Trojan SmokeLoader Malware Analysis
| Online Virus Checker | v.1.0.136.174 |
| DB Version: | 2023-09-09 00:04:35 |
| Available languages: |        |
Scan Your File
Analyze suspicious files to detect malware and automatically share them with our team. You can compress your file into a zip archive (if needed, we use the password "infected" to extract before checking).
Trojan.Win32.SmokeLoader.bot
SmokeLoader primarily serves as a malware delivery mechanism, dropping other, more destructive malware onto infected machines. Its stealthy infiltration methods and complex obfuscation techniques make it challenging to detect. What sets SmokeLoader apart is its extensibility through plugins. Cybercriminals can add malicious info-stealing functions to the loader, making it a versatile tool for data theft and system compromise.
| Checked: | 2023-09-08 21:28:33 |
| MD5: | 7ddf1b25a6330ba415f01ac9c36ae82e |
| SHA1: | 5abe1cab9e05e03d3a133da9e41049b418a6112e |
| SHA256: | 47c6cee60f89a6562df66731d25bb8992e1b4cf125d871895808946fa69a501e |
| SHA512: | 5d6faaf95b4389876a2040c02429cfd7dbafc0bb22ab11bc1758882aeeb36ddc1a68cbdc9accefc80ab6c339def2fb2e33659a5332c2e9127221dcbe91c44f53 |
| Imphash: | d3945500b903f20850d2f3b48d1001be |
| File Size: | 214016 bytes |
Trojan.Win32.SmokeLoader.bot Removal
Gridinsoft has the capability to identify and eliminate Trojan.Win32.SmokeLoader.bot without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
Portable Executable Info
| Image Base: | 0x00400000 |
| Entry Point: | 0x00406057 |
| Compilation: | 2023-09-08 20:34:56 |
| Checksum: | 0x00000000 (Actual: 0x00042cc2) |
| OS Version: | 6.0 |
| PEiD: | - |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 5 |
| Imports: | KERNEL32, |
| Exports: | 0 |
| Resources: | 0 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0001cf86 | 0x0001d000 | eacf73ec773aa59181c553c69aecb957 | 6.64 |
| .rdata | 0x0001e000 | 0x0000c94c | 0x0000ca00 | acd79bbbd585caa6bdc358d1c074b76e | 5.41 |
| .data | 0x0002b000 | 0x00001c60 | 0x00001000 | 4df1f83fbfcf30777d2d3f89cd083f5f | 2.86 |
| .bSS | 0x0002d000 | 0x00007804 | 0x00007a00 | 6316642c692d5518e182dd4180dcac1a | 7.82 |
| .reloc | 0x00035000 | 0x00001a74 | 0x00001c00 | c89eddfda10ab1cd6c1cf4d2dc358344 | 6.41 |
