Swift-Stage1-Obfuscated.exe

First submission 2024-10-17 18:57:12

File details

File type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Mime type:	application/x-dosexec
File size:	15217.5 KB (15582720 bytes)
Compile time:	1970-01-01 01:00:00
MD5:	0444eb9fbbf0d5ee3718acafd88e0843
SHA1:	7f4d40eee7d5db0605333f5c903afc8f2a047fcc
SHA256:	a3ae935dad0de2657b032a70d1908f622b3cf54fc53f01a69d5f086e21ad4d9a
Import Hash :	f0ea7b7844bbc5bfa9bb32efdcea957c
Sections 6	.text .rdata .data .idata .reloc .symtab
Directories 2	import relocation

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URL	Host (FQDN/IP)	Date Added
hXXp://169.1.16.29/Swift-Stage1-Obfuscated.exe	169.1.16.29	2024-10-17 18:57:12

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x8fe1bd	9429504	a6aef5ba02b88f2edd2065efa5ca43cb393a34b3	b6ff551170c9ca58dbe02a0a00c05822
.rdata	0x900000	0x5757a8	5724160	1f6477003594089602260df5b78d72aedb04912b	900eb4de3614d9b7f5733990cb21f587
.data	0xe76000	0xaf350	266752	fc9170befded5e3a5072b94bfc6f19ab1c4248d3	9bd2164b0e9a92d58ffa4ff9acfde69e
.idata	0xf26000	0x490	1536	1ed92ae0156ad241d3f625445d7add19b78b918b	592c941162cda167dcc07dc0e8a0b394
.reloc	0xf27000	0x26a10	158720	855b73e0a1f695d98ab41b24f73eed0808a722b0	294c2c1226bd2ab8afd483fd9d114a3f
.symtab	0xf4e000	0x4	512	943ae54f4818e52409fbbaf60ffd71318d966b0d	07b5472d347d42780469fb2654b7fc54

http://invalidkpasswdlookup

kernel32.dll 40

Function	Address	Souspicious	Anti Debug
WriteFile	0x1276040
WriteConsoleW	0x1276048
WaitForMultipleObjects	0x1276050
WaitForSingleObject	0x1276058
VirtualQuery	0x1276060
VirtualFree	0x1276068
VirtualAlloc	0x1276070
TlsAlloc	0x1276078
SwitchToThread	0x1276080
SuspendThread	0x1276088
SetWaitableTimer	0x1276090
SetUnhandledExceptionFilter	0x1276098
SetProcessPriorityBoost	0x12760a0
SetEvent	0x12760a8
SetErrorMode	0x12760b0
SetConsoleCtrlHandler	0x12760b8
ResumeThread	0x12760c0
PostQueuedCompletionStatus	0x12760c8
LoadLibraryA	0x12760d0
LoadLibraryW	0x12760d8
SetThreadContext	0x12760e0
GetThreadContext	0x12760e8
GetSystemInfo	0x12760f0
GetSystemDirectoryA	0x12760f8
GetStdHandle	0x1276100
GetQueuedCompletionStatusEx	0x1276108
GetProcessAffinityMask	0x1276110
GetProcAddress	0x1276118
GetEnvironmentStringsW	0x1276120
GetConsoleMode	0x1276128
FreeEnvironmentStringsW	0x1276130
ExitProcess	0x1276138
DuplicateHandle	0x1276140
CreateWaitableTimerExW	0x1276148
CreateThread	0x1276150
CreateIoCompletionPort	0x1276158
CreateFileA	0x1276160
CreateEventA	0x1276168
CloseHandle	0x1276170
AddVectoredExceptionHandler	0x1276178

Name	Latest seen	MD5
test1.exe	2023-04-17 11:53:05	eae20dc5eacb216a11b23d6a8c0e33d7
torbrowser-install-win64-12.0.7_ALL.exe	2023-06-19 06:03:03	92c0b25164e3d01e24e33a18ec2c901c
BLONDE_BURN-OUT.exe	2024-05-30 14:49:03	9cfae68caf4b61735e80d67f0d40783a
BEWILDERED_PERFORMANCE.exe	2024-05-30 14:50:03	8a507369e99f1dfd5e592ef24ce405d7
PAYABLE_USER.exe	2024-05-30 14:51:03	ea33b7eb965d8b552a75349946963151
my.exe	2024-07-07 16:54:27	6470b936622d9502880cae6452d1bb48
EXACT_ITEM.exe	2024-07-08 20:46:09	9babf09115135e3726636ed32790bd36
999.html	2024-09-25 12:31:21	e0b11d0fba0e8c49d4f268e831bccc7a
WG.exe	2024-09-28 16:30:09	4af44ceaf166bd6c4f8c328ccc2263b7
MTLS.exe	2024-09-28 16:40:11	f34858ad51b208fba47332eebcfa2cd0
Doc.exe	2024-10-15 18:34:03	2746a7120bce30e9230a2e71a9ad909f
test	2024-10-06 13:12:29	b0ae4f9828164bfe4c0187529b8800cb
Swift-Beacon-Encrypted.exe	2024-10-17 18:58:07	f6c13f50e458190d3058984b766954dc