ScreenShot
| Created | 2024.10.18 10:01 | Machine | s1_win7_x6401 |
| Filename | Swift-Stage1-Obfuscated.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 51 detected (AIDetectMalware, Sliver, Malicious, score, Dump, Marte, Unsafe, HackTool, Implant, 64bit, uwccg, confidence, 100%, Attribute, HighConfidence, a variant of WinGo, MalwareX, MalGO, SuspGolang, CLASSIC, Tool, SBeacon, SILVER, SMYXCFWAZ, Static AI, Malicious PE, Detected, AGEN, WinGo, Shellcoderunner, Fflw) | ||
| md5 | 0444eb9fbbf0d5ee3718acafd88e0843 | ||
| sha256 | a3ae935dad0de2657b032a70d1908f622b3cf54fc53f01a69d5f086e21ad4d9a | ||
| ssdeep | 98304:c3UXpov5aERAzq5km7dLb5isMTLr85uuUfQOEXymdY+DiG:sUXpQn/iswLr859Ufs7MG | ||
| imphash | f0ea7b7844bbc5bfa9bb32efdcea957c | ||
| impfuzzy | 24:UbVjh9wO+VuT2oLtXOr6kwmDruMztxdEr6tP:GwO+VAXOmGx0oP | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Detects the presence of Wine emulator |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x1276040 WriteFile
0x1276048 WriteConsoleW
0x1276050 WaitForMultipleObjects
0x1276058 WaitForSingleObject
0x1276060 VirtualQuery
0x1276068 VirtualFree
0x1276070 VirtualAlloc
0x1276078 TlsAlloc
0x1276080 SwitchToThread
0x1276088 SuspendThread
0x1276090 SetWaitableTimer
0x1276098 SetUnhandledExceptionFilter
0x12760a0 SetProcessPriorityBoost
0x12760a8 SetEvent
0x12760b0 SetErrorMode
0x12760b8 SetConsoleCtrlHandler
0x12760c0 ResumeThread
0x12760c8 PostQueuedCompletionStatus
0x12760d0 LoadLibraryA
0x12760d8 LoadLibraryW
0x12760e0 SetThreadContext
0x12760e8 GetThreadContext
0x12760f0 GetSystemInfo
0x12760f8 GetSystemDirectoryA
0x1276100 GetStdHandle
0x1276108 GetQueuedCompletionStatusEx
0x1276110 GetProcessAffinityMask
0x1276118 GetProcAddress
0x1276120 GetEnvironmentStringsW
0x1276128 GetConsoleMode
0x1276130 FreeEnvironmentStringsW
0x1276138 ExitProcess
0x1276140 DuplicateHandle
0x1276148 CreateWaitableTimerExW
0x1276150 CreateThread
0x1276158 CreateIoCompletionPort
0x1276160 CreateFileA
0x1276168 CreateEventA
0x1276170 CloseHandle
0x1276178 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x1276040 WriteFile
0x1276048 WriteConsoleW
0x1276050 WaitForMultipleObjects
0x1276058 WaitForSingleObject
0x1276060 VirtualQuery
0x1276068 VirtualFree
0x1276070 VirtualAlloc
0x1276078 TlsAlloc
0x1276080 SwitchToThread
0x1276088 SuspendThread
0x1276090 SetWaitableTimer
0x1276098 SetUnhandledExceptionFilter
0x12760a0 SetProcessPriorityBoost
0x12760a8 SetEvent
0x12760b0 SetErrorMode
0x12760b8 SetConsoleCtrlHandler
0x12760c0 ResumeThread
0x12760c8 PostQueuedCompletionStatus
0x12760d0 LoadLibraryA
0x12760d8 LoadLibraryW
0x12760e0 SetThreadContext
0x12760e8 GetThreadContext
0x12760f0 GetSystemInfo
0x12760f8 GetSystemDirectoryA
0x1276100 GetStdHandle
0x1276108 GetQueuedCompletionStatusEx
0x1276110 GetProcessAffinityMask
0x1276118 GetProcAddress
0x1276120 GetEnvironmentStringsW
0x1276128 GetConsoleMode
0x1276130 FreeEnvironmentStringsW
0x1276138 ExitProcess
0x1276140 DuplicateHandle
0x1276148 CreateWaitableTimerExW
0x1276150 CreateThread
0x1276158 CreateIoCompletionPort
0x1276160 CreateFileA
0x1276168 CreateEventA
0x1276170 CloseHandle
0x1276178 AddVectoredExceptionHandler
EAT(Export Address Table) is none