File Name | file |
File Type |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Scanner Version | 1.0.141.174 |
Database Version | 2023-10-05 12:02:37 UTC |
Malware family: SmokeLoader
Hash Type | Value | Action |
---|---|---|
MD5 |
6c7c496c1017c9435717f711bf5b8af3
|
|
SHA1 |
f19a0b3803266c080bf7fcfad9fefab75ad7ef32
|
|
SHA256 |
cc58ad1f7a097f077f06b78e21c1f5a01007cd98613b602bb22b95751920ba80
|
|
SHA512 |
278e66e318b9e4cf279d364be5bd1279af5b3e0f978c18d95e90fa48aa9e1cd5085cf1174c05afd99e66ac38f6ac94482316c5e7548c5425a4577145425e7c78
|
|
ImpHash |
7bf0c3cbf0d3960e40b75bc830477f17
|
Icon |
Hash: 14f6166713def0fc6064333bc354c28f
Fuzzy: 804d4d15438c9607c11868bbdd7614e9 dHash: bce9f6f2e0c4ebf4 |
Image Base | 0x00400000 |
Entry Point | 0x00406b5c |
Compilation Time | 2022-09-09 09:09:13 |
Checksum | 0x000386d5 (Actual: 0x000386d5) |
OS Version | 5.0 |
PEiD Signatures |
PE32 executable (GUI) Intel 80386, for MS Windows
|
PDB Path | C:\doreviri puyimonixowi\98\pifumafu tibibujo_xijubi\zazuyuz.pdb |
Digital Signature | The PE file does not contain a certificate table. |
Imports |
2 libraries
KERNEL32, USER32 |
Exports | 0 functions |
Resources | 15 Resources |
Sections | 4 Sections |
FileDescription | Vangla |
LegalCopyright | Copyright (C) 2022, Fdfiugaf |
ProductsVersion | 0.24.58.86 |
ProductName | Hsfpkajdflgnj |
ProductionVersion | 13.37.45.45 |
Translation | 0x25b0 0x0ebc |
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
---|---|---|---|---|---|---|
.text |
0x00001000 |
170,118 bytes | 170,496 bytes | 7.54 (Packed/Encrypted) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
5A2F53B0635313BAE0EF4D1548FA51C6 |
.data |
0x0002b000 |
1,532,604 bytes | 7,680 bytes | 2.56 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
38CC672BCF693826AB2BF9B81AB4B2E4 |
.rsrc |
0x001a2000 |
33,616 bytes | 33,792 bytes | 4.91 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
E61EF062582563C64E0003CA9F4A3688 |
.reloc |
0x001ab000 |
10,660 bytes | 10,752 bytes | 2.82 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
CD17606B14B253EAEBCE9675BCB87409 |
1 section(s) with high entropy (≥7.5) detected - possible packing/encryption
Resource Type | Count | Total Size | Percentage |
---|---|---|---|
KELA | 1 | 8,322 bytes | |
LOXAWANAYATIJ | 1 | 4,975 bytes | |
RT_ICON | 3 | 12,504 bytes | |
RT_STRING | 5 | 6,134 bytes | |
RT_ACCELERATOR | 1 | 40 bytes | |
RT_GROUP_ICON | 1 | 48 bytes | |
RT_VERSION | 1 | 564 bytes | |
None | 2 | 20 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
The PE file does not contain a certificate table.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Gridinsoft has the capability to identify and eliminate Trojan.Win32.SmokeLoader.bot without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system