Report - Swift-Sleep-bypass.exe

Generic Malware PE File PE64

ScreenShot

Info
Location map


Created	2024.10.18 10:20	Machine	s1_win7_x6403
Filename	Swift-Sleep-bypass.exe
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
AI Score	6	Behavior Score	1.6
ZERO API	file : malware
VT API (file)	48 detected (AIDetectMalware, Havoc, Malicious, score, Havocp, S33863897, Havokiz, Marte, Unsafe, Veyl, confidence, Attribute, HighConfidence, Windows, Threat, CLOUD, AGEN, Siggen29, Static AI, Malicious PE, Detected, Eldorado, HackTool)
md5	7a8f8e764dc64d0ee5faed04014d1794
sha256	c1a79af2db1fd681a749a3c496c0d40b6f493b8cef94baefcfe7d3522eceedea
ssdeep	1536:4E+YqDg5t/yMYBYKDQ0H1xOksEQT4bpMBRVMAyXcFoFOZx:EFGt/yMTI91xOkKpMAyXzOZx
imphash
impfuzzy	3::

Network IP location

Signature (2cnts)

Level	Description
danger	File has been identified by 48 AntiVirus engines on VirusTotal as malicious
notice	Allocates read-write-execute memory (usually to unpack itself)

Rules (3cnts)

Level	Name	Description	Collection
warning	Generic_Malware_Zero	Generic Malware	binaries (upload)
info	IsPE64	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

Similarity measure (PE file only) - Checking for service failure