Gridinsoft Logo
File Icon

A12a7a8edd7fee2ec3b2b47e0a33830f.exe Trojan SmokeLoader Analysis

Technical Analysis

File Name a12a7a8edd7fee2ec3b2b47e0a33830f.exe
File Type
PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version 1.0.141.174
Database Version 2023-10-05 11:04:44 UTC

Trojan.Win32.SmokeLoader.bot

Malware family: SmokeLoader

SmokeLoader functions as a malware loader, delivering secondary payloads to infected systems. It uses obfuscation techniques and stealth methods to avoid detection. The malware supports plugin architecture, allowing operators to add custom information-stealing modules and expand attack capabilities.
N/A
Detection Rate
315,904
File Size (bytes)
2023-10-05
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
a12a7a8edd7fee2ec3b2b47e0a33830f
SHA1
08f7effe8228bfca384c8eaa3cba606a2342eb0b
SHA256
143310670009099214b1b1a812e98a485db3e2879ab35dca8ba63005a62a610c
SHA512
b781af05fe3796fb41d44bc891da14126d313dd05e49c8000764af5b3ebc2819d2ab58da6ab271926116caff2d23a4d367bce5996d649e74782047f05bc28d53
ImpHash
5396cb3c2c0a90a20f01488724a0b793

PE Analysis

Basic Information

Icon
Hash: b4a6631c0702058fe48f427c2f6f242c
Fuzzy: e0bc587792609e6f8411f1c91c15620a
dHash: 70d0ddd0c1d8d2dd
Image Base 0x00400000
Entry Point 0x00405bcb
Compilation Time 2023-01-06 19:45:23
Checksum 0x0004f39b (Actual: 0x0004f39b)
OS Version 5.1
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
Digital Signature The PE file does not contain a certificate table.
Imports 3 libraries
KERNEL32, USER32, GDI32
Exports 0 functions
Resources 29 Resources
Sections 3 Sections

Version Information

InternalName Pastronomichas.exe
LegalTrademark1 DoesntGet
OriginalFilename Bujingle.exe
ProductName Gamblo
ProductVersion 87.100.86.81
Translation 0x146b 0x233a

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 241,386 bytes 241,664 bytes 5.63 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ E6E48FF04D564D52C631AAB54FCCE171
.data 0x0003c000 31,750,188 bytes 15,872 bytes 1.38 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 700E78D5CBB4F0C10EBC9A1DD88AD1B8
.rsrc 0x01e84000 57,088 bytes 57,344 bytes 4.08 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 052FD8A39F5B4750EEF31B171CE78D26

Resource Analysis

Total Resources: 29 (55,404 bytes)
Resource Type Count Total Size Percentage
JASUZAHAVOWECAYEDEVIDAVETUNAGU 1 1,566 bytes
2.8%
RT_CURSOR 8 12,136 bytes
21.9%
RT_ICON 10 38,640 bytes
69.7%
RT_STRING 3 2,242 bytes
4%
RT_GROUP_CURSOR 4 136 bytes
0.2%
RT_GROUP_ICON 2 152 bytes
0.3%
RT_VERSION 1 532 bytes
1%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Win32.SmokeLoader.bot Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win32.SmokeLoader.bot without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware