{ "id": "be10e8ed-1162-458e-b6a8-687aa2c7fb29", "created_at": "2026-04-06T00:10:12.450811Z", "updated_at": "2026-04-10T03:21:44.000399Z", "deleted_at": null, "sha1_hash": "2be5a70f8bdb8bfe53426cd9a7d5425138e6ab39", "title": "smokeloader_technical_analysis_report.pdf", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 30366, "plain_text": "smokeloader_technical_analysis_report.pdf\r\nArchived: 2026-04-05 19:14:51 UTC\r\nSida 3 av 17\r\nINTRODUCTION\r\nThe SmokeLoader family is a type of malware that belongs to the loader type. The\r\nmain purpose of the program is to inject a more effective and destructive malware into\r\nthe machine. First revealed in 2011, SmokeLoader is a family that is evolving day by\r\nday, using new techniques and constantly updating.\r\nSmokeLoader is a family that aims to be keylogger, information theft, botnet, backdoor\r\naccess on systems. In fact, it can be used for any harmful activity for the purpose of\r\nthe attacker. It is spread through emails and drive-by download.\r\nIn the world of malware, PROPagate Injection has been used by SmokeLoaders for\r\nthe first time. PROPagate injection, injects confidential code into an application other\r\nthan the actual running application, allowing the malicious code to be run by a different\r\napplication.\r\n2\r\nSource: https://drive.google.com/file/d/13BsHZn-KVLhwrtgS2yKJAM2_U_XZlwoD/view\r\nhttps://drive.google.com/file/d/13BsHZn-KVLhwrtgS2yKJAM2_U_XZlwoD/view\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://drive.google.com/file/d/13BsHZn-KVLhwrtgS2yKJAM2_U_XZlwoD/view" ], "report_names": [ "view" ], "threat_actors": [], "ts_created_at": 1775434212, "ts_updated_at": 1775791304, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/2be5a70f8bdb8bfe53426cd9a7d5425138e6ab39.pdf", "text": "https://archive.orkl.eu/2be5a70f8bdb8bfe53426cd9a7d5425138e6ab39.txt", "img": "https://archive.orkl.eu/2be5a70f8bdb8bfe53426cd9a7d5425138e6ab39.jpg" } }