popup

Report - hswaxn.exe

PE64 PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.10.22 09:12 Machine s1_win7_x6401
Filename hswaxn.exe
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
AI Score
6
 Behavior Score
1.4
ZERO API file : clean
VT API (file) 36 detected (Donut, malicious, high confidence, InjectNET, GenericKDZ, Unsafe, Save, Eldorado, FileRepMalware, Szbp, Gamarue, Sabsik, score, R444976, Artemis, ai score=82, R002H0CJL21, confidence, susgen)
md5 c0fd2bdc5772986959399b514d854a9c
sha256 09304997df4fc7a39650857511a5dba7ffdd7deb92cca4befec239a35d232fc0
ssdeep 49152:NBoWYtR+cwjc6LmCovPZY8q9G1GNitOauQhVxsjlLfpH5K01:etRXwQGiPZwOuQhqRc01
imphash 02549ff92b49cce693542fc9afb10102
impfuzzy 6:HMJqX0syYJxSBS0H5sD4sIWvXoFliPEcn:sJqGMY58E6PXn
  Network IP location

Signature (2cnts)

Level Description
danger File has been identified by 36 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer

Rules (2cnts)

Level Name Description Collection
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

msvcrt.dll
 0x5eaf6c malloc
 0x5eaf74 memset
 0x5eaf7c _get_pgmptr
 0x5eaf84 getenv
 0x5eaf8c sprintf
 0x5eaf94 __argc
 0x5eaf9c __argv
 0x5eafa4 _environ
 0x5eafac _XcptFilter
 0x5eafb4 __set_app_type
 0x5eafbc _controlfp
 0x5eafc4 __getmainargs
 0x5eafcc exit
kernel32.dll
 0x5eafdc Sleep
 0x5eafe4 CreateProcessA
 0x5eafec SetUnhandledExceptionFilter

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure