popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Swift-Stage1-Obfuscated.exe

Malicious Packer UPX PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 18, 2024, 9:54 a.m. Oct. 18, 2024, 10 a.m.
Size 14.9MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 0444eb9fbbf0d5ee3718acafd88e0843
SHA256 a3ae935dad0de2657b032a70d1908f622b3cf54fc53f01a69d5f086e21ad4d9a
CRC32 C3FA1F4F
ssdeep 98304:c3UXpov5aERAzq5km7dLb5isMTLr85uuUfQOEXymdY+DiG:sUXpQn/iswLr859Ufs7MG
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
section .symtab
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefd6b7a50
function_name: wine_get_version
module: ntdll
module_address: 0x0000000076d30000
-1073741511 0
dead_host 192.168.50.101:443
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Sliver.4!c
Cynet Malicious (score: 99)
Skyhigh BehavesLike.Win64.Trojan.vh
ALYac Dump:Generic.Sliver.Marte.G.6DA59076
Cylance Unsafe
VIPRE Dump:Generic.Sliver.Marte.G.6DA59076
Sangfor HackTool.Win32.Sliver_Implant_64bit.uwccg
CrowdStrike win/malicious_confidence_100% (D)
BitDefender Dump:Generic.Sliver.Marte.G.6DA59076
K7AntiVirus Trojan ( 0059f2e01 )
Arcabit Dump:Generic.Sliver.Marte.G.6DA59076
VirIT Trojan.Win64.Sliver.AA
Symantec ML.Attribute.HighConfidence
Elastic Multi.Trojan.Sliver
ESET-NOD32 a variant of WinGo/Agent.LO
APEX Malicious
Avast Win64:MalwareX-gen [Trj]
ClamAV Win.File.Sliver-9942542-0
Kaspersky HEUR:Trojan.Multi.MalGO.gen
Alibaba Trojan:Win32/SuspGolang.a3245952
MicroWorld-eScan Dump:Generic.Sliver.Marte.G.6DA59076
Rising Backdoor.Sliver!1.FCA0 (CLASSIC)
Emsisoft Dump:Generic.Sliver.Marte.G.6DA59076 (B)
F-Secure Hack-Tool:W32/SBeacon.A
TrendMicro Backdoor.Win64.SILVER.SMYXCFWAZ
McAfeeD ti!A3AE935DAD0D
CTX exe.trojan.sliver
Sophos ATK/Sliver-B
SentinelOne Static AI - Malicious PE
FireEye Dump:Generic.Sliver.Marte.G.6DA59076
Google Detected
Avira HEUR/AGEN.1366847
Antiy-AVL Trojan/Multi.MalGO
Kingsoft Win32.Troj.Unknown.a
Gridinsoft Trojan.Win64.Agent.sa
Microsoft Trojan:Win32/SuspGolang.AG
ZoneAlarm HEUR:Trojan.Multi.MalGO.gen
GData Dump:Generic.Sliver.Marte.G.6DA59076
AhnLab-V3 Trojan/Win.SuspGolang.C5681825
McAfee PUP-INQ
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.665207543
Ikarus Trojan.WinGo.Shellcoderunner
Panda Trj/CI.A
Tencent Win32.Trojan.Malgo.Fflw
huorong HEUR:HackTool/Sliver.a
Fortinet Adware/Agent
AVG Win64:MalwareX-gen [Trj]
Paloalto generic.ml