ScreenShot
| Created | 2024.10.18 10:16 | Machine | s1_win7_x6401 |
| Filename | Swift-service-encrypted-obuscated.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 45 detected (AIDetectMalware, Havokiz, Malicious, score, Demon, S33863801, Marte, Havoc, V2a1, confidence, Attribute, HighConfidence, Windows, HackTool, aNXqsYGs0SG, AGEN, R002C0DJB24, Static AI, Malicious PE, Detected, GdSda) | ||
| md5 | 34aa449b4fb52742bc830e10b7efe47b | ||
| sha256 | a87ec35ffa4d698eddfe69cea22dccba56afe78fbd34529672d3eedc98b84350 | ||
| ssdeep | 1536:DvJpJxKKiqPCeSKgfQCYwTdeKihaXuxxOBxgbU7BSZXcDJnX2kd7:lE/eC/KgfQCDAhaXus+cDJX2kd7 | ||
| imphash | 1299062c7b29ddbc3d30daa2b2edea43 | ||
| impfuzzy | 12:omw5InE2RJRJJC5ARZqRVPXJHqV0MHdbg54GXKiEG6eGRwk6lTpJqhiZn:FwunE2fjxcVK0M9c54Gf6ZakoDqgZn | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x1400201a0 RegisterServiceCtrlHandlerA
0x1400201a8 SetServiceStatus
0x1400201b0 StartServiceCtrlDispatcherA
KERNEL32.dll
0x1400201c0 DeleteCriticalSection
0x1400201c8 EnterCriticalSection
0x1400201d0 GetLastError
0x1400201d8 GetStartupInfoA
0x1400201e0 InitializeCriticalSection
0x1400201e8 LeaveCriticalSection
0x1400201f0 SetUnhandledExceptionFilter
0x1400201f8 Sleep
0x140020200 TlsGetValue
0x140020208 VirtualProtect
0x140020210 VirtualQuery
msvcrt.dll
0x140020220 __C_specific_handler
0x140020228 __initenv
0x140020230 __iob_func
0x140020238 __getmainargs
0x140020240 __set_app_type
0x140020248 _acmdln
0x140020250 __setusermatherr
0x140020258 _amsg_exit
0x140020260 _cexit
0x140020268 _commode
0x140020270 _fmode
0x140020278 memcpy
0x140020280 _initterm
0x140020288 _onexit
0x140020290 abort
0x140020298 calloc
0x1400202a0 exit
0x1400202a8 fprintf
0x1400202b0 free
0x1400202b8 fwrite
0x1400202c0 malloc
0x1400202c8 signal
0x1400202d0 strlen
0x1400202d8 strncmp
0x1400202e0 vfprintf
EAT(Export Address Table) Library
ADVAPI32.dll
0x1400201a0 RegisterServiceCtrlHandlerA
0x1400201a8 SetServiceStatus
0x1400201b0 StartServiceCtrlDispatcherA
KERNEL32.dll
0x1400201c0 DeleteCriticalSection
0x1400201c8 EnterCriticalSection
0x1400201d0 GetLastError
0x1400201d8 GetStartupInfoA
0x1400201e0 InitializeCriticalSection
0x1400201e8 LeaveCriticalSection
0x1400201f0 SetUnhandledExceptionFilter
0x1400201f8 Sleep
0x140020200 TlsGetValue
0x140020208 VirtualProtect
0x140020210 VirtualQuery
msvcrt.dll
0x140020220 __C_specific_handler
0x140020228 __initenv
0x140020230 __iob_func
0x140020238 __getmainargs
0x140020240 __set_app_type
0x140020248 _acmdln
0x140020250 __setusermatherr
0x140020258 _amsg_exit
0x140020260 _cexit
0x140020268 _commode
0x140020270 _fmode
0x140020278 memcpy
0x140020280 _initterm
0x140020288 _onexit
0x140020290 abort
0x140020298 calloc
0x1400202a0 exit
0x1400202a8 fprintf
0x1400202b0 free
0x1400202b8 fwrite
0x1400202c0 malloc
0x1400202c8 signal
0x1400202d0 strlen
0x1400202d8 strncmp
0x1400202e0 vfprintf
EAT(Export Address Table) Library