Report - swizzzz.exe

Generic Malware Malicious Library UPX PE File PE32 OS Processor Check
ScreenShot
Created 2024.05.18 20:10 Machine s1_win7_x6401
Filename swizzzz.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
8
Behavior Score
2.8
ZERO API file : mailcious
VT API (file) 35 detected (AIDetectMalware, Reline, Malicious, score, Convagent, Kysler, Attribute, HighConfidence, GenKryptik, GXSE, Stealc, svref, AMADEY, YXEEQZ, high, Outbreak, ABRisk, QPVU, R648506, BScope, TrojanPSW, FalseSign, Rwhl, Static AI, Malicious PE, susgen, Genetic)
md5 05b11e7b711b4aaa512029ffcb529b5a
sha256 2aab2ca39749b21877d1c52526009f9f5d251d934205e9f671a9e84cecd55afa
ssdeep 24576:IOuNAyNC+m6+Xs9Fp1RtKmYmy6Mmp78eR/VRgAiHIXOTR1/6:IOgCg+Xs9FpztKmYc78O9MIXq1/6
imphash 7dec55701c2e13edf19d56a39cee7be9
impfuzzy 48:Hn19dIcpVqzWs9xLzXtXkrtteEGzPpmKuFZ+jN3k:H1PIcpVqzW2x/XtX+tteEGTpmr/
  Network IP location

Signature (6cnts)

Level Description
danger File has been identified by 35 AntiVirus engines on VirusTotal as malicious
watch Communicates with host for which no DNS query was performed
notice Allocates read-write-execute memory (usually to unpack itself)
notice The binary likely contains encrypted or compressed data indicative of a packer
info One or more processes crashed
info This executable has a PDB path

Rules (6cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (1cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
185.215.113.66 Unknown 185.215.113.66 malware

Suricata ids

PE API

IAT(Import Address Table) Library

GDI32.dll
 0x485000 GetClipBox
USER32.dll
 0x485200 PostQuitMessage
KERNEL32.dll
 0x485008 CreateFileW
 0x48500c HeapSize
 0x485010 VirtualAlloc
 0x485014 WaitForSingleObject
 0x485018 GetModuleHandleA
 0x48501c FreeConsole
 0x485020 CreateThread
 0x485024 GetProcAddress
 0x485028 MultiByteToWideChar
 0x48502c FormatMessageA
 0x485030 GetStringTypeW
 0x485034 WideCharToMultiByte
 0x485038 GetCurrentThreadId
 0x48503c CloseHandle
 0x485040 WaitForSingleObjectEx
 0x485044 Sleep
 0x485048 SwitchToThread
 0x48504c GetExitCodeThread
 0x485050 GetNativeSystemInfo
 0x485054 EnterCriticalSection
 0x485058 LeaveCriticalSection
 0x48505c InitializeCriticalSectionEx
 0x485060 DeleteCriticalSection
 0x485064 EncodePointer
 0x485068 DecodePointer
 0x48506c LocalFree
 0x485070 GetLocaleInfoEx
 0x485074 LCMapStringEx
 0x485078 ReleaseSRWLockExclusive
 0x48507c AcquireSRWLockExclusive
 0x485080 TryAcquireSRWLockExclusive
 0x485084 WakeConditionVariable
 0x485088 WakeAllConditionVariable
 0x48508c SleepConditionVariableSRW
 0x485090 QueryPerformanceCounter
 0x485094 QueryPerformanceFrequency
 0x485098 SetFileInformationByHandle
 0x48509c GetTempPathW
 0x4850a0 InitOnceExecuteOnce
 0x4850a4 CreateEventExW
 0x4850a8 CreateSemaphoreExW
 0x4850ac FlushProcessWriteBuffers
 0x4850b0 GetCurrentProcessorNumber
 0x4850b4 GetSystemTimeAsFileTime
 0x4850b8 GetTickCount64
 0x4850bc FreeLibraryWhenCallbackReturns
 0x4850c0 CreateThreadpoolTimer
 0x4850c4 SetThreadpoolTimer
 0x4850c8 WaitForThreadpoolTimerCallbacks
 0x4850cc CloseThreadpoolTimer
 0x4850d0 CreateThreadpoolWait
 0x4850d4 SetThreadpoolWait
 0x4850d8 CloseThreadpoolWait
 0x4850dc GetModuleHandleW
 0x4850e0 GetFileInformationByHandleEx
 0x4850e4 CreateSymbolicLinkW
 0x4850e8 CompareStringEx
 0x4850ec GetCPInfo
 0x4850f0 IsProcessorFeaturePresent
 0x4850f4 UnhandledExceptionFilter
 0x4850f8 SetUnhandledExceptionFilter
 0x4850fc GetCurrentProcess
 0x485100 TerminateProcess
 0x485104 GetCurrentProcessId
 0x485108 InitializeSListHead
 0x48510c IsDebuggerPresent
 0x485110 GetStartupInfoW
 0x485114 GetProcessHeap
 0x485118 RaiseException
 0x48511c RtlUnwind
 0x485120 InterlockedPushEntrySList
 0x485124 InterlockedFlushSList
 0x485128 GetLastError
 0x48512c SetLastError
 0x485130 InitializeCriticalSectionAndSpinCount
 0x485134 TlsAlloc
 0x485138 TlsGetValue
 0x48513c TlsSetValue
 0x485140 TlsFree
 0x485144 FreeLibrary
 0x485148 LoadLibraryExW
 0x48514c ExitThread
 0x485150 ResumeThread
 0x485154 FreeLibraryAndExitThread
 0x485158 GetModuleHandleExW
 0x48515c GetStdHandle
 0x485160 WriteFile
 0x485164 GetModuleFileNameW
 0x485168 ExitProcess
 0x48516c HeapAlloc
 0x485170 HeapFree
 0x485174 GetCurrentThread
 0x485178 GetDateFormatW
 0x48517c GetTimeFormatW
 0x485180 CompareStringW
 0x485184 LCMapStringW
 0x485188 GetLocaleInfoW
 0x48518c IsValidLocale
 0x485190 GetUserDefaultLCID
 0x485194 EnumSystemLocalesW
 0x485198 SetConsoleCtrlHandler
 0x48519c GetFileType
 0x4851a0 FlushFileBuffers
 0x4851a4 GetConsoleOutputCP
 0x4851a8 GetConsoleMode
 0x4851ac ReadFile
 0x4851b0 GetFileSizeEx
 0x4851b4 SetFilePointerEx
 0x4851b8 ReadConsoleW
 0x4851bc HeapReAlloc
 0x4851c0 GetTimeZoneInformation
 0x4851c4 OutputDebugStringW
 0x4851c8 FindClose
 0x4851cc FindFirstFileExW
 0x4851d0 FindNextFileW
 0x4851d4 IsValidCodePage
 0x4851d8 GetACP
 0x4851dc GetOEMCP
 0x4851e0 GetCommandLineA
 0x4851e4 GetCommandLineW
 0x4851e8 GetEnvironmentStringsW
 0x4851ec FreeEnvironmentStringsW
 0x4851f0 SetEnvironmentVariableW
 0x4851f4 SetStdHandle
 0x4851f8 WriteConsoleW

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure