0x0005dc36) |
OS Version | 5.1 |
PEiD Signatures |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Digital Signature | The PE file does not contain a certificate table. |
Imports |
4 libraries
KERNEL32, USER32, GDI32, ADVAPI32 |
Exports | 0 functions |
Resources | 39 Resources |
Sections | 3 Sections |
CompanyName | Thunderstuck |
FileDescriptions | Anybodies |
FileVersions | 42.51.49 |
InternalName | Superior.exe |
LegalCopyrights | Challangers bottle |
ProductName | Bonni |
ProductVersion | 57.5.64.0 |
Translation | 0x124e 0x043a |
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
---|---|---|---|---|---|---|
.text |
0x00001000 |
132,298 bytes | 132,608 bytes | 5.10 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
D4A8C4D450B0F0364FE1459323B22BB0 |
.data |
0x00022000 |
31,898,060 bytes | 163,328 bytes | 7.66 (Packed/Encrypted) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
1E2246393A33C1EBE9C58D469B11384C |
.rsrc |
0x01e8e000 |
83,184 bytes | 83,456 bytes | 3.73 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
3E63328024E49B9C1E20CBA26381362A |
1 section(s) with high entropy (≥7.5) detected - possible packing/encryption
Resource Type | Count | Total Size | Percentage |
---|---|---|---|
RT_CURSOR | 4 | 5,112 bytes | |
RT_ICON | 25 | 72,584 bytes | |
RT_STRING | 3 | 2,356 bytes | |
RT_GROUP_CURSOR | 2 | 68 bytes | |
RT_GROUP_ICON | 4 | 374 bytes | |
RT_VERSION | 1 | 632 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
The PE file does not contain a certificate table.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Gridinsoft has the capability to identify and eliminate Trojan.Win32.SmokeLoader.bot without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system