smoke.exe

File Path: C:\Program Files\InfraRecorder\smoke.exe
Description: ckEffects Application

Hashes

Type	Hash
MD5	`BDA4B26E2B663E0AF7E3CA9AA6DDF1CF`
SHA1	`5D90DCFAF21FDEAA8AABE20BFE8C8AF525705C33`
SHA256	`3D5F1B984013507BFB21A9565720E266BECB8A626FC828FA5717953862A55AA6`
SHA384	`BD07708AA6453A6032C683EE3B364D6E1381E32CA469004D6547E159BE915711D0E9E90A4085B3D423C771A40FDB0770`
SHA512	`5DF56784EBA54B3993B4F72B84A3CF9283B963DF5E3A727CEDD1B075FE2BBC133F982A14E53D3046A501BFDB6AE7347122046ED646EEA53CD30DABC6505888B3`
SSDEEP	`6144:5pmkXBHIULuwCd1EZOX09WVQie5wu8rc7yX1cNNdFYJhIogS1DpjkeAO2:ffuRd1EEYwdr/1IfCJ2oNpjkeAB`
IMP	`B1C177B928E5387C5B668DFFE8313705`
PESHA1	`6E1B02BE0607F69977FFBEF300D27C851DE6000E`
PE256	`9370FF01808F49B1EC8EB16AE268BB3102F3084C9C3ECD9860BA31499AF039CA`

Runtime Data

Open Handles:

Path	Type
(RW-) C:\xCyclopedia	File
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0	Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0	Section

Loaded Modules:

Path
C:\Program Files\InfraRecorder\smoke.exe
C:\Windows\SYSTEM32\d3d9.dll
C:\Windows\SYSTEM32\dwmapi.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\PSAPI.DLL
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll
C:\Windows\System32\win32u.dll

Signature

Status: Signature verified.
Serial: 00B1F4A9019F0E490A34743EF8FEB1A228
Thumbprint: 7C65C5FB8A87242D467A7F1BF4571AD02C037069
Issuer: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US
Subject: CN=Christian Kindahl, O=Christian Kindahl, STREET=Lotta Svrdsgatan 4 A, L=Gteborg, S=Vstra Gtaland, PostalCode=41504, C=SE

File Metadata

Original Filename: ckEffects.exe
Product Name: ckEffects Application
Company Name:
File Version: 1.0.0.0
Product Version: 1.0.0.0
Language: English
Legal Copyright: Copyright 2007 Christian Kindahl
Machine Type: 64-bit

File Scan

VirusTotal Detections: 0/68
VirusTotal Link: https://www.virustotal.com/gui/file/3d5f1b984013507bfb21a9565720e266becb8a626fc828fa5717953862a55aa6/detection/

Possible Misuse

The following table contains possible examples of smoke.exe being misused. While smoke.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source	Source File	Example	License
malware-ioc	dnsbirthday	`* DNS query to domain matching` [0-9a-f]{60}.smoke``{:.highlight .language-cmhg}	© ESET 2014-2018
malware-ioc	rqz-dnsduvel_blocklist.json	`"token": "be1728523f82428fc2016155f6dd65867b01997dc0b1c93097a8b7cc60cb.smoke",`	© ESET 2014-2018
malware-ioc	rqz-dnsduvel_blocklist.json	`"be1728523f82428fc2016155f6dd65867b01997dc0b1c93097a8b7cc60cb.smoke"`	© ESET 2014-2018
malware-ioc	nouns.txt	`smoke`	© ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.